由上篇Android Permission权限机制引子，我们知道Android 通过在每台设备上实施了基于权限的安全策略来处理安全问题，采用权限来限制安装应用程序的能力。本篇文章继续来探讨和Android权限相关的话题，主要集中在权限级别、ICC(inter- component communication)权限保护两个方面。

权限级别 protection level

每一个Permission权限都设有了权限级别(protection level)，分别如下：
代码如下：

“normal”
The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).

normal级别是一些比较低风险的权限，我们在安装一个新app到手机时，一般会被折叠起来的权限就是normal级别的。
代码如下：

“dangerous”
A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.

dangerous则是那些比较高风险的权限，在安装时会明显提示用户该app具有这些权限，并且需要用户同意确认才能正确安装app的权限。
代码如下：

“signature”
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

signature则在我们用户自定义权限custom时，会用得到的，具体做法我会在另一篇博文：Android 自定义权限中具体研究的，这里简述之：

用户在某一个app(先称permisson app)中自定义了permission时，并且指定了某些组件需要该自定义权限才能打开，这是前提，然后用户又开发了另外一个app(称为permission client)，这个permission client如果想访问permisson app中指定了自定义权限的组件，那么这两个app必须具备相同的signature，这就是signature级别的意思。
代码如下：

“signatureOrSystem”
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

这个同上，但多了一个Or，or是指除了相同的signature之外还可以指定为相同的Android img也可以访问，这个img其实就是系统级别的定制了，一般用的很少。

ICC(inter-component communication)权限保护

<application>元素和组件元素都有android:permission的属性，在这里我们称这个属性分别为应用程序和组件的权限标签。应用程序内的组件可以继承应用程序元素设置的权限标签，当某一组件启动 ICC 时，相关的访问控制器就会查看组件和组件所在应用程序的权限标签集合，如目标组件的访问权限标签在以上的集合内，允许 ICC 的建立继续进行，否则将会被拒绝，即使这两个组件在同一应用程序内。

改图描述了该逻辑的进程:组件A是否可以访问组件B和C，取决于比较B和C内的访问权限标签与应用程序1内的标签集合的结果。B和应用程序1内都有i1标签，所以组件A可以访问组件B，相反应用程序1内没有标签i2，组件A 不可以访问组件B。