Android 应用无需设置权限即可通信
我的印象是两个应用程序被沙箱化并且无法相互调用(通过意图或内容解析器等),除非被调用者声明并强制执行特定权限并且调用者使用适当的使用权限元素?但是,我开发了两个应用程序,一个包含内容提供程序,另一个包含使用内容提供程序的活动。两者都没有声明强制执行或使用的权限。我将它们直接从 Eclipse 部署到我的手机上,并且它们能够互相使用。
我已经检查过它们确实作为单独的进程和用户 ID 运行,而且确实如此。为什么我没有看到安全异常?默认情况下,Linux 底层应该停止这种通信吗?它们将由默认的 DEBUG 证书进行签名。这是否赋予他们更多相互“交谈”的权利,即如果我使用明确的证书签名,沙箱会启动吗?
一旦我在内容提供商应用程序中声明并强制执行权限,其他应用程序就需要使用权限来允许通信。
干杯
I was under the impressions that two apps were sandboxed and unable to call each other (by intents or contentresolver etc) unless the callee declared and enforced specific permissions and the caller used appropriate uses-permission elements? However, I have developed two apps, one containing a content provider, and another with activities that use the content provider. Neither have permissions declared enforced or used. I deploy them directly from Eclipse to my phone and they are able to use each other.
I have checked that they really are running as separate processes and user ids, and they are. Why am I not seeing security exceptions? Should Linux underneath, by default, stop this communication? They will be signed by the default DEBUG certificate. Does this give them more rights to "talk" to each other, i.e. if I signed with an explicit certificate would the sandboxing kick in?
As soon as I declare and enforce a permission in the content provider app the other app does need the uses-permission to allow communication.
Cheers
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,如果您的应用程序具有相同的签名,那么它们就可以相互访问。类似于java中的包级别权限。
http://developer.android.com/guide/topics/security/security.html
Yes, if your apps have the same signature, then they have access to each other. It's similar to package level permissions in java.
http://developer.android.com/guide/topics/security/security.html