Security and Permissions安全与权限（五）

Enforcing Permissions in AndroidManifest.xml

High-level permissions restricting access to entire components of the system or application can be applied through your AndroidManifest.xml . All that this requires is including an android:permission attribute on the desired component, naming the permission that will be used to control access to it.

Activity permissions (applied to the <activity> tag) restrict who can start the associated activity. The permission is checked during Context.startActivity() and Activity.startActivityForResult() ; if the caller does not have the required permission then SecurityException is thrown from the call.

用于限制进入系统或应用程序的Components的高层permissions可以再AndroidManifest.xml中实现.所有这些都可以通过在相应的component中包含 android:permission 属性，命名该permission以使其被用以控制进入的权限。

Activity permissions 限制了谁才可以启动相应的activity. permission会在Context.startActivity() 和 Activity.startActivityForResult() 的时候进行检查。如果caller没有所需的权限，则会抛出一个SecurityException。

 

Service permissions (applied to the <service> tag) restrict who can start or bind to the associated service. The permission is checked during Context.startService() , Context.stopService() and Context.bindService() ; if the caller does not have the required permission then SecurityException is thrown from the call.

BroadcastReceiver permissions (applied to the <receiver> tag) restrict who can send broadcasts to the associated receiver. The permission is checked after Context.sendBroadcast() returns, as the system tries to deliver the submitted broadcast to the given receiver. As a result, a permission failure will not result in an exception being thrown back to the caller; it will just not deliver the intent. In the same way, a permission can be supplied to Context.registerReceiver() to control who can broadcast to a programmatically registered receiver. Going the other way, a permission can be supplied when calling Context.sendBroadcast() to restrict which BroadcastReceiver objects are allowed to receive the broadcast (see below).

Service permissions用于限制谁才可以start或bind该service。在Context.startService() , Context.stopService() 和 Context.bindService() 调用的时候会进行权限检查。如果caller没有所需的权限，则会抛出一个SecurityException。

BroadcastReceiver permissions用于限制谁才可以向该receiver发送广播。权限检查会在Context.sendBroadcast() 返回时进行，由系统去发送已经提交的广播给相应的Receiver。最终，一个permission failure不会再返回给Caller一个exception；它只是不会去deliver该Intent而已。同样地，Context.registerReceiver() 也可以有自己permission用于限制谁才可以向一个在程序中注册的receiver发送广播。另一种方式是，一个permission也可以提供给Context.sendBroadcast() 用以限制哪一个BroadcastReceiver才可以接收该广播。

 

ContentProvider permissions (applied to the <provider> tag) restrict who can access the data in a ContentProvider . (Content providers have an important additional security facility available to them called URI permissions which is described later.) Unlike the other components, there are two separate permission attributes you can set: android:readPermission restricts who can read from the provider, and android:writePermission restricts who can write to it. Note that if a provider is protected with both a read and write permission, holding only the write permission does not mean you can read from a provider. The permissions are checked when you first retrieve a provider (if you don't have either permission, a SecurityException will be thrown), and as you perform operations on the provider. Using ContentResolver.query() requires holding the read permission; using ContentResolver.insert() , ContentResolver.update() , ContentResolver.delete() requires the write permission. In all of these cases, not holding the required permission results in a SecurityException being thrown from the call.

ContentProvider permission用于限制谁才可以访问ContentProvider提供的数据。（Content providers有一套而外的安全机制叫做URI permissions，这些在稍后讨论）不同于其它的Components，这里有两种不同的permission属性可以设置: android:readPermission 用于限制谁可以读取provider中的数据，而 android:writePermission 用于限制谁才可以向provider中写入数据。需要注意的是如果provider既被read permis保护，也被write permission保护的话，如果这时只有write permission并不意味着你就可以读取provider中的数据了。当你第一次获取provider的时候就要进行权限检查（如果你没有任何permission，则会抛出SecurityException）, 并且这时你对provider执行了某些操作。当使用 ContentResolver.query() 时需要读权限，而当使用 ContentResolver.insert() , ContentResolver.update() , ContentResolver.delete() 时需要写权限。在所有这些情况下，没有所需的permission将会导致SecurityException 被抛出。