Android内容提供者-是否可以将提供者限制为非我编写的一组应用程序? [英] Android Content Providers - Is it possible to restrict the provider to a set of applications not written by me?
问题描述
在保护内容提供者安全时,我想知道在正常权限级别安全性和签名级别安全性之间是否存在一步.
When it comes to securing a content provider, I was wondering if there was a step between normal permission level security and signature level security.
我有一个使用提供程序的应用程序,我想将其提供给其他一组特定的应用程序.但是,这些其他选择的应用程序不会由我编写,因此使用签名级别权限是不够的,因为签名会有所不同.
I have an application using a provider that I would like to expose to a particular set of other applications. However, those select other apps will not be written by me, so using a signature level permission won't suffice since the signatures would be different.
此外,如果我对提供者使用普通权限,并且如果使用方应用程序不具有该权限并抛出SecurityException,则记录的异常会显示所需权限的名称,因此使用方应用程序可以简单地添加该权限清单并获得规避许可的权限.
Also, if I use a normal permission for the provider, and if the consuming application does not have that permission and throws a SecurityException, the logged exception says the name of the required permission, so the consuming app can simply add that permission to its Manifest and gain access to circumvent the permission.
是否有一种方法只能允许其他应用程序在运行时访问提供程序?
Is there a way I could only allow other applications access to the provider at runtime?
谢谢.
推荐答案
我不确定,但我认为您可以在ContentProvider中使用Binder.getCallingUid()函数.使用此方法,您可以检查正在调用的应用程序的Uid,并基于应用程序UID限制CP的使用.
I do not know precisely but I think that you can use Binder.getCallingUid() function in your ContentProvider. Using this method you can check the Uids of the calling applications and restrict the usage of your CP basing on application UID.
更新:在安装期间,Android操作系统会将UID分配给正在安装的应用程序.因此,不同设备上的UID可能不同.但是应用程序的软件包名称在所有设备上都相同.但是,如果我知道哪个程序包可以读取您的数据,我可以简单地对其进行欺骗.
Update: During the installation Android OS assigns UID to the installing application. So UIDs can be different on different devices. But the package name of the application is the same across all devices. But if I know which package can read your data I can simply spoof it.
这篇关于Android内容提供者-是否可以将提供者限制为非我编写的一组应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
