Secure Sharing a Service between two application

Sharing a Remote Service

Remote Service를 구현하고 공유하는것은 어렵지 않다. different apps들이 나의 service를 사용하게 할수 있다. 즉 Remote Service를 깨울수 있는 action명을 정의하고 타 앱들이 action명을 가지고 서비스를 호출하면 된다.

그럼 Secure한 Remote Service공유는 어떻게 해야할까? Secure한 Remote Service공유의 정의는 다음과 같다.

• 특정 app만 나의 Remote Service를 띄우게 허락한다.

Singing Stratigies

Android Developer사이트에 보면 다음과 같은 내용이 있다.

signature-based permissions enforcement를 사용하면 다른 application간에 코드와 데이터를 공유할수 있단다. 서비스 공유도 가능하다.

Some aspects of application signing may affect how you approach the development of your application, especially if you are planning to release multiple applications. In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so: Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application. Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed. Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.

자세한 설명은 먼저 두개의 application은 똑같은 signed key를 가지고 있어야 하고, 똑같은 permission도 가지고 있어야 한다.

Shared Linux UserId

두개의 application을 동일한 userId로 선언하면 동일한 app이된다. 그러나 이것은 두 application의 owner가 다르면 userid를 통일하기는 껄끄롭다. 다른 방법을 찾아보자.

<manifest xmlns:android="http://schemas.android.com/apk/res/android"     package="com.skt.skp.servicecall"     android:sharedUserId="com.skt.skp"     android:versionCode="1"     android:versionName="1.0" >

signature-based permissions enforcement

서비스 선언

<manifest xmlns:android="http://schemas.android.com/apk/res/android"     package="com.example.testproject" >         <permission android:name="com.example.test.permission.BIND_INTEGRATION_SERVICE"  android:protectionLevel="signature" />         <service android:name=".TestService"             android:permission="com.example.test.permission.BIND_INTEGRATION_SERVICE"             >             <intent-filter>                 <action android:name="com.example.testproject.SERVICE" />                 <category android:name="android.intent.category.LAUNCHER" />             </intent-filter>         </service>

서비스 Caller

<manifest xmlns:android="http://schemas.android.com/apk/res/android"     package="com.skt.skp.servicecall" >     <uses-sdk         android:minSdkVersion="10"         android:targetSdkVersion="16" />     <uses-permission android:name="com.example.test.permission.BIND_INTEGRATION_SERVICE" />

MainActivity.java

Intent intent = new Intent("com.example.testproject.SERVICE");   bindService(intent, mServiceConnection, Context.BIND_AUTO_CREATE);

이렇게 선언을 하면 동일한 Singing Key를 가져야만  Remote Service를 호출이 가능하고 틀리면 Bind Exception이 발생한다. 여기서 중요한것은 Signature-based permissions enforcement를 썻다는 것이다. signature가 동일해야지만 permission이 작동한다는 것이다. Signature-based permissions enforcement를 쓰려면 service의 permission의 선언에 protectionLevel을 추가해야한다.(android:protectionLevel="signature")

그리고 테스트 결과 service:exported="false"를 선언하면 외부 app에서는 절대로 호출못한다. 반드시 내부에서만 service를 띄우도록 강제할때만 선언하자.