Android protectionLevel

Android protectionLevel分4个级别：

"normal"
"dangerous"
"signature"
"signatureOrSystem"

如果定义的是前面两种normal或者dangerous, 我们自己的应用需要去访问其对应受保护的资源时只需要在androidManifest.xml中添加相同的uses-permission就行了。 如果是signature, 我们仅仅添加对权限的使用还不行， 必须同时具有相同的签名。 如果是signatureOrSystem（这种权限的应用第三方的应用无法单独访问）, 不仅要有相同的签名，而且签名必须是系统签名，此外可能还需要android:sharedUserId="android.uid.system"。

PermissionInfo.java中定义

/**
     * A normal application value for {@link #protectionLevel}, corresponding
     * to the <code>normal</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_NORMAL = 0;

    /**
     * Dangerous value for {@link #protectionLevel}, corresponding
     * to the <code>dangerous</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_DANGEROUS = 1;

    /**
     * System-level value for {@link #protectionLevel}, corresponding
     * to the <code>signature</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_SIGNATURE = 2;

    /**
     * System-level value for {@link #protectionLevel}, corresponding
     * to the <code>signatureOrSystem</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_SIGNATURE_OR_SYSTEM = 3;

    /**
     * Additional flag for {@link #protectionLevel}, corresponding
     * to the <code>system</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_FLAG_SYSTEM = 0x10;

    /**
     * Additional flag for {@link #protectionLevel}, corresponding
     * to the <code>development</code> value of
     * {@link android.R.attr#protectionLevel}.
     */
    public static final int PROTECTION_FLAG_DEVELOPMENT = 0x20;

    /**
     * Mask for {@link #protectionLevel}: the basic protection type.
     */
    public static final int PROTECTION_MASK_BASE = 0xf;

    /**
     * Mask for {@link #protectionLevel}: additional flag bits.
     */
    public static final int PROTECTION_MASK_FLAGS = 0xf0;


/** @hide */
    public static int fixProtectionLevel(int level) {
        if (level == PROTECTION_SIGNATURE_OR_SYSTEM) {
            level = PROTECTION_SIGNATURE | PROTECTION_FLAG_SYSTEM;
        }
        return level;
    }

    /** @hide */
    public static String protectionToString(int level) {
        String protLevel = "????";
        switch (level&PROTECTION_MASK_BASE) {
            case PermissionInfo.PROTECTION_DANGEROUS:
                protLevel = "dangerous";
                break;
            case PermissionInfo.PROTECTION_NORMAL:
                protLevel = "normal";
                break;
            case PermissionInfo.PROTECTION_SIGNATURE:
                protLevel = "signature";
                break;
            case PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM:
                protLevel = "signatureOrSystem";
                break;
        }
        if ((level&PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) {
            protLevel += "|system";
        }
        if ((level&PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
            protLevel += "|development";
        }
        return protLevel;
    }

 于是protectionLevel 0 (NORMAL)、 1 (DANGEROUS)、2 (SIGNATURE)、18(signatureOrSystem，0x10 | 0x2)、50("signature|system|development"，0x10 | 0x20 | 0x2)--某些开发工具。用编码来获取可参考文章Android Permissions - Protection Levels。

系统定义的这些permission来自两处：framework/base/core/res/AndroidManifest.xml和framework/base/data/etc/platform.xml，前者最主要，如android-4.4.2_r2。

比较这些Android平台版本上系统权限的差异需要参考ApiLevels进行，如用Beyond Compare 3比较AndroidManifest.zip。在看不到Android源码的条件下，也可运行命令（虽然权限不全）：

adb shell pm list permissions -f