[android-developers] Re: Can not access my own service
I've tested it with a system permission (android.permission.INTERNET) and it worked fine. But what is wrong with the permission definition : --- 8 --- 8 --- 8 --- permission android:protectionLevel=dangerous android:name=de. [...] . [...] .softwarepolicy.pdp.PDPManagement android:description=@string/pdpmanagement_permission_description/ permission --- 8 --- 8 --- 8 --- The three dots are not in the definition. parts of the right URL are just replaced. Am 28.08.2009 um 17:35 schrieb Roman ( T-Mobile USA): Only for testing purpose, instead of using your own created permission, use an already defined system permission and check whether your code works fine. If yes, you know that there are some problems with how you define and expose your own permission. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 3:29 am, Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de wrote: Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. I have a service and an activity in one package. The application has that special permission but I always get a security exception: I've tried the to following things: 1) put the check inside the onBind() method: @Override public IBinder onBind(Intent intent) { if(intent.getAction() != null intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } // return management binder return mManagementBinder; } if(_DEBUG) Log.d(TAG, onBind finished); // call was not local so return public binder return mBinder; } 2) ptu the check inside a method of the binder it self: private IServiceManagement.Stub mManagementBinder = new IServiceManagement.Stub() { public String[] getRoles() throws RemoteException { return PDPService.this.getRoles(); } public void updatePolicy(String policyuri) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } Uri uri = Uri.parse(policyuri); Service.this.updateFile(uri, Service.POLICY_FILE); } } both cases end with a security exception (the one I throw). The result of checkCallingPermission is always -1 (PackageManager.PERMISSION_DENIED). I have doublechecked that the name of the permission in code is the same as the one specified in the manifest file. What am I doing wrong? Thanks for help --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~--- smime.p7s Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
That is right that the service it self has the uses-permission tag in the AndroidManifest.xml file. But I don't call checkCallingOrSelfPermission. I call the checkCallingPermission and the result is PERMISSION_DENIED. Normaly I would let android check the permissions but I want to expose more than one interface for that service and each interface should be accessed with different permissions. Am 28.08.2009 um 20:58 schrieb Balwinder Kaur (T-Mobile USA): It seems like if you declare a uses-permission in your AndroidManifest.xml file and you call checkCallingOrSelfPermission method, it returns PERMISSION_GRANTED. I would be curious though to know if there is a more elegant way of doing this, or if this is the expected way. Balwinder Kaur Open Source Development Center ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 8:35 am, Roman ( T-Mobile USA) roman.baumgaert...@t- mobile.com wrote: Only for testing purpose, instead of using your own created permission, use an already defined system permission and check whether your code works fine. If yes, you know that there are some problems with how you define and expose your own permission. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 3:29 am, Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de wrote: Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. I have a service and an activity in one package. The application has that special permission but I always get a security exception: I've tried the to following things: 1) put the check inside the onBind() method: @Override public IBinder onBind(Intent intent) { if(intent.getAction() != null intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } // return management binder return mManagementBinder; } if(_DEBUG) Log.d(TAG, onBind finished); // call was not local so return public binder return mBinder; } 2) ptu the check inside a method of the binder it self: private IServiceManagement.Stub mManagementBinder = new IServiceManagement.Stub() { public String[] getRoles() throws RemoteException { return PDPService.this.getRoles(); } public void updatePolicy(String policyuri) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } Uri uri = Uri.parse(policyuri); Service.this.updateFile(uri, Service.POLICY_FILE); } } both cases end with a security exception (the one I throw). The result of checkCallingPermission is always -1 (PackageManager.PERMISSION_DENIED). I have doublechecked that the name of the permission in code is the same as the one specified in the manifest file. What am I doing wrong? Thanks for help --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~--- smime.p7s Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
Suddenly it works. The change is, that instead of hardcode the permissions name into the code, I used: Manifest.permission.MY_PERMISSIONS_NAME; Am 31.08.2009 um 11:41 schrieb Lutz Schönemann: I've tested it with a system permission (android.permission.INTERNET) and it worked fine. But what is wrong with the permission definition : --- 8 --- 8 --- 8 --- permission android:protectionLevel=dangerous android:name=de. [...] . [...] .softwarepolicy.pdp.PDPManagement android:description=@string/pdpmanagement_permission_description/ permission --- 8 --- 8 --- 8 --- The three dots are not in the definition. parts of the right URL are just replaced. Am 28.08.2009 um 17:35 schrieb Roman ( T-Mobile USA): Only for testing purpose, instead of using your own created permission, use an already defined system permission and check whether your code works fine. If yes, you know that there are some problems with how you define and expose your own permission. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 3:29 am, Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de wrote: Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. I have a service and an activity in one package. The application has that special permission but I always get a security exception: I've tried the to following things: 1) put the check inside the onBind() method: @Override public IBinder onBind(Intent intent) { if(intent.getAction() != null intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } // return management binder return mManagementBinder; } if(_DEBUG) Log.d(TAG, onBind finished); // call was not local so return public binder return mBinder; } 2) ptu the check inside a method of the binder it self: private IServiceManagement.Stub mManagementBinder = new IServiceManagement.Stub() { public String[] getRoles() throws RemoteException { return PDPService.this.getRoles(); } public void updatePolicy(String policyuri) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } Uri uri = Uri.parse(policyuri); Service.this.updateFile(uri, Service.POLICY_FILE); } } both cases end with a security exception (the one I throw). The result of checkCallingPermission is always -1 (PackageManager.PERMISSION_DENIED). I have doublechecked that the name of the permission in code is the same as the one specified in the manifest file. What am I doing wrong? Thanks for help --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~--- smime.p7s Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
2009/8/28 Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. Please note that you can't do this: the onBind() method is called only -once- for each interface you publish, NOT every time a client binds. To implement different permissions for different clients, you will need to have one top-level interface that all clients call bind to, and an API call there to retrieve the protected interface, allowing you to do the permission check at the point of that call. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Can not access my own service
Only for testing purpose, instead of using your own created permission, use an already defined system permission and check whether your code works fine. If yes, you know that there are some problems with how you define and expose your own permission. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 3:29 am, Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de wrote: Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. I have a service and an activity in one package. The application has that special permission but I always get a security exception: I've tried the to following things: 1) put the check inside the onBind() method: @Override public IBinder onBind(Intent intent) { if(intent.getAction() != null intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } // return management binder return mManagementBinder; } if(_DEBUG) Log.d(TAG, onBind finished); // call was not local so return public binder return mBinder; } 2) ptu the check inside a method of the binder it self: private IServiceManagement.Stub mManagementBinder = new IServiceManagement.Stub() { public String[] getRoles() throws RemoteException { return PDPService.this.getRoles(); } public void updatePolicy(String policyuri) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } Uri uri = Uri.parse(policyuri); Service.this.updateFile(uri, Service.POLICY_FILE); } } both cases end with a security exception (the one I throw). The result of checkCallingPermission is always -1 (PackageManager.PERMISSION_DENIED). I have doublechecked that the name of the permission in code is the same as the one specified in the manifest file. What am I doing wrong? Thanks for help --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Can not access my own service
It seems like if you declare a uses-permission in your AndroidManifest.xml file and you call checkCallingOrSelfPermission method, it returns PERMISSION_GRANTED. I would be curious though to know if there is a more elegant way of doing this, or if this is the expected way. Balwinder Kaur Open Source Development Center ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 8:35 am, Roman ( T-Mobile USA) roman.baumgaert...@t- mobile.com wrote: Only for testing purpose, instead of using your own created permission, use an already defined system permission and check whether your code works fine. If yes, you know that there are some problems with how you define and expose your own permission. -- Roman Baumgaertner Sr. SW Engineer-OSDC ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Aug 28, 3:29 am, Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de wrote: Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. I have a service and an activity in one package. The application has that special permission but I always get a security exception: I've tried the to following things: 1) put the check inside the onBind() method: @Override public IBinder onBind(Intent intent) { if(intent.getAction() != null intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } // return management binder return mManagementBinder; } if(_DEBUG) Log.d(TAG, onBind finished); // call was not local so return public binder return mBinder; } 2) ptu the check inside a method of the binder it self: private IServiceManagement.Stub mManagementBinder = new IServiceManagement.Stub() { public String[] getRoles() throws RemoteException { return PDPService.this.getRoles(); } public void updatePolicy(String policyuri) { // check permission if(checkCallingPermission(PERMISSION_MANAGEMENT) == PackageManager.PERMISSION_DENIED) { Log.d(TAG, Checked for permission: + PERMISSION_MANAGEMENT + \nresult: + checkCallingPermission(PERMISSION_MANAGEMENT)); throw new SecurityException(); } Uri uri = Uri.parse(policyuri); Service.this.updateFile(uri, Service.POLICY_FILE); } } both cases end with a security exception (the one I throw). The result of checkCallingPermission is always -1 (PackageManager.PERMISSION_DENIED). I have doublechecked that the name of the permission in code is the same as the one specified in the manifest file. What am I doing wrong? Thanks for help --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---