一、注意事项
1、不要定义intent过滤器,设置exported属性为true。@b@2、验证请求的应用的证书在白名单中。@b@3、不使用onBind(onStartCommand, onHandleIntent)来确认请求应用是否为合作方。@b@4、处理收到的数据是否真实。@b@5、只可以返回数据到授权的第三方应用。
二、原代码示例
AndroidManifest.xml@b@ @b@<?xml version="1.0" encoding="utf-8"?>@b@ @b@<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="org.jssec.android.service.partnerservice.aidl" >@b@ @b@ <application@b@ android:icon="@drawable/ic_launcher"@b@ android:label="@string/app_name"@b@ android:allowBackup="false" >@b@ @b@ <!-- Service using AIDL -->@b@ <!-- *** POINT 1 *** Do not define the intent filter and explicitly set the exported attribute to true. -->@b@ <service@b@ android:name="org.jssec.android.service.partnerservice.aidl.PartnerAIDLService"@b@ android:exported="true" />@b@ </application>@b@</manifest>
IExclusiveAIDLServiceCallback.aidl@b@ @b@package org.jssec.android.service.exclusiveservice.aidl;@b@interface IExclusiveAIDLServiceCallback {@b@ /**@b@ * It's called when the value is changed.@b@ */@b@ void valueChanged(String info);@b@}IExclusiveAIDLService.aidl@b@ @b@package org.jssec.android.service.exclusiveservice.aidl;@b@ @b@import org.jssec.android.service.exclusiveservice.aidl.IExclusiveAIDLServiceCallback;@b@ @b@interface IExclusiveAIDLService {@b@ //Register Callback.@b@ @b@ void registerCallback(IExclusiveAIDLServiceCallback cb);@b@ @b@ //Get Information@b@ String getInfo(String param);@b@ @b@ //Unregister Callback@b@ void unregisterCallback(IExclusiveAIDLServiceCallback cb);@b@}PartnerAIDLService.java@b@ @b@package org.jssec.android.service.partnerservice.aidl;@b@ @b@import org.jssec.android.shared.PkgCertWhitelists;@b@import org.jssec.android.shared.Utils;@b@ @b@import android.app.Service;@b@import android.content.Context;@b@import android.content.Intent;@b@import android.os.Handler;@b@import android.os.IBinder;@b@import android.os.Message;@b@import android.os.RemoteCallbackList;@b@import android.os.RemoteException;@b@import android.widget.Toast;@b@ @b@public class PartnerAIDLService extends Service {@b@ private static final int REPORT_MSG = 1;@b@ private static final int GETINFO_MSG = 2;@b@ @b@ // The value which this service informs to client@b@ private int mValue = 0;@b@ @b@ // *** POINT 2 *** Verify that the certificate of the requesting application has been registered in the own white list.@b@ private static PkgCertWhitelists sWhitelists = null;@b@ private static void buildWhitelists(Context context) {@b@ boolean isdebug = Utils.isDebuggable(context);@b@ sWhitelists = new PkgCertWhitelists();@b@ @b@ // Register certificate hash value of partner application "org.jssec.android.service.partnerservice.aidluser"@b@ sWhitelists.add("org.jssec.android.service.partnerservice.aidluser", isdebug ?@b@ // Certificate hash value of debug.keystore "androiddebugkey"@b@ "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255" :@b@ // Certificate hash value of keystore "partner key"@b@ "1F039BB5 7861C27A 3916C778 8E78CE00 690B3974 3EB8259F E2627B8D 4C0EC35A");@b@ @b@ // Register other partner applications in the same way@b@ }@b@ @b@ private static boolean checkPartner(Context context, String pkgname) {@b@ if (sWhitelists == null) buildWhitelists(context);@b@ return sWhitelists.test(context, pkgname);@b@ }@b@ @b@ // Object to register callback@b@ // Methods which RemoteCallbackList provides are thread-safe.@b@ private final RemoteCallbackList<IPartnerAIDLServiceCallback> mCallbacks =@b@ new RemoteCallbackList<IPartnerAIDLServiceCallback>();@b@ @b@ // Handler to send data when callback is called.@b@ private static class ServiceHandler extends Handler{@b@ @b@ private Context mContext;@b@ private RemoteCallbackList<IPartnerAIDLServiceCallback> mCallbacks;@b@ private int mValue = 0;@b@ @b@ public ServiceHandler(Context context, RemoteCallbackList<IPartnerAIDLServiceCallback> callback, int value){@b@ this.mContext = context;@b@ this.mCallbacks = callback;@b@ this.mValue = value;@b@ }@b@ @b@ @Override@b@ public void handleMessage(Message msg) {@b@ switch (msg.what) { case REPORT_MSG: {@b@ if(mCallbacks == null){@b@ return;@b@ }@b@ @b@ // Start broadcast@b@ // To call back on to the registered clients, use beginBroadcast().@b@ // beginBroadcast() makes a copy of the currently registered callback list.@b@ final int N = mCallbacks.beginBroadcast();@b@ for (int i = 0; i < N; i++) {@b@ IPartnerAIDLServiceCallback target = mCallbacks.getBroadcastItem(i);@b@ try {@b@ // *** POINT 5 *** Information that is granted to disclose to partner applications can be returend.@b@ target.valueChanged("Information disclosed to partner application (callback from Service) No."=(++mValue);@b@ } catch (RemoteException e) {@b@ // Callbacks are managed by RemoteCallbackList, do not unregister callbacks here.@b@ // RemoteCallbackList.kill() unregister all callbacks@b@ }@b@ }@b@ // finishBroadcast() cleans up the state of a broadcast previously initiated by calling beginBroadcast@b@ mCallbacks.finishBroadcast();@b@ @b@ // Repeat after 10 seconds@b@ sendEmptyMessageDelayed(REPORT_MSG, 10000);@b@ break;@b@ }@b@ case GETINFO_MSG: {@b@ if(mContext != null) {@b@ Toast.makeText(mContext,(String) msg.obj, Toast.LENGTH_LONG).show();@b@ }@b@ break;@b@ }@b@ @b@ default:@b@ super.handleMessage(msg);@b@ break;@b@ } // switch@b@ }@b@ }@b@ @b@ protected final ServiceHandler mHandler = new ServiceHandler(this, mCallbacks, mValue);@b@ @b@ // Interfaces defined in AIDL@b@ private final IPartnerAIDLService.Stub mBinder = new IPartnerAIDLService.Stub() {@b@ private boolean checkPartner() {@b@ Context ctx = PartnerAIDLService.this;@b@ if (!PartnerAIDLService.checkPartner(ctx, Utils.getPackageNameFromPid(ctx, getCallingPid()))) {@b@ mHandler.post(new Runnable(){@b@ @Override@b@ public void run(){@b@ Toast.makeText(PartnerAIDLService.this, "Requesting application is not partner application.", Toast.LENGTH_LONG).show();@b@ }@b@ });@b@ return false;@b@ }@b@ return true;@b@ }@b@ public void registerCallback(IPartnerAIDLServiceCallback cb) {@b@ @b@ // *** POINT 2 *** Verify that the certificate of the requesting application has been registered in the own white list.@b@ if (!checkPartner()) {@b@ return;@b@ }@b@ if (cb != null) mCallbacks.register(cb);@b@ }@b@ @b@ public String getInfo(String param) {@b@ // *** POINT 2 *** Verify that the certificate of the requesting application has been registered in the own white list.@b@ if (!checkPartner()) {@b@ return null;@b@ }@b@ @b@ // *** POINT 4 *** Handle the received intent carefully and securely,@b@ // even though the intent was sent from a partner application@b@ // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@ Message msg = new Message();@b@ msg.what = GETINFO_MSG;@b@ msg.obj = String.format("Method calling from partner application. Recieved ¥"%s¥"", param);@b@ PartnerAIDLService.this.mHandler.sendMessage(msg);@b@ @b@ // *** POINT 5 *** Return only information that is granted to be disclosed to a partner application.@b@ return "Information disclosed to partner application (method from Service)";@b@ }@b@ @b@ public void unregisterCallback(IPartnerAIDLServiceCallback cb) {@b@ // *** POINT 2 *** Verify that the certificate of the requesting application has been registered in the own white list.@b@ if (!checkPartner()) {@b@ return;@b@ }@b@ @b@ if (cb != null) mCallbacks.unregister(cb);@b@ }@b@ };@b@ @b@ @Override@b@ public IBinder onBind(Intent intent) {@b@ // *** POINT 3 *** Verify that the certificate of the requesting application has been registered in the own wh ite list.@b@ // So requesting application must be validated in methods defined in AIDL every time.@b@ return mBinder;@b@ }@b@ @b@ @Override@b@ public void onCreate() {@b@ Toast.makeText(this, this.getClass().getSimpleName() + " - onCreate()", Toast.LENGTH_SHORT).show();@b@ @b@ // During service is running, inform the incremented number periodically.@b@ mHandler.sendEmptyMessage(REPORT_MSG);@b@ }@b@ @b@ @Override@b@ public void onDestroy() {@b@ Toast.makeText(this, this.getClass().getSimpleName() + " - onDestroy()", Toast.LENGTH_SHORT).show();@b@ @b@ // Unregister all callbacks mCallbacks.kill();@b@ mHandler.removeMessages(REPORT_MSG);@b@ }@b@}PkgCertWhitelists.java@b@ @b@package org.jssec.android.shared;@b@ @b@import java.util.HashMap;@b@import java.util.Map;@b@ @b@import android.content.Context;@b@ @b@public class PkgCertWhitelists {@b@ private Map<String, String> mWhitelists = new HashMap<String, String>();@b@ @b@ public boolean add(String pkgname, String sha256) {@b@ if (pkgname == null) return false;@b@ if (sha256 == null) return false;@b@ @b@ sha256 = sha256.replaceAll(" ", "");@b@ if (sha256.length() != 64) return false; // SHA-256 -> 32 bytes -> 64 chars@b@ sha256 = sha256.toUpperCase();@b@ if (sha256.replaceAll("[0-9A-F]+", "").length() != 0) return false; // found non hex char@b@ @b@ mWhitelists.put(pkgname, sha256);@b@ return true;@b@ }@b@ @b@ public boolean test(Context ctx, String pkgname) {@b@ // Get the correct hash value which corresponds to pkgname.@b@ String correctHash = mWhitelists.get(pkgname);@b@ @b@ // Compare the actual hash value of pkgname with the correct hash value.@b@ return PkgCert.test(ctx, pkgname, correctHash);@b@ }@b@}PkgCert.java@b@ @b@package org.jssec.android.shared;@b@ @b@import java.security.MessageDigest;@b@import java.security.NoSuchAlgorithmException;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageInfo;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.Signature;@b@ @b@public class PkgCert {@b@ @b@ public static boolean test(Context ctx, String pkgname, String correctHash) {@b@ if (correctHash == null) return false;@b@ correctHash = correctHash.replaceAll(" ", "");@b@ return correctHash.equals(hash(ctx, pkgname));@b@ }@b@ @b@ public static String hash(Context ctx, String pkgname) {@b@ if (pkgname == null) return null;@b@ try {@b@ PackageManager pm = ctx.getPackageManager();@b@ PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);@b@ if (pkginfo.signatures.length != 1) return null; // Will not handle multiple signatures.@b@ Signature sig = pkginfo.signatures[0];@b@ byte[] cert = sig.toByteArray();@b@ byte[] sha256 = computeSha256(cert);@b@ return byte2hex(sha256);@b@ } catch (NameNotFoundException e) {@b@ return null;@b@ }@b@ }@b@ @b@ private static byte[] computeSha256(byte[] data) {@b@ try {@b@ return MessageDigest.getInstance("SHA-256").digest(data);@b@ } catch (NoSuchAlgorithmException e) {@b@ return null;@b@ }@b@ }@b@ @b@ private static String byte2hex(byte[] data) {@b@ if (data == null) return null;@b@ final StringBuilder hexadecimal = new StringBuilder();@b@ for (final byte b : data) {@b@ hexadecimal.append(String.format("%02X", b));@b@ }@b@ return hexadecimal.toString();@b@ }@b@}三、安全代码示例
1、验证目标应用的证书是在白名单中的。@b@2、只返回信息给授权的合作方应用。@b@3、使用显式intent返回合作service。@b@4、处理收到的数据,确认其正确性。
ExclusiveAIDLUserActivity.java@b@ @b@package org.jssec.android.service.partnerservice.aidluser;@b@ @b@import org.jssec.android.service.partnerservice.aidl.IPartnerAIDLService;@b@import org.jssec.android.service.partnerservice.aidl.IPartnerAIDLServiceCallback;@b@import org.jssec.android.shared.PkgCertWhitelists;@b@import org.jssec.android.shared.Utils;@b@ @b@import android.app.Activity;@b@import android.content.ComponentName;@b@import android.content.Context;@b@import android.content.Intent;@b@import android.content.ServiceConnection;@b@import android.os.Bundle;@b@import android.os.Handler;@b@import android.os.IBinder;@b@import android.os.Message;@b@import android.os.RemoteException;@b@import android.view.View;@b@import android.widget.Toast;@b@ @b@public class PartnerAIDLUserActivity extends Activity {@b@ @b@ private boolean mIsBound;@b@ private Context mContext;@b@ @b@ private final static int MGS_VALUE_CHANGED = 1;@b@ @b@ // *** POINT 6 *** Verify if the certificate of the target application has been registered in the own white list.@b@ private static PkgCertWhitelists sWhitelists = null;@b@ private static void buildWhitelists(Context context) {@b@ boolean isdebug = Utils.isDebuggable(context);@b@ sWhitelists = new PkgCertWhitelists();@b@ @b@ // Register certificate hash value of partner service application "org.jssec.android.service.partnerservice.a idl"@b@ sWhitelists.add("org.jssec.android.service.partnerservice.aidl", isdebug ?@b@ // Certificate hash value of debug.keystore "androiddebugkey"@b@ "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255" :@b@ // Certificate hash value of keystore "my company key"@b@ "D397D343 A5CBC10F 4EDDEB7C A10062DE 5690984F 1FB9E88B D7B3A7C2 42E142CA");@b@ // Register other partner service applications in the same way@b@ }@b@ private static boolean checkPartner(Context context, String pkgname) {@b@ if (sWhitelists == null) buildWhitelists(context);@b@ return sWhitelists.test(context, pkgname);@b@ }@b@ @b@ // Information about destination (requested) partner activity.@b@ private static final String TARGET_PACKAGE = "org.jssec.android.service.partnerservice.aidl";@b@ private static final String TARGET_CLASS = "org.jssec.android.service.partnerservice.aidl.PartnerAIDLService";@b@ @b@ private static class ReceiveHandler extends Handler{@b@ @b@ private Context mContext;@b@ @b@ public ReceiveHandler(Context context){@b@ this.mContext = context;@b@ }@b@ @b@ @Override@b@ public void handleMessage(Message msg) {@b@ @b@ switch (msg.what) {@b@ case MGS_VALUE_CHANGED: {@b@ String info = (String)msg.obj;@b@ Toast.makeText(mContext, String.format("Received ¥"%s¥" with callback.", info), Toast.LENGTH_SHORT).show();@b@ break;@b@ }@b@ @b@ default:@b@ super.handleMessage(msg);@b@ break;@b@ } // switch@b@ }@b@ }@b@ @b@ private final ReceiveHandler mHandler = new ReceiveHandler(this);@b@ @b@ // Interfaces defined in AIDL. Receive notice from service@b@ private final IPartnerAIDLServiceCallback.Stub mCallback =new IPartnerAIDLServiceCallback.Stub() {@b@ @b@ @Override@b@ public void valueChanged(String info) throws RemoteException {@b@ Message msg = mHandler.obtainMessage(MGS_VALUE_CHANGED, info);@b@ mHandler.sendMessage(msg);@b@ }@b@};@b@ @b@ // Interfaces defined in AIDL. Inform service.@b@ private IPartnerAIDLService mService = null;@b@ @b@ // Connection used to connect with service. This is necessary when service is implemented with bindService().@b@ private ServiceConnection mConnection = new ServiceConnection() {@b@ @b@ // This is called when the connection with the service has been established.@b@ @Override@b@ public void onServiceConnected(ComponentName className, IBinder service) {@b@ mService = IPartnerAIDLService.Stub.asInterface(service);@b@ @b@ try{@b@ // connect to service@b@ mService.registerCallback(mCallback);@b@ @b@ }catch(RemoteException e){@b@ // service stopped abnormally@b@ }@b@ Toast.makeText(mContext, "Connected to service", Toast.LENGTH_SHORT).show();@b@ }@b@ @b@ // This is called when the service stopped abnormally and connection is disconnected.@b@ @Override@b@ public void onServiceDisconnected(ComponentName className) {@b@ Toast.makeText(mContext, "Disconnected from service", Toast.LENGTH_SHORT).show();@b@ }@b@ };@b@ @b@ @Override@b@ public void onCreate(Bundle savedInstanceState) {@b@ super.onCreate(savedInstanceState);@b@ @b@ setContentView(R.layout.partnerservice_activity);@b@ @b@ mContext = this;@b@ }@b@ @b@ // --- StartService control ---@b@ @b@ public void onStartServiceClick(View v) {@b@ // Start bindService@b@ doBindService();@b@ }@b@ @b@ public void onGetInfoClick(View v) {@b@ getServiceinfo();@b@ }@b@ @b@ public void onStopServiceClick(View v) {@b@ doUnbindService();@b@ }@b@ @b@ @Override@b@ public void onDestroy() {@b@ super.onDestroy();@b@ doUnbindService();@b@ }@b@ @b@ // Connect to service@b@ private void doBindService() {@b@ if (!mIsBound){@b@ // *** POINT 6 *** Verify if the certificate of the target application has been registered in the own white list.@b@ if (!checkPartner(this, TARGET_PACKAGE)) {@b@ Toast.makeText(this, "Destination(Requested) sevice application is not registered in white list.", Toast.LENGTH_LONG).show();@b@ return;@b@ }@b@ @b@ Intent intent = new Intent();@b@ @b@ // *** POINT 7 *** Return only information that is granted to be disclosed to a partner application.@b@ intent.putExtra("PARAM", "Information disclosed to partner application");@b@ @b@ // *** POINT 8 *** Use the explicit intent to call a partner service.@b@ intent.setClassName(TARGET_PACKAGE, TARGET_CLASS);@b@ @b@ bindService(intent, mConnection, Context.BIND_AUTO_CREATE);@b@ mIsBound = true;@b@ }@b@ }@b@ @b@ //Disconnect service@b@ private void doUnbindService() {@b@ if (mIsBound) {@b@ // Unregister callbacks which have been registered.@b@ if(mService != null){@b@ try{@b@ mService.unregisterCallback(mCallback);@b@ }catch(RemoteException e){@b@ // Service stopped abnormally@b@ // Omitted, since it' s sample.@b@ }@b@ }@b@ @b@ unbindService(mConnection);@b@ @b@ Intent intent = new Intent();@b@ @b@ // *** POINT 8 *** Use the explicit intent to call a partner service.@b@ intent.setClassName(TARGET_PACKAGE, TARGET_CLASS);@b@ @b@ stopService(intent);@b@ @b@ mIsBound = false;@b@ }@b@ }@b@ @b@ //Get information from service@b@ void getServiceinfo() {@b@ if (mIsBound && mService != null) {@b@ String info = null;@b@ @b@ try{@b@ // *** POINT 7 *** Return only information that is granted to be disclosed to a partner application.@b@ info = mService.getInfo("Information disclosed to partner application (method from activit)");@b@ } catch (RemoteException e) {@b@ e.printStackTrace();@b@ }@b@ // *** POINT 9 *** Handle the received result data carefully and securely,@b@ // even though the data came from a partner application.@b@ // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."@b@ Toast.makeText(mContext, String.format("Received ¥"%s¥" from service.", info), Toast.LENGTH_SHORT).show();@b@ }@b@ }@b@}PkgCertWhitelists.java@b@package org.jssec.android.shared;@b@ @b@import java.util.HashMap;@b@import java.util.Map;@b@ @b@import android.content.Context;@b@ @b@public class PkgCertWhitelists {@b@ private Map<String, String> mWhitelists = new HashMap<String, String>();@b@ @b@ public boolean add(String pkgname, String sha256) {@b@ if (pkgname == null) return false;@b@ if (sha256 == null) return false;@b@ @b@ sha256 = sha256.replaceAll(" ", "");@b@ if (sha256.length() != 64) return false; // SHA-256 -> 32 bytes -> 64 chars@b@ sha256 = sha256.toUpperCase();@b@ if (sha256.replaceAll("[0-9A-F]+", "").length() != 0) return false; // found non hex char@b@ @b@ mWhitelists.put(pkgname, sha256);@b@ return true;@b@ }@b@ @b@ public boolean test(Context ctx, String pkgname) {@b@ // Get the correct hash value which corresponds to pkgname.@b@ String correctHash = mWhitelists.get(pkgname);@b@ @b@ // Compare the actual hash value of pkgname with the correct hash value.@b@ return PkgCert.test(ctx, pkgname, correctHash);@b@ }@b@}PkgCert.java@b@ @b@package org.jssec.android.shared;@b@ @b@import java.security.MessageDigest;@b@import java.security.NoSuchAlgorithmException;@b@ @b@import android.content.Context;@b@import android.content.pm.PackageInfo;@b@import android.content.pm.PackageManager;@b@import android.content.pm.PackageManager.NameNotFoundException;@b@import android.content.pm.Signature;@b@ @b@public class PkgCert {@b@ @b@ public static boolean test(Context ctx, String pkgname, String correctHash) {@b@ if (correctHash == null) return false;@b@ correctHash = correctHash.replaceAll(" ", "");@b@ return correctHash.equals(hash(ctx, pkgname));@b@ }@b@ @b@ public static String hash(Context ctx, String pkgname) {@b@ if (pkgname == null) return null;@b@ try {@b@ PackageManager pm = ctx.getPackageManager();@b@ PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);@b@ if (pkginfo.signatures.length != 1) return null; // Will not handle multiple signatures.@b@ Signature sig = pkginfo.signatures[0];@b@ byte[] cert = sig.toByteArray();@b@ byte[] sha256 = computeSha256(cert);@b@ return byte2hex(sha256);@b@ } catch (NameNotFoundException e) {@b@ return null;@b@ }@b@ }@b@ @b@ private static byte[] computeSha256(byte[] data) {@b@ try {@b@ return MessageDigest.getInstance("SHA-256").digest(data);@b@ } catch (NoSuchAlgorithmException e) {@b@ return null;@b@ }@b@ }@b@ @b@ private static String byte2hex(byte[] data) {@b@ if (data == null) return null;@b@ final StringBuilder hexadecimal = new StringBuilder();@b@ for (final byte b : data) {@b@ hexadecimal.append(String.format("%02X", b));@b@ }@b@ return hexadecimal.toString();@b@ }@b@}���