On Jun 10, 7:44 pm, Gavin Bong <[EMAIL PROTECTED]> wrote: > > "Temporary package attribute assigning a signature to the package. This > > will be removed once real support for package signing is implemented. " > > So, I wouldn't count on that specific attribute being around. > Hmmm. That's the price I have to pay, playing with beta software.
This shouldn't be too much trouble. In our current builds, this attribute is gone, and the signature of the .apk is used instead. When you switch to that, you will be require to sign your apps anyway, so this will be part of the build process, and if you use the same private key for all of your apps (which we expect to be the typical scenario), then they will have the same signature and you won't need to do anything else except remove your android:signature attributes. > > same caller as a previous one. And, if you *are* passing some sort of > > caller token with each call, impersonation is merely a matter of > > intercepting and reusing said token. Even if you check the digital > > signature on each call, assuming the signature is of some packaging of > > the call's parameters, you are still subject to a replay attack. Now, > My idea here is to tie the pid of the calling process to the verified > digsig. > That way subsequent calls do not require re-verification. I suspect it > is quite hard to impersonate a pid! > I'm not sure it can be done in Linux e.g. ask the OS to run your > executable under a specific pid. I suspect NOT. I would suggest using the uid. A uid is assigned to an app when it is installed, either a new unique uid if it is not using android:sharedUserId, or a uid that is shared across the trusted apps if you are using android:sharedUserId. Due to shared user IDs, doing the check is a little tricky, since multiple packages can be associated with the same uid, but you can use this to find all of the packages assigned to a uid: http://code.google.com/android/reference/android/content/pm/PackageManager.html#getPackagesForUid(int) And this to check if a package has the same signature as another package: http://code.google.com/android/reference/android/content/pm/PackageManager.html#checkSignatures(java.lang.String,%20java.lang.String) And when a call is coming in to your service, you can use this API to get the uid of the caller: http://code.google.com/android/reference/android/os/Binder.html#getCallingUid() That said, you may want to wait on this aspect of your app, because when all of the signing stuff is in place in an upcoming SDK, you will have a lot more options that will probably make things much easier on you: - You can control whether each specific component in your app is private or public. A private component can only be accessed by your user id, so if you want to allow another app to access a service only if it is signed with your private key, you can make your service private, and use android:sharedUserId to make both of the .apks share the same user id. - You can define your own permissions which require that a package be signed with your same private key in order to be granted them. So you can define your own permission in the .apk holding the service, use android:permission on the service to say that someone must hold that permission to access the service, and then <uses-permission> in the client .apk to grant it that permission. One really nice thing about both of these approaches is that the signature/permission check is done once, when the client tries to access the service, so you don't need to check the permission for each incoming IPC. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
