[android-developers] Re: Can not access my own service
I've tested it with a system permission (android.permission.INTERNET)
and it worked fine. But what is wrong with the permission definition :
--- 8 --- 8 --- 8 ---
permission android:protectionLevel=dangerous android:name=de.
[...] . [...] .softwarepolicy.pdp.PDPManagement
android:description=@string/pdpmanagement_permission_description/
permission
--- 8 --- 8 --- 8 ---
The three dots are not in the definition. parts of the right URL are
just replaced.
Am 28.08.2009 um 17:35 schrieb Roman ( T-Mobile USA):
Only for testing purpose, instead of using your own created
permission, use an already defined system permission and check whether
your code works fine. If yes, you know that there are some problems
with how you define and expose your own permission.
--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 3:29 am, Lutz Schönemann
lutz.schoenem...@sit.fraunhofer.de wrote:
Hi, my current problem is to access my own service. The thing is I
have 2 interfaces for my service and want to restrict one of them to
applications that have a special permission.
I have a service and an activity in one package. The application has
that special permission but I always get a security exception:
I've tried the to following things:
1) put the check inside the onBind() method:
@Override
public IBinder onBind(Intent intent) {
if(intent.getAction() != null
intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission:
+ PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
// return management binder
return mManagementBinder;
}
if(_DEBUG) Log.d(TAG, onBind finished);
// call was not local so return public binder
return mBinder;
}
2) ptu the check inside a method of the binder it self:
private IServiceManagement.Stub mManagementBinder = new
IServiceManagement.Stub() {
public String[] getRoles() throws RemoteException {
return PDPService.this.getRoles();
}
public void updatePolicy(String policyuri) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission:
+ PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
Uri uri = Uri.parse(policyuri);
Service.this.updateFile(uri,
Service.POLICY_FILE);
}
}
both cases end with a security exception (the one I throw). The
result
of checkCallingPermission is always -1
(PackageManager.PERMISSION_DENIED). I have doublechecked that the
name
of the permission in code is the same as the one specified in the
manifest file.
What am I doing wrong?
Thanks for help
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---
smime.p7s
Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
That is right that the service it self has the uses-permission tag
in the AndroidManifest.xml file. But I don't call
checkCallingOrSelfPermission. I call the checkCallingPermission and
the result is PERMISSION_DENIED. Normaly I would let android check the
permissions but I want to expose more than one interface for that
service and each interface should be accessed with different
permissions.
Am 28.08.2009 um 20:58 schrieb Balwinder Kaur (T-Mobile USA):
It seems like if you declare a uses-permission in your
AndroidManifest.xml file and you call checkCallingOrSelfPermission
method, it returns PERMISSION_GRANTED. I would be curious though to
know if there is a more elegant way of doing this, or if this is the
expected way.
Balwinder Kaur
Open Source Development Center
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 8:35 am, Roman ( T-Mobile USA) roman.baumgaert...@t-
mobile.com wrote:
Only for testing purpose, instead of using your own created
permission, use an already defined system permission and check
whether
your code works fine. If yes, you know that there are some problems
with how you define and expose your own permission.
--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 3:29 am, Lutz Schönemann
lutz.schoenem...@sit.fraunhofer.de wrote:
Hi, my current problem is to access my own service. The thing is I
have 2 interfaces for my service and want to restrict one of them to
applications that have a special permission.
I have a service and an activity in one package. The application has
that special permission but I always get a security exception:
I've tried the to following things:
1) put the check inside the onBind() method:
@Override
public IBinder onBind(Intent intent) {
if(intent.getAction() != null
intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for
permission: + PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
// return management binder
return mManagementBinder;
}
if(_DEBUG) Log.d(TAG, onBind finished);
// call was not local so return public binder
return mBinder;
}
2) ptu the check inside a method of the binder it self:
private IServiceManagement.Stub mManagementBinder = new
IServiceManagement.Stub() {
public String[] getRoles() throws RemoteException {
return PDPService.this.getRoles();
}
public void updatePolicy(String policyuri) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for
permission: + PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
Uri uri = Uri.parse(policyuri);
Service.this.updateFile(uri,
Service.POLICY_FILE);
}
}
both cases end with a security exception (the one I throw). The
result
of checkCallingPermission is always -1
(PackageManager.PERMISSION_DENIED). I have doublechecked that the
name
of the permission in code is the same as the one specified in the
manifest file.
What am I doing wrong?
Thanks for help
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---
smime.p7s
Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
Suddenly it works. The change is, that instead of hardcode the
permissions name into the code, I used:
Manifest.permission.MY_PERMISSIONS_NAME;
Am 31.08.2009 um 11:41 schrieb Lutz Schönemann:
I've tested it with a system permission
(android.permission.INTERNET) and it worked fine. But what is wrong
with the permission definition :
--- 8 --- 8 --- 8 ---
permission android:protectionLevel=dangerous android:name=de.
[...] . [...] .softwarepolicy.pdp.PDPManagement
android:description=@string/pdpmanagement_permission_description/
permission
--- 8 --- 8 --- 8 ---
The three dots are not in the definition. parts of the right URL are
just replaced.
Am 28.08.2009 um 17:35 schrieb Roman ( T-Mobile USA):
Only for testing purpose, instead of using your own created
permission, use an already defined system permission and check
whether
your code works fine. If yes, you know that there are some problems
with how you define and expose your own permission.
--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 3:29 am, Lutz Schönemann
lutz.schoenem...@sit.fraunhofer.de wrote:
Hi, my current problem is to access my own service. The thing is I
have 2 interfaces for my service and want to restrict one of them to
applications that have a special permission.
I have a service and an activity in one package. The application has
that special permission but I always get a security exception:
I've tried the to following things:
1) put the check inside the onBind() method:
@Override
public IBinder onBind(Intent intent) {
if(intent.getAction() != null
intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission:
+ PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
// return management binder
return mManagementBinder;
}
if(_DEBUG) Log.d(TAG, onBind finished);
// call was not local so return public binder
return mBinder;
}
2) ptu the check inside a method of the binder it self:
private IServiceManagement.Stub mManagementBinder = new
IServiceManagement.Stub() {
public String[] getRoles() throws RemoteException {
return PDPService.this.getRoles();
}
public void updatePolicy(String policyuri) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission:
+ PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
Uri uri = Uri.parse(policyuri);
Service.this.updateFile(uri,
Service.POLICY_FILE);
}
}
both cases end with a security exception (the one I throw). The
result
of checkCallingPermission is always -1
(PackageManager.PERMISSION_DENIED). I have doublechecked that the
name
of the permission in code is the same as the one specified in the
manifest file.
What am I doing wrong?
Thanks for help
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---
smime.p7s
Description: S/MIME cryptographic signature
[android-developers] Re: Can not access my own service
2009/8/28 Lutz Schönemann lutz.schoenem...@sit.fraunhofer.de Hi, my current problem is to access my own service. The thing is I have 2 interfaces for my service and want to restrict one of them to applications that have a special permission. Please note that you can't do this: the onBind() method is called only -once- for each interface you publish, NOT every time a client binds. To implement different permissions for different clients, you will need to have one top-level interface that all clients call bind to, and an API call there to retrieve the protected interface, allowing you to do the permission check at the point of that call. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Can not access my own service
Only for testing purpose, instead of using your own created
permission, use an already defined system permission and check whether
your code works fine. If yes, you know that there are some problems
with how you define and expose your own permission.
--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 3:29 am, Lutz Schönemann
lutz.schoenem...@sit.fraunhofer.de wrote:
Hi, my current problem is to access my own service. The thing is I
have 2 interfaces for my service and want to restrict one of them to
applications that have a special permission.
I have a service and an activity in one package. The application has
that special permission but I always get a security exception:
I've tried the to following things:
1) put the check inside the onBind() method:
@Override
public IBinder onBind(Intent intent) {
if(intent.getAction() != null
intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission: +
PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
// return management binder
return mManagementBinder;
}
if(_DEBUG) Log.d(TAG, onBind finished);
// call was not local so return public binder
return mBinder;
}
2) ptu the check inside a method of the binder it self:
private IServiceManagement.Stub mManagementBinder = new
IServiceManagement.Stub() {
public String[] getRoles() throws RemoteException {
return PDPService.this.getRoles();
}
public void updatePolicy(String policyuri) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission: +
PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
Uri uri = Uri.parse(policyuri);
Service.this.updateFile(uri, Service.POLICY_FILE);
}
}
both cases end with a security exception (the one I throw). The result
of checkCallingPermission is always -1
(PackageManager.PERMISSION_DENIED). I have doublechecked that the name
of the permission in code is the same as the one specified in the
manifest file.
What am I doing wrong?
Thanks for help
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---
[android-developers] Re: Can not access my own service
It seems like if you declare a uses-permission in your
AndroidManifest.xml file and you call checkCallingOrSelfPermission
method, it returns PERMISSION_GRANTED. I would be curious though to
know if there is a more elegant way of doing this, or if this is the
expected way.
Balwinder Kaur
Open Source Development Center
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 8:35 am, Roman ( T-Mobile USA) roman.baumgaert...@t-
mobile.com wrote:
Only for testing purpose, instead of using your own created
permission, use an already defined system permission and check whether
your code works fine. If yes, you know that there are some problems
with how you define and expose your own permission.
--
Roman Baumgaertner
Sr. SW Engineer-OSDC
·T· · ·Mobile· stick together
The views, opinions and statements in this email are those of the
author solely in their individual capacity, and do not necessarily
represent those of T-Mobile USA, Inc.
On Aug 28, 3:29 am, Lutz Schönemann
lutz.schoenem...@sit.fraunhofer.de wrote:
Hi, my current problem is to access my own service. The thing is I
have 2 interfaces for my service and want to restrict one of them to
applications that have a special permission.
I have a service and an activity in one package. The application has
that special permission but I always get a security exception:
I've tried the to following things:
1) put the check inside the onBind() method:
@Override
public IBinder onBind(Intent intent) {
if(intent.getAction() != null
intent.getAction().equals(ACTION_SERVICE_MANAGEMENT)) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission: +
PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
// return management binder
return mManagementBinder;
}
if(_DEBUG) Log.d(TAG, onBind finished);
// call was not local so return public binder
return mBinder;
}
2) ptu the check inside a method of the binder it self:
private IServiceManagement.Stub mManagementBinder = new
IServiceManagement.Stub() {
public String[] getRoles() throws RemoteException {
return PDPService.this.getRoles();
}
public void updatePolicy(String policyuri) {
// check permission
if(checkCallingPermission(PERMISSION_MANAGEMENT) ==
PackageManager.PERMISSION_DENIED) {
Log.d(TAG, Checked for permission: +
PERMISSION_MANAGEMENT +
\nresult: + checkCallingPermission(PERMISSION_MANAGEMENT));
throw new SecurityException();
}
Uri uri = Uri.parse(policyuri);
Service.this.updateFile(uri, Service.POLICY_FILE);
}
}
both cases end with a security exception (the one I throw). The result
of checkCallingPermission is always -1
(PackageManager.PERMISSION_DENIED). I have doublechecked that the name
of the permission in code is the same as the one specified in the
manifest file.
What am I doing wrong?
Thanks for help
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---
