创建Android服务，只能由特定的应用程序调用 [英] Create an android service which can be called only by certain apps

问题描述

设计就像是Android的主从应用程序。凡当跟随应用程序出现需要开始在主应用[不是主应用程序本身，没有任何活动只是服务]的服务。而从主服务得到结果。

我有这样的事情：

 ＆LT;！ -  Android电子供应商后端服务 - ＆GT;
＆LT;服务机器人：名字=com.abc.shop.ABCProductService机器人：出口=真正的＆GT;
        ＆所述;意图滤光器＆gt;
            ＆lt;作用机器人：名字=com.abc.shop.ABCProductService/＆GT;
        ＆所述; /意图滤光器＆gt;
＆LT; /服务＆GT;
 

现在我可以调用类似从跟随应用的活动中。

 意向意图=新意图（com.abc.shop.ABCProductService）;
this.startService（意向）;
 

在服务实现我回粘，这样的服务不被破坏。

  @覆盖
公众诠释onStartCommand（意向意图，诠释标志诠释startId）{
    .... //初始化一些东西
    返回START_STICKY;
}
 

我有两个问题在这里：

1. 该服务没有启动使用上述code。我敢肯定这件事，当我试图找到在运行服务的服务它不存在。




2. 我不希望任何其他应用能够调用该服务除了我跟随的应用程序，这将同一作者的签名。任何方式实现这一目标的安全/认证？

请原谅我的新手问题，我试图找到解决办法，但找不到任何好的解决办法。

谢谢
Varun的

解决方案

  

在哪里，当跟随应用程序出现需要开始在主应用服务[不是主应用程序本身，没有任何活动只是服务]

您不能没有它本身运行的应用程序的应用程序运行的服务。服务是一个应用程序的一部分，就像一个活动是一个应用程序的一部分。

  

现在我可以调用类似从跟随应用的活动中。

请注意，你开始的任何的服务，有一个＆LT;意向滤光器＆gt; 此操作字符串的这可能是也可能不是的您的服务

  

在服务实现我回粘，这样的服务不被破坏。

除非你是前pressly调用 stopService（）或 stopSelf（）的地方，你会不必要浪费用户的系统内存。 只有当它正在积极将价值传递给用户。

  

该服务没有启动使用上述code。

您将需要调试应用程序。检查LogCat中的消息。没有什么东西你已经张贴了什么明显的错误。我不会依靠一些正在运行的服务列表，但该服务，而无论是做什么是应该做的。

  

我不希望任何其他应用能够调用该服务除了我跟随的应用程序，这将同一作者的签名。任何方式实现这一目标的安全/认证？

主应用程序可以定义一个签名 -level ＆LT;许可＆GT; 并有一个 Android的：;服务＆gt;在该＆LT许可属性来与许可辩护。跟随应用程序将需要相应的＆LT;使用许可权＆GT; 元素，为你的状态，就必须由同一个签名密钥进行签名。注意，这样也有漏洞的，虽然<一个href=\"http://commonsware.com/blog/2014/08/04/custom-permission-vulnerability-l-developer-$p$pview.html\"相对=nofollow>在L开发preVIEW改变了游戏规则有点。

The design is like Master-follower app in android. Where when follower app comes up it needs to start a service in the Master app [Not the master app itself, no Activity just service]. And get results from the master service.

I have something like this :

<!-- Android provider backend service -->
<service android:name="com.abc.shop.ABCProductService" android:exported="true">
        <intent-filter>
            <action android:name="com.abc.shop.ABCProductService" />
        </intent-filter>
</service>

Now I can call something like from inside an Activity in the follower app.

Intent intent = new Intent("com.abc.shop.ABCProductService");
this.startService(intent);

In service implementation I return STICKY, so as the service is not destroyed.

@Override
public int onStartCommand(Intent intent, int flags, int startId) {
    ....//some init stuff
    return START_STICKY;
}

I have two questions here :

1. The service does not start using the above code. I am certain about it as when I try to find the service in the running service it is not there.

2. I do not want any other app to be able to call this service except my Follower app, which would be signed by the same author. Any way to achieve this security/authentication?

Forgive my novice question, I tried to find the solution but could find no good solution.

Thanks Varun

解决方案

Where when follower app comes up it needs to start a service in the Master app [Not the master app itself, no Activity just service]

You cannot have a service of an app run without the app itself running. A service is a part of an app, just as an activity is a part of an app.

Now I can call something like from inside an Activity in the follower app.

Note that you are starting any service that has an <intent-filter> for this action string, which may or may not be your service.

In service implementation I return STICKY, so as the service is not destroyed.

Unless you are expressly calling stopService() or stopSelf() somewhere, you will be wasting the user's system RAM needlessly. Only have your service running when it is actively delivering value to the user.

The service does not start using the above code.

You will need to debug your app. Check LogCat for messages. There's nothing obviously wrong from what you have posted. I would not rely upon some running-services list, but rather whether the service is doing what it is supposed to do.

I do not want any other app to be able to call this service except my Follower app, which would be signed by the same author. Any way to achieve this security/authentication?

The master app can define a signature-level <permission> and have an android:permission attribute on the <service> to defend it with that permission. The follower app would need the corresponding <uses-permission> element and, as you state, would have to be signed by the same signing key. Note that this too has vulnerabilities, though the "L" Developer Preview changes the game a bit.

这篇关于创建Android服务，只能由特定的应用程序调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！