android 中如果我們想讓我們的activity或service限制別人的訪問，可以加上自定義許可權，只有加上我們定義的許可權才能訪問我們的元件，具體在我們應用中的AndroidManifest.xml
中新增

<permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL"               android:protectionLevel="signatureOrSystem" />

<uses-permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL"
 
 />

<service android:name="QcrilMsgTunnelService"
               android:exported="true"
               android:permission="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL" />          

如果其他應用需要訪問我們的service，就得需要配置

<uses-permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL"
 
 />

許可權，並且還需要將android:sharedUserId=”android.uid.system”
這裡需要提醒一下因為我們的自定義許可權中設定了protectionLevel=”signatureOrSystem” 所以這裡只有系統級別應用可以使用該許可權，其他都不可以。
protectionLevel 有幾個值，分別為”normal”，”dangerous”，”signature”，”signatureOrSystem”
官方給予的說明如下：

“normal”

The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user’s explicit approval (though the user always has the option to review these permissions before installing).

“dangerous”

A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.

“signature”

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user’s explicit approval.

“signatureOrSystem”

A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

英語好的，可以直接讀上面的文件，下面是我簡單的理解：

1. normal：這是最低風險的許可權，如果應用聲明瞭此許可權，也不會提示安裝應用的使用者授權（例如，如果聲明瞭定位許可權，則應用到定位功能時，會明確提示使用者，是否授予定位許可權，但是protectionLevel為normal的不會明確提示，直接預設授予），系統直接預設該應用有此許可權；

2. dangerous：這種級別的許可權風險更高，擁有此許可權可能會訪問使用者私人資料或者控制裝置，給使用者帶來負面影響，這種型別的許可權一般不會預設授權（但是我測了好多次，有時候還是會預設授權）；

3. signature：這種許可權級別，只有當發請求的應用和接收此請求的應用使用同一簽名檔案，並且聲明瞭該許可權才會授權，並且是預設授權，不會提示使用者授權

4. signatureOrSystem：這種許可權應該儘量避免使用，偏向系統級

對於normal或者dangerous級別的許可權，我們自己的應用需要去訪問其對應受保護的資源時只需要在androidManifest.xml中新增相同的uses-permission就行了。對於signature級別的除了宣告許可權，還要有相同的簽名。而對於signatureOrSystem，還需要sharedUserId=”android.uid.system” .