限制Android的广播接收器的具体应用 [英] Restricting Android Broadcast Receiver from specific app
问题描述
我有2个应用程序。
如果我使用的服务,我可以设置权限,以便只有 APP1
可以发送意图 APP2
:
定义权限在 APP2
(防护等级:签名
),并
使用 APP1
的权限。
服务于 APP2
是由许可保护。
这样一来,只有 APP1
可以在 APP2
发送意图服务,
并没有其他的应用程序(除非我的签名被泄露)可以发送意图
在服务 APP2
。
I have 2 applications.
If I use service, I can set permission so only app1
can send intent to app2
:
Define permission in app2
(protection level: signature
), and
use that permission in app1
.
Service in app2
is protected by that permission.
In this way, only app1
can send an intent to a service on app2
,
and no other app (unless my signature is leaked) can send intent to
service on app2
.
我可以做同样的广播接收器?
Can I do the same with Broadcast Receiver?
- APP1:sendBroadcast(意向,许可)
- APP2:定义权限,使用权限
据我了解,使用sendBroadcast(意向,许可),该
应用程序并不需要使用的权限。这意味着任何应用程序
可以发送意图 APP2
。这些权限参数只是针对检查
APP2
,以避免收到此意向的其他应用程序。
(如果我删除 APP2
,并安装假 APP2
用相同的许可权字符串
定义的,假的 APP2
可以从 APP1
得到的意图,这是出乎意料的)
To my understanding for using sendBroadcast(intent, permission), the
application doesn't need to "use" the permission. Meaning ANY application
can send intent to app2
. Those permission parameters only checked against
app2
, to avoid other applications to receive this intent.
(If I remove app2
, and install fake app2
with the same permission string
defined, fake app2
can get intent from app1
, which is unexpected)
顺便说一句,如果应用程序中定义的权限,并用它本身的 的ProtectionLevel(签名),似乎已经没有什么意义。这是真的吗?
BTW, If application define the permission and use it itself, the protectionLevel(signature) seems to have no meaning. Is this true?
现在,我可以设置其他权限:
Now, I can set additional permission:
- APP1:定义权限,使用权限
- APP2:接收器仅限于该权限
此外,如果一个会删除 APP1
,安装假 APP1
用同样的
权限,则假 APP1
可以发送伪造的意图 APP2
。
我能做些什么,以prevent APP2
自收到假的意图是什么?
Again, if one removes app1
, installs fake app1
with the very same
permission, then fake app1
can send fake intent to app2
.
What can I do to prevent app2
from receiving fake intent?
感谢
推荐答案
标签也可以定义什么权限的广播应该有,看到的http://developer.android.com/guide/topics/manifest/receiver-element.html#prmsn
The tag can also define what permission the broadcasters should have, see http://developer.android.com/guide/topics/manifest/receiver-element.html#prmsn
我意味着你可以通过编码这样的保护您的接收器免受未经授权的广播:
I means you can protected your receiver from unauthorized broadcasts by coding like this:
...
<permission android:name="com.yourapp.PERMISSION"
android:protectionLevel="signature"
android:label="@string/permission_label"
android:description="@string/permission_desc">
</permission>
...
<receiver android:name=".MyReceiver"
android:permission="com.yourapp.PERMISSION">
<intent-filter>
<action android:name="com.yourapp.ACTION" />
</intent-filter>
</receiver>
...
这篇关于限制Android的广播接收器的具体应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!