Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
Halt2012-02-07 12:24:54
Android
Halt, 2012-02-07 12:24:54

Android - protectionLevel="signature" not working in case of service?

Hello! Today I ran into a strange problem, namely:

  • There is a service implemented as a separate application (package)
  • There is a client application that wants to use the service
  • There is a desire to protect all this from outsiders

That is, the service should be given only to its own, and strangers should not be allowed. The documentation says that this is done through permissions with the android:protectionLevel="signature" property. Try:
On the service side:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android=" schemas.android.com/apk/res/android "
package="com.example.service "
android:versionCode="1"
android:versionName="1.0" >
<uses-sdk android:minSdkVersion="8" />
<permission android:description="@string/permDesc"
android:icon="@drawable/ic_launcher
android:label= "
android:name="com.example.service.ACCESS_SERVICE"
android:protectionLevel="signature"/>
<application
android:icon="@drawable/ic_launcher"
android:label="@string/app_name">
<activity
android:name =".MainActivity"
android:label="@string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category .LAUNCHER" />
</intent-filter>
</activity>
<service android:enabled="true" android:name=".MyService" android:permission="com.example.service.ACCESS_SERVICE">
<intent-filter>
<action android:name="com.example.intent.action.CONNECT_SERVICE" />
</intent-filter>
</service>
</application>
</manifest>
Accordingly, on the client side, everything that what we need is to describe the declared permission:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android=" schemas.android.com/apk/res/android "
package="com.example .application" android:versionCode="1" android:versionName="1.0"
android:installLocation="internalOnly">
<uses-sdk android:minSdkVersion="3" />
<uses-permission android:name="com.example.service.ACCESS_SERVICE"/>
...
</manifest>
The system should detect that this permission requires matching signatures (and this is true if both the application and the service are from the same developer) and block access otherwise.
Unfortunately, this does not work in practice. The system checks that the application must explicitly request the permission via uses-permission, however, the application signature can be any . It does not affect access. What exactly is the problem.
PS: I actually checked the variant with two different signatures. They are really different, because the android swears if you try to reinstall the application with a different signature - a complete uninstallation is required. If the signatures were the same by mistake, then no such message would appear and the application would simply be updated.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
V
Vinni372017-08-15 16:23:59
How to change url in parent window? 1Reply
D
Dmitry Chizhov2015-08-22 19:55:20
Make chromecast from android tv? 2Reply
A
AndreyFr2015-08-23 01:41:54
Android than watch sections? 1Reply
M
Maxim_Q2019-12-29 00:59:23
How to install apk from multiple parts manually? 2Reply
W
Wolframius2017-07-30 17:36:32
What does an Android developer need to know? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question