I needed to restrict access to SayHelloActivity of IntentSayHello apk. For
this i defined in its AndroidManifest.xml:
... ...
</application>
<permission
android:name="**intentsayhello.permission.SAYHELLO**"
android:protectionLevel="**signature**"
android:label="@string/permlbl_restricted"
android:description="@string/permdesc_restricted">
</permission>
</manifest>
and added attribute parameter for SayHelloActivity:
[Activity(Label = "SayHelloActivity", MainLauncher = true, Icon =
"@drawable/icon", Permission = "intentsayhello.permission.SAYHELLO")]
[IntentFilter(new string[] { "companyXYZ.intent.sayhello.MAIN" },Categories
= new string[]{Intent.CategoryDefault},
DataMimeType =
"vnd.companyXYZ.say.hello/vnd.companyXYZ.activity")]
public class SayHelloActivity : Activity
{
.....
.....
}
Now to allow a valid client say SameKeyHello apk, I signed it with the same
keystore (certificate) as of IntentSayHello apk. This i managed by adding
<PropertyGroup>
<AndroidKeyStore>True</AndroidKeyStore>
<AndroidSigningKeyStore>my.keystore</AndroidSigningKeyStore>
<AndroidSigningStorePass>companyxyz</AndroidSigningStorePass>
<AndroidSigningKeyAlias>myalias</AndroidSigningKeyAlias>
<AndroidSigningKeyPass>companyxyz</AndroidSigningKeyPass>
</PropertyGroup>
into the .csproj files of both files. And defined in its AssemblyInfo.cs
[assembly: UsesPermission(Android.Manifest.Permission.Internet)]
That is it and SameKeyHello invoked SayHelloActivity through an implicit
intent and got a response Hello! string.
To be double sure, i created a second client DiffKeyHello apk and it was
built and signed with the monodroid debug default keystore (didnt alter the
.csproj file). I added the same Permission string to its AssemblyInfo.cs as
i added to SameKeyHello apk. As expected when i tried to invoke
SayHelloActivity through an implicit intent i got:
***Permission Denial: starting Intent { act=companyXYZ.intent.sayhello.MAIN
typ=vnd.companyXYZ.say.hello/vnd.companyXYZ.activity
cmp=IntentSayHello.IntentSayHello/intentsayhello.SayHelloActivity }
from ProcessRecord{4094f850 9126:DiffKeyHello.DiffKeyHello/10097} (pid=9126,
uid=10097) requires intentsayhello.permission.SAYHELLO***
This is all fine. But then i with a different objective created a duplicate
project called IntentSayHello2 apk with the same activity name
SameKeyHelloActivity. This apk consists of the same permission string as
that of its original and same permission parameter string to its Activity
Attribute. This apk was signed with the default monodroid debug keystore.
After i install IntentSayHello2, whenever i try to invoke SayHelloActivity
through an implicit intent from either of the two clients SamekeyHello and
DiffKeyHello, i get a choice to choose between
IntentSayHello.SayHelloActivity and IntentSayHello2.SayHelloActivity. When i
choose any of them i get a response Hello! string.
This i feel is not correct since SameKeyHello has permission only to
IntentSayHello as it is signed with the same keystore and DiffKeyHello since
signed with a default keystore as IntentSayHello2 would be able to invoke
only that. But any of these two clients can get response from any of the two
server apks... Is this a bug in Android/Monodroid or a gap in my
implementation.
--
View this message in context:
http://mono-for-android.1047100.n5.nabble.com/Activity-Access-Restriction-in-Monodroid-and-a-possible-bug-tp5708695.html
Sent from the Mono for Android mailing list archive at Nabble.com.
_______________________________________________
Monodroid mailing list
Monodroid@lists.ximian.com
UNSUBSCRIBE INFORMATION:
http://lists.ximian.com/mailman/listinfo/monodroid
