> If you want to do a point-of-call permission check before granting a > specific app access to protected parts of your service, you can make the > top-level interface a factory that the app then calls to receive their own > interface for talking with you.
I think this would be the ideal solution - and if I'd thought about these things from the start I think it's the way I'd go, but am now too late in the development cycle for it to be practical to re-work in this way. But certainly I'll use the factory method in the future I think. > At the point of that call (which is direct > from the app to the service), you can use Binder.getCallingUid() to find out > who is making the call. This is exactly how I'm now doing things - and causing a SecurityException if their credentials don't check out. It's clumsy though, with a checkAuthorized() call at the top of every exposed method. Definitely not my best bit of design, but it works. James -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
