Different Android permissions levels

What is the difference betwee开发者_JAVA百科n asking for permission using <uses-permission>, and android:permission inside the application and activity tags?

When I only use:

 <uses-permission android:name="android.permission.WAKE_LOCK"></uses-permission>

The app runs fine, however if also I use:

<application android:icon="@drawable/icon" android:label="@string/app_name" android:debuggable="true" 
android:permission="android.permission.WAKE_LOCK">

or even:

<activity android:name=".android.Everlong"
          android:label="@string/app_name" android:screenOrientation="portrait" 
          android:permission="android.permission.WAKE_LOCK">

The app doesn't start because of a security error...

From the documentation:

android:permission

The name of a permission that clients must have to launch the activity or otherwise get it to respond to an intent. If a caller of startActivity() or startActivityForResult() has not been granted the specified permission, its intent will not be delivered to the activity. If this attribute is not set, the permission set by the element's permission attribute applies to the activity. If neither attribute is set, the activity is not protected by a permission. For more information on permissions, see the Permissions section in the introduction and another document, Security and Permissions.

uses-permission -- At install time (of your App) the user must accept this permission.

android:permission -- When another App wants to call your App, you can specify which permission they need to request (at install of the other App) to call you.

Basically, if another application wants to call YOUR Activity via an Intent, and you specify that you require a permission in this way, that App must have access to that permission. Otherwise, the Intent will be rejected by your App.

<uses-permission> as you mentioned is a 'request' to use a particular 'permission'. This alerts users installing your app that you want to gain access to certain parts of their device (such as a wake lock, access to the SD card, phone state etc). It also allows your app to access other apps (and their components) which require specific permissions.

When you use android:permission on various components of your app, it's dictating which permission(s) other 3rd party apps need to have in order to start your app components.

I did a little looking around, and here is the documentation for the permissions attribute inside the activity: http://developer.android.com/reference/android/R.styleable.html#AndroidManifestActivity_permission

This page: http://developer.android.com/guide/topics/security/security.html Also discusses some permissions and security in the manifest.