一、注意事项

1、定义一个内部签名权限来接收广播。

2、定义使用内部签名的许可来接收结果。

3、定义exported属性为true。

4、使用静态Broadcat Receiver请求一个内部签名许可。

5、请求内部签名许可来注册Dynamic Broadcast Receiver。

6、验证内部签名许可的正确性。

7、处理收到的intent，验证其正确性。

8、敏感信息可以在内部应用中返回。

9、当导出apk的时候，用相同的developer key进行签名。

二、原代码示例

1.InhouseReceiver.java

package org.jssec.android.broadcast.inhousereceiver;@b@ @b@import org.jssec.android.shared.SigPerm;@b@import org.jssec.android.shared.Utils;@b@ @b@import android.app.Activity;@b@import android.content.BroadcastReceiver;@b@import android.content.Context;@b@import android.content.Intent;@b@import android.widget.Toast;@b@ @b@public class InhouseReceiver extends BroadcastReceiver {@b@ @b@    // In-house Signature Permission@b@    private static final String MY_PERMISSION = "org.jssec.android.broadcast.inhousereceiver.MY_PERMISSION";@b@ @b@    // In-house certificate hash value@b@    private static String sMyCertHash = null;@b@    private static String myCertHash(Context context) {@b@        if (sMyCertHash == null) {@b@            if (Utils.isDebuggable(context)) {@b@                // Certificate hash value of "androiddebugkey" in the debug.keystore.@b@                sMyCertHash = "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255"; }@b@            else {@b@                // Certificate hash value of "my company key" in the keystore.@b@                sMyCertHash = "D397D343 A5CBC10F 4EDDEB7C A10062DE 5690984F 1FB9E88B D7B3A7C2 42E142CA"; }@b@        }@b@        return sMyCertHash;@b@    }@b@ @b@    private static final String MY_BROADCAST_INHOUSE = "org.jssec.android.broadcast.MY_BROADCAST_INHOUSE";@b@ @b@    public boolean isDynamic = false;@b@    private String getName() {@b@        return isDynamic ? "In-house Dynamic Broadcast Receiver" : "In-house Static Broadcast Receiver"; }@b@ @b@    @Override@b@    public void onReceive(Context context, Intent intent) {@b@ @b@        // *** POINT 6 *** Verify that the in-house signature permission is defined by an in-house application.@b@        if (!SigPerm.test(context, MY_PERMISSION, myCertHash(context))) {@b@            Toast.makeText(context, "The in-house signature permission is not declared by in-house application.", Toast.LENGTH_LONG).show();@b@            return;@b@        }@b@ @b@        // *** POINT 7 *** Handle the received intent carefully and securely,@b@        // even though the Broadcast was sent from an in-house application..@b@        // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@        if (MY_BROADCAST_INHOUSE.equals(intent.getAction())) {@b@            String param = intent.getStringExtra("PARAM");@b@            Toast.makeText(context,String.format("%s:¥nReceived param: ¥"%s¥"", getName(), param), Toast.LENGTH_SHORT).show();@b@        }@b@ @b@        // *** POINT 8 *** Sensitive information can be returned since the requesting application is in-house.@b@        setResultCode(Activity.RESULT_OK);@b@        setResultData(String.format("Sensitive Info from %s", getName()));@b@        abortBroadcast();@b@    }@b@}

2.AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>@b@<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="org.jssec.android.broadcast.inhousereceiver" >@b@    <!-- *** POINT 1 *** Define an in-house signature permission to receive Broadcasts -->@b@    <permission android:name="org.jssec.android.broadcast.inhousereceiver.MY_PERMISSION" android:protectionLevel="signature" />@b@ @b@    <!-- *** POINT 2 *** Declare to use the in-house signature permission to receive results. -->@b@    <uses-permission android:name="org.jssec.android.broadcast.inhousesender.MY_PERMISSION" />@b@ @b@    <application@b@        android:icon="@drawable/ic_launcher"@b@        android:label="@string/app_name"@b@        android:allowBackup="false" >@b@ @b@        <!-- *** POINT 3 *** Explicitly set the exported attribute to true. -->@b@        <!-- *** POINT 4 *** Require the in-house signature permission by the Static Broadcast Receiver definition. -->@b@ @b@        <receiver@b@            android:name=".InhouseReceiver"@b@            android:permission="org.jssec.android.broadcast.inhousereceiver.MY_PERMISSION"@b@            android:exported="true">@b@            <intent-filter>@b@                <action android:name="org.jssec.android.broadcast.MY_BROADCAST_INHOUSE" />@b@            </intent-filter>@b@        </receiver>@b@ @b@        <service android:name=".DynamicReceiverService" android:exported="false" />@b@ @b@        <activity@b@            android:name=".InhouseReceiverActivity"@b@            android:label="@string/app_name"@b@            android:exported="true" >@b@            <intent-filter>@b@                <action android:name="android.intent.action.MAIN" />@b@                <category android:name="android.intent.category.LAUNCHER" />@b@            </intent-filter>@b@        </activity>@b@    </application>@b@ @b@</manifest>

3.InhouseReceiverActivity.java

package org.jssec.android.broadcast.inhousereceiver;@b@import android.app.Activity;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@ @b@public class InhouseReceiverActivity extends Activity {@b@    @Override@b@    public void onCreate(Bundle savedInstanceState) {@b@        super.onCreate(savedInstanceState);@b@        setContentView(R.layout.main);@b@    }@b@ @b@    public void onRegisterReceiverClick(View view) {@b@        Intent intent = new Intent(this, DynamicReceiverService.class);@b@        startService(intent);@b@    }@b@ @b@    public void onUnregisterReceiverClick(View view) {@b@        Intent intent = new Intent(this, DynamicReceiverService.class);@b@        stopService(intent);@b@    }@b@}

4.DynamicReceiverService.java

package org.jssec.android.broadcast.inhousereceiver;@b@ @b@import android.app.Service;@b@import android.content.Intent;@b@import android.content.IntentFilter;@b@import android.os.IBinder;@b@import android.widget.Toast;@b@ @b@public class DynamicReceiverService extends Service {@b@ @b@    private static final String MY_BROADCAST_INHOUSE = "org.jssec.android.broadcast.MY_BROADCAST_INHOUSE";@b@ @b@    private InhouseReceiver mReceiver;@b@ @b@    @Override@b@        public IBinder onBind(Intent intent) {@b@        return null;@b@        }@b@ @b@        @Override@b@        public void onCreate() {@b@        super.onCreate();@b@ @b@        mReceiver = new InhouseReceiver();@b@        mReceiver.isDynamic = true;@b@        IntentFilter filter = new IntentFilter();@b@        filter.addAction(MY_BROADCAST_INHOUSE);@b@        filter.setPriority(1); // Prioritize Dynamic Broadcast Receiver, rather than Static Broadcast Receiver.@b@ @b@        // *** POINT 5 *** When registering a dynamic broadcast receiver, require the in-house signature permission.@b@        registerReceiver(mReceiver, filter, "org.jssec.android.broadcast.inhousereceiver.MY_PERMISSION", null);@b@   @b@        Toast.makeText(this,"Registered Dynamic Broadcast Receiver.", Toast.LENGTH_SHORT).show();@b@    }@b@ @b@    @Override@b@    public void onDestroy() {@b@        super.onDestroy();@b@        unregisterReceiver(mReceiver);@b@        mReceiver = null;@b@        Toast.makeText(this,"Unregistered Dynamic Broadcast Receiver.", Toast.LENGTH_SHORT).show();@b@    }@b@}

5.SigPerm.java

package org.jssec.android.shared;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.PermissionInfo;@b@ @b@public class SigPerm {@b@ @b@    public static boolean test(Context ctx, String sigPermName, String correctHash) {@b@        if (correctHash == null) return false;@b@        correctHash = correctHash.replaceAll(" ", "");@b@        return correctHash.equals(hash(ctx, sigPermName));@b@    }@b@ @b@    public static String hash(Context ctx, String sigPermName) {@b@        if (sigPermName == null) return null;@b@        try {@b@            // Get the package name of the application which declares a permission named sigPermName. PackageManager pm = ctx.getPackageManager();@b@            PermissionInfo pi;@b@            pi = pm.getPermissionInfo(sigPermName, PackageManager.GET_META_DATA);@b@            String pkgname = pi.packageName;@b@ @b@            // Fail if the permission named sigPermName is not a Signature Permission@b@            if (pi.protectionLevel != PermissionInfo.PROTECTION_SIGNATURE) return null;@b@ @b@            // Return the certificate hash value of the application which declares a permission named sigPermName.@b@            return PkgCert.hash(ctx, pkgname);@b@ @b@        } catch (NameNotFoundException e) {@b@            return null;@b@        }@b@    }@b@}

6.PkgCert.java

package org.jssec.android.shared;@b@ @b@import java.security.MessageDigest;@b@import java.security.NoSuchAlgorithmException;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageInfo;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.Signature;@b@ @b@public class PkgCert {@b@ @b@    public static boolean test(Context ctx, String pkgname, String correctHash) {@b@        if (correctHash == null) return false;@b@        correctHash = correctHash.replaceAll(" ", "");@b@        return correctHash.equals(hash(ctx, pkgname));@b@    }@b@ @b@    public static String hash(Context ctx, String pkgname) {@b@        if (pkgname == null) return null;@b@        try {@b@            PackageManager pm = ctx.getPackageManager();@b@            PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);@b@            if (pkginfo.signatures.length != 1) return null; // Will not handle multiple signatures.@b@            Signature sig = pkginfo.signatures[0];@b@            byte[] cert = sig.toByteArray();@b@            byte[] sha256 = computeSha256(cert);@b@            return byte2hex(sha256);@b@        } catch (NameNotFoundException e) {@b@            return null;@b@        }@b@    }@b@ @b@    private static byte[] computeSha256(byte[] data) {@b@        try {@b@            return MessageDigest.getInstance("SHA-256").digest(data);@b@        } catch (NoSuchAlgorithmException e) {@b@            return null;@b@        }@b@    }@b@    private static String byte2hex(byte[] data) {@b@        if (data == null) return null;@b@        final StringBuilder hexadecimal = new StringBuilder();@b@        for (final byte b : data) {@b@            hexadecimal.append(String.format("%02X", b));@b@        }@b@        return hexadecimal.toString();@b@    }@b@}

三、安全代码示例

1、定义一个内部签名的许可来接收结果。@b@2、声明使用内部签名来接收广播。@b@3、验证内部签名许可是由内部应用定义的。@b@4、当调用方为内部应用时，可以返回敏感数据。@b@5、请求签名许可。@b@6、处理收到的数据。@b@7、当导出APk，用与目标应用相同的developer key进行签名。

AndroidManifest.xml@b@ @b@<?xml version="1.0" encoding="utf-8"?>@b@<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="org.jssec.android.broadcast.inhousesender" >@b@ @b@    <uses-permission android:name="android.permission.BROADCAST_STICKY"/>@b@ @b@    <!-- *** POINT 10 *** Define an in-house signature permission to receive results. -->@b@    <permission@b@        android:name="org.jssec.android.broadcast.inhousesender.MY_PERMISSION"@b@        android:protectionLevel="signature" />@b@ @b@    <!-- *** POINT 11 *** Declare to use the in-house signature permission to receive Broadcasts. -->@b@    <uses-permission android:name="org.jssec.android.broadcast.inhousereceiver.MY_PERMISSION" />@b@ @b@    <application@b@        android:icon="@drawable/ic_launcher"@b@        android:label="@string/app_name"@b@        android:allowBackup="false" >@b@ @b@        <activity@b@            android:name="org.jssec.android.broadcast.inhousesender.InhouseSenderActivity"@b@            android:label="@string/app_name"@b@            android:exported="true" >@b@            <intent-filter>@b@                <action android:name="android.intent.action.MAIN" />@b@                <category android:name="android.intent.category.LAUNCHER" />@b@            </intent-filter>@b@        </activity>@b@    </application>@b@</manifest>

InhouseSenderActivity.java@b@ @b@package org.jssec.android.broadcast.inhousesender;@b@ @b@import org.jssec.android.shared.SigPerm;@b@import org.jssec.android.shared.Utils;@b@ @b@import android.app.Activity;@b@import android.content.BroadcastReceiver;@b@import android.content.Context;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@import android.widget.TextView;@b@import android.widget.Toast;@b@ @b@public class InhouseSenderActivity extends Activity {@b@ @b@    // In-house Signature Permission@b@    private static final String MY_PERMISSION = "org.jssec.android.broadcast.inhousesender.MY_PERMISSION";@b@ @b@    // In-house certificate hash value@b@    private static String sMyCertHash = null;@b@    private static String myCertHash(Context context) {@b@        if (sMyCertHash == null) {@b@            if (Utils.isDebuggable(context)) {@b@                // Certificate hash value of "androiddebugkey" in the debug.keystore.@b@                sMyCertHash = "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255"; }@b@            else {@b@                // Certificate hash value of "my company key" in the keystore.@b@                sMyCertHash = "D397D343 A5CBC10F 4EDDEB7C A10062DE 5690984F 1FB9E88B D7B3A7C2 42E142CA";@b@            }@b@        }@b@        return sMyCertHash;@b@    }@b@ @b@    private static final String MY_BROADCAST_INHOUSE = "org.jssec.android.broadcast.MY_BROADCAST_INHOUSE";@b@ @b@    public void onSendNormalClick(View view) {@b@ @b@        // *** POINT 12 *** Verify that the in-house signature permission is defined by an in-house application.@b@        if (!SigPerm.test(this, MY_PERMISSION, myCertHash(this))) {@b@            Toast.makeText(this, "The in-house signature permission is not declared by in-house application.", Toast.LENGTH_LONG).show();@b@            return;@b@        }@b@ @b@        // *** POINT 13 *** Sensitive information can be returned since the requesting application is in-house.@b@        Intent intent = new Intent(MY_BROADCAST_INHOUSE);@b@        intent.putExtra("PARAM", "Sensitive Info from Sender");@b@ @b@        // *** POINT 14 *** Require the in-house signature permission to limit receivers.@b@        sendBroadcast(intent, "org.jssec.android.broadcast.inhousesender.MY_PERMISSION");@b@    }@b@ @b@    public void onSendOrderedClick(View view) {@b@        // *** POINT 12 *** Verify that the in-house signature permission is defined by an in-house application.@b@        if (!SigPerm.test(this, MY_PERMISSION, myCertHash(this))) {@b@            Toast.makeText(this, "The in-house signature permission is not declared by in-house application.", Toast.LENGTH_LONG).show();@b@            return;@b@        }@b@        // *** POINT 13 *** Sensitive information can be returned since the requesting application is in-house.@b@        Intent intent = new Intent(MY_BROADCAST_INHOUSE);@b@        intent.putExtra("PARAM", "Sensitive Info from Sender");@b@ @b@        // *** POINT 14 *** Require the in-house signature permission to limit receivers.@b@        sendOrderedBroadcast(intent, "org.jssec.android.broadcast.inhousesender.MY_PERMISSION",@b@            mResultReceiver, null, 0, null, null);@b@    }@b@ @b@    private BroadcastReceiver mResultReceiver = new BroadcastReceiver() {@b@        @Override@b@        public void onReceive(Context context, Intent intent) {@b@ @b@            // *** POINT 15 *** Handle the received result data carefully and securely,@b@            // even though the data came from an in-house application.@b@            // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@            String data = getResultData();@b@            InhouseSenderActivity.this.logLine(String.format("Received result: ¥"%s¥"", data));@b@        }@b@    };@b@ @b@    private TextView mLogView;@b@ @b@    @Override@b@    public void onCreate(Bundle savedInstanceState) {@b@        super.onCreate(savedInstanceState);@b@        setContentView(R.layout.main);@b@        mLogView = (TextView)findViewById(R.id.logview);@b@    }@b@    private void logLine(String line) {@b@        mLogView.append(line);@b@        mLogView.append("¥n");@b@    }@b@}

SigPerm.java@b@ @b@package org.jssec.android.shared;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.PermissionInfo;@b@ @b@public class SigPerm {@b@ @b@    public static boolean test(Context ctx, String sigPermName, String correctHash) {@b@        if (correctHash == null) return false;@b@        correctHash = correctHash.replaceAll(" ", "");@b@        return correctHash.equals(hash(ctx, sigPermName));@b@    }@b@ @b@    public static String hash(Context ctx, String sigPermName) {@b@        if (sigPermName == null) return null;@b@        try {@b@            // Get the package name of the application which declares a permission named sigPermName.@b@            PackageManager pm = ctx.getPackageManager();@b@            PermissionInfo pi;@b@            pi = pm.getPermissionInfo(sigPermName, PackageManager.GET_META_DATA);@b@            String pkgname = pi.packageName;@b@            // Fail if the permission named sigPermName is not a Signature Permission@b@            if (pi.protectionLevel != PermissionInfo.PROTECTION_SIGNATURE) return null;@b@ @b@            // Return the certificate hash value of the application which declares a permission named sigPermName.@b@            return PkgCert.hash(ctx, pkgname);@b@ @b@        } catch (NameNotFoundException e) {@b@             return null;@b@        }@b@    }@b@}

PkgCert.java@b@ @b@package org.jssec.android.shared;@b@ @b@import java.security.MessageDigest;@b@import java.security.NoSuchAlgorithmException;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageInfo;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.Signature;@b@ @b@public class PkgCert {@b@ @b@    public static boolean test(Context ctx, String pkgname, String correctHash) {@b@        if (correctHash == null) return false;@b@        correctHash = correctHash.replaceAll(" ", "");@b@        return correctHash.equals(hash(ctx, pkgname));@b@    }@b@ @b@    public static String hash(Context ctx, String pkgname) {@b@        if (pkgname == null) return null;@b@        try {@b@            PackageManager pm = ctx.getPackageManager();@b@            PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);@b@            if (pkginfo.signatures.length != 1) return null;@b@            Signature sig = pkginfo.signatures[0];@b@            byte[] cert = sig.toByteArray();@b@            byte[] sha256 = computeSha256(cert);@b@            return byte2hex(sha256);@b@        } catch (NameNotFoundException e) {@b@            return null;@b@    }@b@}@b@ @b@    private static byte[] computeSha256(byte[] data) {@b@        try {@b@        // Will not handle multiple signatures.@b@            return MessageDigest.getInstance("SHA-256").digest(data);@b@        } catch (NoSuchAlgorithmException e) {@b@            return null;@b@        }@b@    }@b@ @b@    private static String byte2hex(byte[] data) {@b@        if (data == null) return null;@b@        final StringBuilder hexadecimal = new StringBuilder();@b@        for (final byte b : data) {@b@            hexadecimal.append(String.format("%02X", b));@b@        }@b@        return hexadecimal.toString();@b@    }@b@}