Feature #6260
verify Intent sender when receiver is Service and/or BroadcastReceiver
| Status: | New | Start date: | 11/13/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
With an Activity, this is done by using getCallingActivity() and the sender has to send using startActivityWithResult(). There is nothing like that for Services and BroadcastReceivers, but other techniques show promise:
- require the trigger app to include an
IntentSender.getCreatorPackage()via aPendingIntenthttps://developer.android.com/reference/android/content/IntentSender.html - do an AIDL RPC bind and check there https://stackoverflow.com/questions/15517820/android-validate-the-identity-of-intent-sender
History
#1 Updated by hans about 2 years ago
This should really be implemented in TrustedIntents first. Here is a quick sketch, but nothing working yet:
Intent verifyIntent = new Intent(PanicUtils.ACTION_VERIFY);
verifyIntent.setFlags(Intent.FLAG_FROM_BACKGROUND);
int flags = PendingIntent.FLAG_ONE_SHOT;
if (Build.VERSION.SDK_INT >= 23) {
flags |= PendingIntent.FLAG_IMMUTABLE;
}
PendingIntent pendingIntent = PendingIntent.getActivity(context, 0, verifyIntent, flags);
IntentSender intentSender = pendingIntent.getIntentSender();
Parcel out;
PendingIntent.writePendingIntentOrNullToParcel(pendingIntent, out);