PackageManager 和 AndroidManifest.xml 报告不同的使用权限
一直在做一些 Android 权限研究,并遇到了一个应用程序 - 根据 AndroidManifest.xml 文件 - 仅将 WRITE_EXTERNAL_STORAGE 声明为权限。 Android Market 也只报告了这一点。使用 aapt 工具转储使用权限,它也只报告一个权限。
但是,在 Android 设备(或模拟器)上运行的代码中,执行以下操作:
PackageManager pm = getPackageManager();
List<PackageInfo> pkgList = pm.getInstalledPackages(PackageManager.GET_PERMISSIONS | PackageManager.GET_SIGNATURES);
...
PackageInfo p = pkgList.get(i); // where i is the index of the apk in question
String[] perms = p.requestedPermissions;
我获得此 APK 的 2 个权限,READ_PHONE_STATE 和清单中的一个权限,WRITE_EXTERNAL_STORAGE。查看“管理应用程序”屏幕并选择详细信息也会显示额外的 READ_PHONE_STATE 权限。
是否存在权限可以“隐含”的情况(在代码中,通过 功能使用等)在 Android 清单中不需要?或者换句话说,为什么 aapt 返回一组权限,而 getPackageManager().getPackageInfo() API 返回一组不同的权限?
编辑:
使用“更好”术语搜索发现了我正在寻找的答案: Android权限:电话通话:读取手机状态和身份
总之,使用早期版本的SDK编译的APK确实免费继承了一些权限...
Been doing some Android permission research and ran across an application that - according to the AndroidManifest.xml file - only declares WRITE_EXTERNAL_STORAGE as a permission. The Android Market only reports this as well. Using the aapt tool to dump the uses-permission it also only reports the one permission.
However, in code running on the Android device (or emulator), doing the following:
PackageManager pm = getPackageManager();
List<PackageInfo> pkgList = pm.getInstalledPackages(PackageManager.GET_PERMISSIONS | PackageManager.GET_SIGNATURES);
...
PackageInfo p = pkgList.get(i); // where i is the index of the apk in question
String[] perms = p.requestedPermissions;
I get 2 permissions for this APK, READ_PHONE_STATE and the one in the manifest, WRITE_EXTERNAL_STORAGE. Looking at the "Manage Apps" screen and selecting details for this also shows the additional READ_PHONE_STATE permission.
Are there cases where permissions can be/are 'implied' (in code, by feature use, etc) that would not be required in the Android Manifest? Or put another way, why does aapt return one set of permissions and the getPackageManager().getPackageInfo() API return a different set?
EDIT:
Searching with "more better" terms discovered the answer I was looking for: Android permissions: Phone Calls: read phone state and identity
In short, APKs compiled with earlier version of the SDK did inherit some permissions for free...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
据我所知,权限必须始终在清单中明确设置。
我认为您所看到的差异是由于权限的 protectionLevel 属性。任何设置为“正常”的权限都不需要用户确定,因此它们只会显示在“详细信息”部分中。
As far as I know permissions must always be explicitly set in the manifest.
The difference you are seeing I believe is due to the protectionLevel attribute on permissions. Any permissions that are set to "normal" are not required to be OK'd by the user so they just show up in the Details section.