How Android Broadcast and BroadcastReceiver are restricted
- 2021-11-24 02:54:09
- OfStack
In Android application development, the following two situations are sometimes encountered.
1. 1 Some sensitive broadcasts do not want to be received by third-party applications;
2. Restrict your Receiver from receiving a broadcast source to avoid being interfered by malicious broadcasts of the same ACTION.
In these scenarios, broadcast permission restrictions are needed.
Scenario 1: Who has the right to receive my radio?
In this case, you can add parameters to declare the permissions required by Receiver when you apply the broadcast yourself.
First, define the new permission RECV_XXX in Androidmanifest. xml, for example:
< permission android:name = "com.android.permission.RECV_XXX"/ >
This permission is then passed in as a parameter when Sender app sends the broadcast, as follows:
sendBroadcast("com.android.XXX_ACTION", "com.android.permission.RECV_XXX");
This allows only Receiver with RECV_XXX permission to receive this broadcast. To receive this broadcast, add the corresponding RECV_XXX permission to AndroidManifest.xml of Receiver application.
For example:
< uses-permission android:name="com.android.permission.RECV_XXX" > < /uses-permission >
Scenario 2: Who has the right to broadcast to me?
In this case, the Receiver app < receiver > The permissions that Sender app should have under Declaration 1 in tag.
First, define the new permission SEND_XXX in AndroidManifest. xml, as above, for example:
< permission android:name="com.android.SEND_XXX"/ >
Then, in Androidmanifest. xml of Receiver app < receiver > Add a declaration of permission SEND_XXX in tag, as follows:
<receiver android:name=".XXXReceiver"
android:permission="com.android.permission.SEND_XXX">
<intent-filter>
<action android:name="com.android.XXX_ACTION" />
</intent-filter>
</receiver>Thus, the Receiver can only receive broadcasts from applications having the SEND_XXX authority.
To send this broadcast, you need to declare this permission in AndroidManifest. xml of Sender app as well, as follows:
< uses-permission android:name="com.android.permission.SEND_XXX" > < /uses-permission >
In this way, it can be used to simply control the source and destination of broadcasting.
Similarly, access control for Activity and ContentProvider is similar.
Additional knowledge: Android sends broadcasts with limited rights and specifies recipients!
The practice code in this paper is in Android 7.1 on the system-level source code verification through.
1. First, the sender:
Define permissions in frameworks\ base\ core\ res\ AndroidManifest. xml
<protected-broadcast android:name="intent.action.LOW_MEMORY" />
<uses-permission android:name="com.softmanager.permission.send.SOFTMANAGER"/>
<permission android:name="com.softmanager.permission.send.SOFTMANAGER"
android:protectionLevel="signature|privileged"/>
Broadcast where the code requires it
Intent systemMgrIntent = new Intent();
systemMgrIntent.setAction("intent.action.LOW_MEMORY");
systemMgrIntent.addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES);
context.sendOrderedBroadcast(systemMgrIntent, "com.softmanager.permission.receiver.SOFTMANAGER");2. Then the recipient:
In the project's
Declaration of permissions in AndroidManifest. xml
<uses-permission android:name="com.softmanager.permission.receiver.SOFTMANAGER" />
<permission
android:name="com.gionee.softmanager.permission.receiver.SOFTMANAGER"
android:protectionLevel="normal" />
android:permission="com.softmanager.permission.send.SOFTMANAGER"To add permissions in Receiver. java
<receiver android:name=".Receiver"
android:permission="com.softmanager.permission.send.SOFTMANAGER"
android:exported="true">
<intent-filter>
<action android:name="intent.action.LOW_MEMORY"/>
</intent-filter>
</receiver>Finally, you can receive the broadcast in onReceiver ()