Yes, I agree with you :) I was just noting that in my situation,
simply checking the permission won't do.
On Aug 19, 5:20 pm, Dianne Hackborn hack...@android.com wrote:
Then keep track of the uid that owns the data, and compare that with the uid
of incoming calls.
On Wed, Aug 19, 2009 at
As I said previously, I don't want another application to be able to
request access to data I'm storing for another application. Maybe I'm
misunderstanding permissions, but from what I know, permissions must
be declared in the AndroidManifest.xml file, so they cannot change,
which means I would
Then keep track of the uid that owns the data, and compare that with the uid
of incoming calls.
On Wed, Aug 19, 2009 at 4:13 PM, Jonathan Herriott herri...@gmail.comwrote:
As I said previously, I don't want another application to be able to
request access to data I'm storing for another
Jonathan Herriott wrote:
As I said previously, I don't want another application to be able to
request access to data I'm storing for another application.
Use an API key, like Web services use.
--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://twitter.com/commonsguy
Need help
COuld you maybe use
intent.getComponent() and then use the packageManager its
getReceiverInfo(componentName);
http://developer.android.com/reference/android/content/pm/PackageManager.html#getReceiverInfo(android.content.ComponentName,%20int)
Not sure if this is what you need, or if it is the
Jiri,
That won't work as the component you get is actually your component
(the one that received the intent) and not the calling component
according to the documentation.
I guess what I need to do is actually have the calling application
specify who they are (partial trust) and check the
There isn't any way to do this for a service, though you can find out the
calling intent for an activity when the caller is waiting for a result.
Most security is enforced in the system either by associating permissions
with components in the manifest, or checking the uid of incoming IPC calls
to
Hi Dianne,
Should I bother requesting this in b.android.com, since I would like
to sandbox data for each application that connects to my service. As
far as I can tell, there seems to be no way when receiving an intent
in onBind() that will inform me of the uid of the calling
application. Also,
You -can't- do this in onBind(), since for performance reasons the onBind()
is called only once for each intent, so we don't need to do multiple IPC
hops for each request (into the system and then into the service).
And if what you are interested in protecting is an interface returned by
Yeah, sorry, I just noticed the ability to get the Uid in
IBinder.Stub. I didn't realize this at first since my interface calls
functions on the Service, and I was checking the service for the
permissions.
*sigh*
On Aug 18, 12:53 pm, Dianne Hackborn hack...@android.com wrote:
You -can't- do
You get the uid of the caller with Binder.getCallingUid(). But usually you
just use the context API to check a specific permission against the current
calling uid.
On Tue, Aug 18, 2009 at 1:21 PM, Jonathan Herriott herri...@gmail.comwrote:
Yeah, sorry, I just noticed the ability to get the
Oh, I just realized also, in case anyone wants to know, you can
directly call Binder.getCallingUid(), and you can see examples in
android/packages/providers/DownloadProvider/src/com/android/providers/
downloads/DownloadProvider.java
On Aug 18, 1:21 pm, Jonathan Herriott herri...@gmail.com wrote:
12 matches
Mail list logo