实现在Android的服务与多个容许签名签名级别的安全性 [英] Implement signature-level security on Android services with more than one allowed signature
问题描述
我开发的,在其中包含了相当多的个人用户信息的那一刻的应用程序 - 比如Facebook联系人,等等...现在,我希望能够做的(和已经做的事情之一,相当有效)是打开应用程序第三方的应用程序,使用Android的内置的进程间通信协议(AIDL)的一部分。到目前为止好。
I'm developing on an application at the moment which contains quite a lot of personal user information - things like Facebook contacts, etc ... Now, one of the things I want to be able to do (and have done, quite effectively) is open up parts of the application to "3rd Party" applications, using Android's build-in inter-process communication protocol (AIDL). So far so good.
下面的渔获:因为我们参与处理相当多的个人信息,我们必须非常小心,谁可以或不可以访问;具体地讲,只有可信应用程序应该能够这样做。因此,自然的方式来做到这一点是使用自定义权限在AndroidManifest.xml文件中,我们申报的服务。我的问题是这样的:我希望能够制定签名级保护(类似于普通的签名权限级别),但有一点抓的:
Here's the catch: because we're involved in handling quite a lot of personal information, we have to be quite careful about who can and can't access it; specifically, only "Trusted" applications should be able to do so. So the natural way to do this is to use a custom permission within the AndroidManifest.xml file where we declare the services. My problem is this: I want to be able to enact signature-level protection (similar to the normal "signature" permission level), but with a bit of a catch:
我不知道的只有的希望与我们内部的签名进行签名的应用程序能够访问这些服务。我希望能够建立信任签名与功放的列表;在运行时(或者,如果有更好的方法,那么,以后还有机会?)可以对受信任密钥列表检查传入的请求。
I don't only want application signed with our internal signature to be able to access the services. I'd like to be able to build a list of "trusted signatures" & at runtime (or if there's a better way, then maybe some other time?) be able to check incoming requests against this list of trusted keys.
这将满足安全约束以同样的方式为正常的签名权限级别,我认为 - 可信键列表仅方案将能够访问该服务,并且按键都很难欺骗(如果可能的话在所有的)? - 但有一个额外的奖金,我们就不必每次登录应用程序利用这些API与我们的内部团队的关键
This would satisfy the security constraints in the same way as the normal "signature" permission level I think - only programs on the "trusted keys list" would be able to access the services, and keys are hard to spoof (if possible at all?) - but with the added bonus that we wouldn't have to sign every application making use of the APIs with our internal team's key.
目前在Android是这可能吗?如果是的话,有没有什么特别的要求吗?
Is this possible at the moment in Android? And if so, are there any special requirements?
感谢
推荐答案
我现在已经找到了这个问题的答案,但我会离开它为了任何人都希望在未来的。
I've now found the answer to this question, but I'll leave it for the sake of anyone looking in the future.
我开了一个讨论Android的安全性讨论,其中有人回答。链接:http://groups.google.com/group/android-security-discuss/browse_thread/thread/e01f63c2c024a767
I opened up a discussion on android-security-discuss where it was answered. Link: http://groups.google.com/group/android-security-discuss/browse_thread/thread/e01f63c2c024a767
简短的回答:
private boolean checkAuthorised(){
PackageManager pm = getPackageManager();
try {
for (Signature sig :
pm.getPackageInfo(pm.getNameForUid(getCallingUid()),
PackageManager.GET_SIGNATURES).signatures){
LogUtils.logD("Signature: " + sig.toCharsString());
if (Security.trustedSignatures.get(sig.toCharsString()) != null) {
return true;
}
}
} catch (NameNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
LogUtils.logD("Couldn't find signature in list of trusted keys! Possibilities:");
for(String sigString : Security.trustedSignatures.keySet()){
LogUtils.logD(sigString);
}
/* Crash the calling application if it doesn't catch */
throw new SecurityException();
}
在哪里Security.trustedSignatures是一个地图的形式是:
Where Security.trustedSignatures is a Map of the form:
Map<String,String>().put("public key","some description eg. name");
将这个方法中的任何正被调用的外部进程(即您的接口内)code。请注意,这会的没有的有你的RemoteService的onBind()方法中所期望的效果。
Put this method inside any code that is being called by the external process (ie. within your interface). Note that this will not have the desired effect inside the onBind() method of your RemoteService.
这篇关于实现在Android的服务与多个容许签名签名级别的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
