To summarize from this answer, and looking at the sources of UserHandle.java we see the meaning of the framework user id’s.
# | @UserIdInt | Value | Status | Description |
# | --------------------- | ------ | ---------- | ------------|
# | USER_OWNER | 0 | deprecated | "owner" user of the device
# | USER_SYSTEM | 0 | ok | "system" user of the device
# | USER_ALL | -1 | ok | ALL users on the device
| USER_CURRENT | -2 | ok | the currently active user
# | USER_CURRENT_OR_SELF | -3 | ok | id from which we would like to send to the current user
# | USER_NULL | -10000 | ok | An undefined user id
Then to understand what android:protectionLevel="signature" means, you’ll have to read the page about permission-element. Which is summarized in the table:
So what you need to do in your AndroidManifest.xml depend a lot on what API’s you need to support, as higher > 23 API’s also require a android:permissionGroup= definition, for non-normal (“dangerous”) permissions…
Also good to know (by @CommonsWare)
To be able to hold INTERACT_ACROSS_USERS, your app has to be signed by the firmware’s signing key or it has to be installed on the system partition.
To be able to hold INTERACT_ACROSS_USERS_FULL, your app has to be signed by the firmware’s signing key.