Binder接口调用的鉴权方法
综述
Binder鉴权的核心在于: 在Bn Service端获取接口调用者的信息,判断调用者是否满足权限条件。下面列举一个通过验证调用者证书的鉴权方法。
Coding
例子中包含一个Activity和一个Service,让它们分别运行在不同的进程中,AndroidManifest如下
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<service
android:name=".SystemService"
android:process=":SystemService"
android:enabled="true"
android:exported="true">
</service>然后声明一个aidl接口
// ISystemInterface.aidl
package com.wq.binderexample;
// Declare any non-default types here with import statements
interface ISystemInterface {
/**
* Demonstrates some basic types that you can use as parameters
* and return values in AIDL.
*/
//void basicTypes(int anInt, long aLong, boolean aBoolean, float aFloat,
// double aDouble, String aString);
String getWiFiSSID();
}实现一个Service,这个Service在onBind方法中,返回上面aidl接口的实现
public class SystemService extends Service {
private final String TAG = SystemService.class.getSimpleName();
private final String[] PermittedSignatures = {
"4LgyWU9gZ03bvH14X004K5fsVKqsJQAOj2lWmG5Fu64=",
};
private final ISystemInterface.Stub mInterface = new ISystemInterface.Stub() {
@Override
public String getWiFiSSID() throws SecurityException {
if (checkPermission()) {
return "hello";
} else {
throw new SecurityException("No Permission");
}
}
};
@Override
public IBinder onBind(Intent intent) {
Log.i(TAG, "onBind");
return mInterface;
}
}鉴权的核心在于checkPermission方法,如果鉴权通过则返回实际结果,如果鉴权失败则抛出异常。
boolean checkPermission() {
String callingApp = getBaseContext().getPackageManager().getNameForUid(Binder.getCallingUid());
Log.i(TAG, "calling app: " + callingApp);
try {
Signature[] sis = getApplicationSignature(callingApp);
final MessageDigest md = MessageDigest.getInstance("SHA256");
for (Signature si : sis) {
md.update(si.toByteArray());
final String siBase64 = new String(Base64.encode(md.digest(), Base64.DEFAULT));
Log.i(TAG,"Signature Base64: " + siBase64);
for (String permittedSignature : PermittedSignatures) {
Log.i(TAG, "permittedSignature: " + permittedSignature);
if (permittedSignature.equals(siBase64.trim())) {
return true;
}
}
}
} catch (java.security.NoSuchAlgorithmException e) {
Log.e(TAG, "No MessageDigest Algorithm", e);
return false;
} catch (PackageManager.NameNotFoundException e) {
Log.e(TAG, "Can not find specific information", e);
return false;
}
return false;
}
private Signature[] getApplicationSignature(String packageName) throws PackageManager.NameNotFoundException {
Signature[] sig;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
sig = getSignatureBySigningInfo(packageName);
} else {
sig = getRawSignature(packageName);
}
return sig;
}
private Signature[] getRawSignature(String packageName) throws PackageManager.NameNotFoundException {
if ((packageName == null) || (packageName.length() == 0)) {
Log.e(TAG, "package name is error!");
return null;
}
PackageManager pm = getBaseContext().getPackageManager();
PackageInfo pi;
pi = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
if (pi == null) {
Log.e(TAG, "Can not get package info, package name is: " + packageName);
return null;
}
return pi.signatures;
}
private Signature[] getSignatureBySigningInfo(String packageName) throws PackageManager.NameNotFoundException {
if ((packageName == null) || (packageName.length() == 0)) {
Log.e(TAG, "package name is error!");
return null;
}
PackageManager pm = getBaseContext().getPackageManager();
PackageInfo pi;
pi = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);
if (pi == null) {
Log.e(TAG, "Can not get package info, package name is: " + packageName);
return null;
}
return pi.signingInfo.getApkContentsSigners();
}checkPermission方法主要是通过获取调用者的UID,获取包信息中的签名,将签名sha256摘要后在转Base64字符串。通过对比这个字符串来判断调用者的签名是否符合要求。需要注意的是API 28以后GET_SIGNATURES方法被弃用,高版本需要通过GET_SIGNING_CERTIFICATES来获取apk签名。
简单看下调用端
public class MainActivity extends AppCompatActivity {
private final String TAG = MainActivity.class.getSimpleName();
/* protected by mLock */
private final Object mLock = new Object();
private static ISystemInterface mInterface;
private Context mContext = App.getContext();
private Button mButton;
private ServiceConnection mConn = new ServiceConnection() {
@Override
public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
Log.i(TAG, "System service has been connected!");
synchronized (mLock) {
mInterface = ISystemInterface.Stub.asInterface(iBinder);
mLock.notify();
}
try {
String ssid = mInterface.getWiFiSSID();
Log.i(TAG, "ssid = " + ssid);
} catch (RemoteException e) {
Log.e(TAG, "call interface error!", e);
} catch (SecurityException e) {
Log.e(TAG, "Can not call remote interface", e);
}
}
@Override
public void onServiceDisconnected(ComponentName componentName) {
synchronized (mLock) {
mInterface = null;
}
Log.i(TAG, "System service has exited!");
//rebind service
Intent intent = new Intent(mContext, SystemService.class);
mContext.bindService(intent, mConn, mContext.BIND_AUTO_CREATE);
}
};
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
mButton = (Button) findViewById(R.id.mButton);
mButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
Log.i(TAG, "Button click");
// binder service
synchronized (mLock) {
if (mInterface == null) {
//bind service
Log.i(TAG, "bind SystemService");
Intent intent = new Intent(mContext, SystemService.class);
mContext.bindService(intent, mConn, mContext.BIND_AUTO_CREATE);
}
}
}
});
}
}这里的例子就是在push button的时候去bind service,在bind成功的回调中去调用接口。
Last updated
Was this helpful?