最近在看framework 权限申明，遇到了android:protectionLevel

<permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW"

    android:protectionLevel="signature" />

如下，“signature” 还是比较好了解 ，系统签名，但是有些属性就不是很清楚，如instant、appop、vendorPrivileged 等 。网上也没有找到详细的说明。好吧。我在深入的了解下。

services/core/java/com/android/server/pm/permission/BasePermission.java

该类提供了一下方法去判断 是否是以上属性。但是什么情景对应什么还是未知。

终于找到带具体注释的了，如下

core/res/res/values/attrs_manifest.xml

<attr name="protectionLevel">

an application access to isolated application-level features, with minimal

risk to other applications, the system, or the user. The system

automatically grants this type of permission to a requesting application at

installation, without asking for the user's explicit approval (though the

user always has the option to review these permissions before installing). -->

    <flag name="normal" value="0" />

would give a requesting application access to private user data or

control over the device that can negatively impact the user.  Because

this type of permission introduces potential risk, the system may

not automatically grant it to the requesting application.  For example,

any dangerous permissions requested by an application may be displayed

to the user and require confirmation before proceeding, or some other

approach may be taken to avoid the user automatically allowing

the use of such facilities.  -->

    <flag name="dangerous" value="1" />

to grant only if the requesting application is signed with the same

certificate as the application that declared the permission. If the

certificates match, the system automatically grants the permission

without notifying the user or asking for the user's explicit approval. -->

    <flag name="signature" value="2" />

Base permission type: a permission that the system is to grant only

to packages in the Android system image or that are signed

with the same certificates. Please avoid using this option, as the

signature protection level should be sufficient for most needs and

works regardless of exactly where applications are installed.  This

permission is used for certain special situations where multiple

vendors have applications built in to a system image which need

to share specific features explicitly because they are being built

together. -->

    <flag name="signatureOrSystem" value="3" />

be granted to any applications installed as privileged apps on the system image.

Please avoid using this option, as the

signature protection level should be sufficient for most needs and

works regardless of exactly where applications are installed.  This

permission flag is used for certain special situations where multiple

vendors have applications built in to a system image which need

to share specific features explicitly because they are being built

together. -->

    <flag name="privileged" value="0x10" />

    <flag name="system" value="0x10" />

(optionally) be granted to development applications. -->

    <flag name="development" value="0x20" />

associated with an app op for controlling access. -->

    <flag name="appop" value="0x40" />

granted to apps that target API levels below

{@link android.os.Build.VERSION_CODES#M} (before runtime permissions

were introduced). -->

    <flag name="pre23" value="0x80" />

granted to system apps that install packages. -->

    <flag name="installer" value="0x100" />

granted to system apps that verify packages. -->

    <flag name="verifier" value="0x200" />

granted any application pre-installed on the system image (not just privileged

apps). -->

    <flag name="preinstalled" value="0x400" />

granted to the setup wizard app -->

    <flag name="setup" value="0x800" />

apps -->

    <flag name="instant" value="0x1000" />

that target runtime permissions ({@link android.os.Build.VERSION_CODES#M} and above)

-->

    <flag name="runtime" value="0x2000" />

if its protection level is signature, the requesting app resides on the OEM partition,

and the OEM has white-listed the app to receive this permission by the OEM.

-->

    <flag name="oem" value="0x4000" />

privileged apps in vendor partition. -->

    <flag name="vendorPrivileged" value="0x8000" />

granted to the system default text classifier -->

    <flag name="textClassifier" value="0x10000" />

wellbeing app, as defined by the OEM. -->

    <flag name="wellbeing" value="0x20000" />

granted to the document manager -->

    <flag name="documenter" value="0x40000" />

granted to device configurator -->

    <flag name="configurator" value="0x80000" />

that will approve the sharing of incident reports. -->

    <flag name="incidentReportApprover" value="0x100000" />

granted to the system app predictor -->

    <flag name="appPredictor" value="0x200000" />

</attr>