You -can't- do this in onBind(), since for performance reasons the onBind() is called only once for each intent, so we don't need to do multiple IPC hops for each request (into the system and then into the service).
And if what you are interested in protecting is an interface returned by onBind()... well then, you -have- an interface, which you can do all kinds of your own protecting by doing checks against incoming uids. For example, you could have 10 methods on the interface that use Context.checkCallingPermission() to allow access to each of them based on different permissions. Or you could have one method that services as a factory, returning another interface, and in the factory method you do your permission check which will thus provide full access to the secondary interface. For content provider, you can do uid checks in any of the incoming calls. You can also protected the provider in the manifest with different read and write permissions, and in Donut you will be able to specify other permissions in the manifest for specific paths. I don't think we need a feature request. :) On Tue, Aug 18, 2009 at 12:37 PM, Jonathan Herriott <[email protected]>wrote: > > Hi Dianne, > > Should I bother requesting this in b.android.com, since I would like > to sandbox data for each application that connects to my service. As > far as I can tell, there seems to be no way when receiving an intent > in onBind() that will inform me of the uid of the calling > application. Also, I would also like to be able to do the same thing > in a ContentProvider, but again, there seems to be no function to > obtain this information. > > Thanks, > Jonathan Herriott > > On Aug 18, 12:16 pm, Dianne Hackborn <[email protected]> wrote: > > There isn't any way to do this for a service, though you can find out the > > calling intent for an activity when the caller is waiting for a result. > > Most security is enforced in the system either by associating permissions > > with components in the manifest, or checking the uid of incoming IPC > calls > > to services and content providers. > > > > On Tue, Aug 18, 2009 at 11:03 AM, Jonathan Herriott <[email protected] > >wrote: > > > > > > > > > > > > > > > > > I was wondering if there is a way to determine who passed an intent to > > > my application. For example, I have a service, that I want to act > > > differently depending on who passed the intent (for security > > > reasons). I'm trying to sandbox each calling application, so they > > > only have access to their data stored in my application. > > > > > For it to be secure, I cannot trust any application to be truthful > > > about the identifying data it is passing into my service. Therefore, > > > I need some system way of identifying who sent the intent in a way > > > that the calling application cannot change that information. I don't > > > know if it is possible, but I can't find anything in the Intent class, > > > and I was wondering if there may be another structure which does what > > > I want it to. If it is not possible, I would like to get some type of > > > mechanism to do this in the roadmap. > > > > > Thanks, > > > Jonathan Herriott > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them. > > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
