1.通过命令查看应用权限:
adb shell dumpsys package "xxx.xxx.xxx" //如adb shell dumpsys package com.tencent.androidqqmail
重要的权限debug命令。得到的信息的具体解释见以下内容。
2.应用中权限的分类:
(1).自定义权限
Permissions:
Permission [com.android.launcher3.permission.READ_SETTINGS] (adf0ebe):
sourcePackage=com.android.launcher3
uid=10106 gids=null type=0 prot=signature|privileged
perm=Permission{c6b5b1f com.android.launcher3.permission.READ_SETTINGS}
packageSetting=PackageSetting{8736e6c com.android.launcher3/10106}
Permissions:
Permission [com.android.launcher3.permission.WRITE_SETTINGS] (8531c35):
sourcePackage=com.android.launcher3
uid=10106 gids=null type=0 prot=signature|privileged
perm=Permission{3f958ca com.android.launcher3.permission.WRITE_SETTINGS}
packageSetting=PackageSetting{8736e6c com.android.launcher3/10106}
(2).应用所有的权限列表
Packages:
Package [com.android.launcher3] (8736e6c):
userId=10106
pkg=Package{dbc3796 com.android.launcher3}
codePath=/system/product/priv-app/Launcher3QuickStep
resourcePath=/system/product/priv-app/Launcher3QuickStep
legacyNativeLibraryDir=/system/product/priv-app/Launcher3QuickStep/lib
primaryCpuAbi=null
secondaryCpuAbi=null
versionCode=29 minSdk=29 targetSdk=29
versionName=10
splits=[base]
apkSigningVersion=3
applicationInfo=ApplicationInfo{e2646b1 com.android.launcher3}
flags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ALLOW_BACKUP KILL_AFTER_RESTORE RESTORE_ANY_VERSION ]
privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE PARTIALLY_DIRECT_BOOT_AWARE PRIVILEGED PRODUCT ]
dataDir=/data/user/0/com.android.launcher3
supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]
timeStamp=2020-03-06 16:23:16
firstInstallTime=2020-03-06 16:23:16
lastUpdateTime=2020-03-06 16:23:16
signatures=PackageSignatures{6178f17 version:3, signatures:[b4addb29], past signatures:[]}
installPermissionsFixed=true
pkgFlags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ALLOW_BACKUP KILL_AFTER_RESTORE RESTORE_ANY_VERSION ]
declared permissions:
com.android.launcher3.permission.READ_SETTINGS: prot=signature|privileged, INSTALLED
com.android.launcher3.permission.WRITE_SETTINGS: prot=signature|privileged, INSTALLED
com.android.launcher.permission.INSTALL_SHORTCUT: prot=dangerous
requested permissions:
android.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.WRITE_OWNER_DATA
android.permission.WRITE_EXTERNAL_STORAGE: restricted=true
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE: restricted=true
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.GET_APP_GRANTED_URI_PERMISSIONS
android.permission.FORCE_PERSISTABLE_URI_PERMISSIONS
android.permission.READ_SMS: restricted=true
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.FORCE_STOP_PACKAGES
android.permission.VIBRATE
android.permission.READ_CALL_LOG: restricted=true
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_CALENDAR
android.permission.WRITE_CALENDAR
android.permission.CALL_PHONE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.BIND_APPWIDGET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.REQUEST_DELETE_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.READ_FRAME_BUFFER
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
install permissions:
com.android.launcher3.permission.READ_SETTINGS: granted=true
android.permission.SYSTEM_ALERT_WINDOW: granted=true
android.permission.CHANGE_NETWORK_STATE: granted=true
android.permission.FOREGROUND_SERVICE: granted=true
android.permission.RECEIVE_BOOT_COMPLETED: granted=true
com.android.launcher3.permission.WRITE_SETTINGS: granted=true
android.permission.INTERNET: granted=true
android.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS: granted=true
android.permission.BIND_APPWIDGET: granted=true
android.permission.PACKAGE_USAGE_STATS: granted=true
android.permission.MOUNT_UNMOUNT_FILESYSTEMS: granted=true
android.permission.FORCE_PERSISTABLE_URI_PERMISSIONS: granted=true
android.permission.ACCESS_NETWORK_STATE: granted=true
android.permission.SET_WALLPAPER: granted=true
android.permission.KILL_BACKGROUND_PROCESSES: granted=true
android.permission.REQUEST_DELETE_PACKAGES: granted=true
android.permission.SET_WALLPAPER_HINTS: granted=true
android.permission.FORCE_STOP_PACKAGES: granted=true
android.permission.VIBRATE: granted=true
android.permission.ACCESS_WIFI_STATE: granted=true
android.permission.REQUEST_INSTALL_PACKAGES: granted=true
android.permission.READ_FRAME_BUFFER: granted=true
android.permission.GET_APP_GRANTED_URI_PERMISSIONS: granted=true
android.permission.WAKE_LOCK: granted=true
User 0: ceDataInode=4456624 installed=true hidden=false suspended=false stopped=false notLaunched=false enabled=0 instant=false virtual=false
gids=[3003]
runtime permissions:
android.permission.READ_SMS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.READ_CALENDAR: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.READ_CALL_LOG: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.ACCESS_FINE_LOCATION: granted=true, flags=[ GRANTED_BY_DEFAULT]
android.permission.READ_EXTERNAL_STORAGE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.ACCESS_COARSE_LOCATION: granted=true, flags=[ GRANTED_BY_DEFAULT]
android.permission.READ_PHONE_STATE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.CALL_PHONE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.WRITE_CALENDAR: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.WRITE_EXTERNAL_STORAGE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
3.应用中权限分类
(1).declared permissions :自定义权限
作用:与其他应用分享自己的资源和功能.
By defining custom permissions, an app can share its resources and capabilities with other apps.
为了创建自定义权限,你需要在你应用的AndroidManifest.xml里用一个或多个<permission>来声明。
比如说,一个应用想控制启动它的activity对象,那么可以像下面一个声明一个自定义权限:
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.myapp" >
<permission
android:name="com.example.myapp.permission.DEADLY_ACTIVITY"
android:label="@string/permlab_deadlyActivity"
android:description="@string/permdesc_deadlyActivity"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous" />
...
</manifest>protectionLevel:这个属性是必须的,告知系统权限的等级,有如下几种等级:normal,dangerous,signature,signatureOrSystem。
permissionGroup:这个属性是可选的,只被用来帮助系统呈现权限给用户。
在大多数情况,你应该将其设置为一个标准的系统权限组(在android.Manifest.permission_group中列出的).
虽然你可以自己定义一个权限组,但是我们更建议使用存在的权限组,因为可以简化呈现给用户的UI。
label和description:你需要为自定义权限提供label和description。
这些都是用户可以看到的字符串资源,label对应于标签,description对应于权限细节。
label建议写的短一些,而description建议为几句话描述一下权限允许持有者可以做什么。
我们推荐两段式描述,第一句描述一下权限,第二句描述一下如果应用获取了对应权限会有什么风险。
"normal"
The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user.
The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).
"dangerous"
A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user.
Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application.
For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.
"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission.
If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission.
Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed.
The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
(2).requested permissions :请求权限
是应用所需权限的集合,包含其他权限:declared permissions ,install permissions ,runtime permissions.
(3).install permissions :安装权限
Android 6.0之前的manifest里包含的所有权限声明都可以当做install permissions。
Android 6.0及以后的版本manifest里除了dangerous permissions即runtime permissions外则都属于install permissions。
安装时权限(Android 5.1 及更低版本):用户在安装或更新应用时,向应用授予危险权限。OEM/运营商可以在不通知用户的情况下,预先安装具有预授权的应用。
(4).runtime permissions : 运行时权限
运行时权限(Android 6.0 及更高版本):用户在应用运行时向应用授予危险权限。
应用决定何时申请权限(例如,在应用启动或用户访问特定功能时申请权限)。但必须允许用户授予/拒绝授予应用访问特定权限组的权限。
4.用户可以在"Settings"->"Apps & notification"->"App info"->"Permissions"中查看具体应用的权限。
也可以在"Settings"->"Apps & notification"->"Permission manager"中查看所有权限情况。
5.查看data/system/packages.xml中的权限情况
如:查看packages.xml中packageinstaller的权限信息:
<package name="com.android.packageinstaller" codePath="/system/priv-app/PackageInstaller" nativeLibraryPath="/system/priv-app/PackageInstaller/lib" publicFlags="810040901" privateFlags="8" ft="11e8f7d4c00" it="11e8f7d4c00" ut="11e8f7d4c00" version="29" userId="10049" isOrphaned="true">
<sigs count="1" schemeVersion="3">
<cert index="1" />
</sigs>
<perms>
<item name="android.permission.USE_RESERVED_DISK" granted="true" flags="0" />
<item name="android.permission.INSTALL_PACKAGES" granted="true" flags="0" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" granted="true" flags="0" />
<item name="android.permission.INTERACT_ACROSS_USERS_FULL" granted="true" flags="0" />
<item name="android.permission.PACKAGE_USAGE_STATS" granted="true" flags="0" />
<item name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME" granted="true" flags="0" />
<item name="android.permission.READ_INSTALL_SESSIONS" granted="true" flags="0" />
<item name="android.permission.MANAGE_USERS" granted="true" flags="0" />
<item name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS" granted="true" flags="0" />
<item name="android.permission.MANAGE_APP_OPS_MODES" granted="true" flags="0" />
<item name="android.permission.UPDATE_APP_OPS_STATS" granted="true" flags="0" />
<item name="android.permission.DELETE_PACKAGES" granted="true" flags="0" />
</perms>
<proper-signing-keyset identifier="1" />
</package>