他のアプリケーションが自分のコンポーネントにアクセスできない


他のプログラムが自分のコンポーネントを呼び出すことを禁止するにはAndroidManifest.xmlファイルに対応するコンポーネントが追加されました
android:exported="false"
できます.
他のプログラムが呼び出すとjavaが爆発する.lang.SecurityException: Permission Denial: **** not exported from uid ****
もちろん、ソースコードを表示することで、任意の検査権限の操作はシステムサービスやrootユーザーを遮断し、これらの権限を持つアプリケーションは任意に呼び出すことができるので、権限が高いのが王道ですね.
activityを起動する権限チェックの例を挙げます.
ActivityManagerServiceでのcheckComponentPermission
 /**
     * This can be called with or without the global lock held.
     */
    int checkComponentPermission(String permission, int pid, int uid,
            int owningUid, boolean exported) {
        // We might be performing an operation on behalf of an indirect binder
        // invocation, e.g. via {@link #openContentUri}.  Check and adjust the
        // client identity accordingly before proceeding.
        Identity tlsIdentity = sCallerIdentity.get();
        if (tlsIdentity != null) {
            Slog.d(TAG, "checkComponentPermission() adjusting {pid,uid} to {"
                    + tlsIdentity.pid + "," + tlsIdentity.uid + "}");
            uid = tlsIdentity.uid;
            pid = tlsIdentity.pid;
        }

        // Root, system server and our own process get to do everything.
        if (uid == 0 || uid == Process.SYSTEM_UID || pid == MY_PID) {
            return PackageManager.PERMISSION_GRANTED;
        }
        // If there is a uid that owns whatever is being accessed, it has
        // blanket access to it regardless of the permissions it requires.
        if (owningUid >= 0 && uid == owningUid) {
            return PackageManager.PERMISSION_GRANTED;
        }
        // If the target is not exported, then nobody else can get to it.
        if (!exported) {
            Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid);
            return PackageManager.PERMISSION_DENIED;
        }
        if (permission == null) {
            return PackageManager.PERMISSION_GRANTED;
        }
        try {
            return AppGlobals.getPackageManager()
                    .checkUidPermission(permission, uid);
        } catch (RemoteException e) {
            // Should never happen, but if it does... deny!
            Slog.e(TAG, "PackageManager is dead?!?", e);
        }
        return PackageManager.PERMISSION_DENIED;
    }

わかりました