Then keep track of the uid that owns the data, and compare that with the uid of incoming calls.
On Wed, Aug 19, 2009 at 4:13 PM, Jonathan Herriott <[email protected]>wrote: > > As I said previously, I don't want another application to be able to > request access to data I'm storing for another application. Maybe I'm > misunderstanding permissions, but from what I know, permissions must > be declared in the AndroidManifest.xml file, so they cannot change, > which means I would have to declare a permission for every > application, and I don't necessarily know what applications will be > connecting to mine. > > On Aug 18, 2:11 pm, Dianne Hackborn <[email protected]> wrote: > > You get the uid of the caller with Binder.getCallingUid(). But usually > you > > just use the context API to check a specific permission against the > current > > calling uid. > > > > On Tue, Aug 18, 2009 at 1:21 PM, Jonathan Herriott <[email protected] > >wrote: > > > > > > > > > > > > > > > > > Yeah, sorry, I just noticed the ability to get the Uid in > > > IBinder.Stub. I didn't realize this at first since my interface calls > > > functions on the Service, and I was checking the service for the > > > permissions. > > > > > *sigh* > > > > > On Aug 18, 12:53 pm, Dianne Hackborn <[email protected]> wrote: > > > > You -can't- do this in onBind(), since for performance reasons the > > > onBind() > > > > is called only once for each intent, so we don't need to do multiple > IPC > > > > hops for each request (into the system and then into the service). > > > > > > And if what you are interested in protecting is an interface returned > by > > > > onBind()... well then, you -have- an interface, which you can do all > > > kinds > > > > of your own protecting by doing checks against incoming uids. For > > > example, > > > > you could have 10 methods on the interface that use > > > > Context.checkCallingPermission() to allow access to each of them > based on > > > > different permissions. Or you could have one method that services as > a > > > > factory, returning another interface, and in the factory method you > do > > > your > > > > permission check which will thus provide full access to the secondary > > > > interface. > > > > > > For content provider, you can do uid checks in any of the incoming > calls. > > > > You can also protected the provider in the manifest with different > read > > > and > > > > write permissions, and in Donut you will be able to specify other > > > > permissions in the manifest for specific paths. > > > > > > I don't think we need a feature request. :) > > > > > > On Tue, Aug 18, 2009 at 12:37 PM, Jonathan Herriott < > [email protected] > > > >wrote: > > > > > > > Hi Dianne, > > > > > > > Should I bother requesting this in b.android.com, since I would > like > > > > > to sandbox data for each application that connects to my service. > As > > > > > far as I can tell, there seems to be no way when receiving an > intent > > > > > in onBind() that will inform me of the uid of the calling > > > > > application. Also, I would also like to be able to do the same > thing > > > > > in a ContentProvider, but again, there seems to be no function to > > > > > obtain this information. > > > > > > > Thanks, > > > > > Jonathan Herriott > > > > > > > On Aug 18, 12:16 pm, Dianne Hackborn <[email protected]> wrote: > > > > > > There isn't any way to do this for a service, though you can find > out > > > the > > > > > > calling intent for an activity when the caller is waiting for a > > > result. > > > > > > Most security is enforced in the system either by associating > > > permissions > > > > > > with components in the manifest, or checking the uid of incoming > IPC > > > > > calls > > > > > > to services and content providers. > > > > > > > > On Tue, Aug 18, 2009 at 11:03 AM, Jonathan Herriott < > > > [email protected] > > > > > >wrote: > > > > > > > > > I was wondering if there is a way to determine who passed an > intent > > > to > > > > > > > my application. For example, I have a service, that I want to > act > > > > > > > differently depending on who passed the intent (for security > > > > > > > reasons). I'm trying to sandbox each calling application, so > they > > > > > > > only have access to their data stored in my application. > > > > > > > > > For it to be secure, I cannot trust any application to be > truthful > > > > > > > about the identifying data it is passing into my service. > > > Therefore, > > > > > > > I need some system way of identifying who sent the intent in a > way > > > > > > > that the calling application cannot change that information. I > > > don't > > > > > > > know if it is possible, but I can't find anything in the Intent > > > class, > > > > > > > and I was wondering if there may be another structure which > does > > > what > > > > > > > I want it to. If it is not possible, I would like to get some > type > > > of > > > > > > > mechanism to do this in the roadmap. > > > > > > > > > Thanks, > > > > > > > Jonathan Herriott > > > > > > > > -- > > > > > > Dianne Hackborn > > > > > > Android framework engineer > > > > > > [email protected] > > > > > > > > Note: please don't send private questions to me, as I don't have > time > > > to > > > > > > provide private support, and so won't reply to such e-mails. All > > > such > > > > > > questions should be posted on public forums, where I and others > can > > > see > > > > > and > > > > > > answer them. > > > > > > -- > > > > Dianne Hackborn > > > > Android framework engineer > > > > [email protected] > > > > > > Note: please don't send private questions to me, as I don't have time > to > > > > provide private support, and so won't reply to such e-mails. All > such > > > > questions should be posted on public forums, where I and others can > see > > > and > > > > answer them. > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them. > > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
