4.1.1.4 创建/使用内部活动

内部活动是禁止其他内部应用以外的应用使用的活动。 它们用于内部开发的应用,以便安全地共享信息和功能。

第三方应用可能会读取用于启动活动的意图。 因此,如果你将敏感信息放入用于启动活动的意图中,有必要采取对策来确保它不会被恶意第三方读取。

下面展示了创建内部活动的示例代码。

要点(创建活动):

  1. 定义内部签名权限。

  2. 不要指定taskAffinity

  3. 不要指定launchMode

  4. 需要内部签名权限。

  5. 不要定义意图过滤器,并将导出属性显式设为true

  6. 确认内部签名权限是由内部应用的。

  7. 尽管意图是从内部应用发送的,仔细和安全地处理接收到的意图。

  8. 由于请求的应用是内部的,因此可以返回敏感信息。

  9. 导出 APK 时,请使用与目标应用相同的开发人员密钥对 APK 进行签名。

AndroidManifest.xml

  2. <?xml version="1.0" encoding="utf-8"?>
  3. <manifest xmlns:android="http://schemas.android.com/apk/res/android"
  4.     package="org.jssec.android.activity.inhouseactivity" >
  6.     <!-- *** POINT 1 *** Define an in-house signature permission -->
  7.     <permission
  8.     android:name="org.jssec.android.activity.inhouseactivity.MY_PERMISSION"
  9.     android:protectionLevel="signature" />
  11.     <application
  12.         android:allowBackup="false"
  13.         android:icon="@drawable/ic_launcher"
  14.         android:label="@string/app_name" >
  16.         <!-- In-house Activity -->
  17.         <!-- *** POINT 2 *** Do not specify taskAffinity -->
  18.         <!-- *** POINT 3 *** Do not specify launchMode -->
  19.         <!-- *** POINT 4 *** Require the in-house signature permission -->
  20.         <!-- *** POINT 5 *** Do not define the intent filter and explicitly set the exported attribute to
  21.         true -->
  22.         <activity
  23.             android:name="org.jssec.android.activity.inhouseactivity.InhouseActivity"
  24.             android:exported="true"
  25.             android:permission="org.jssec.android.activity.inhouseactivity.MY_PERMISSION" />
  26.     </application>
  27. </manifest>

InhouseActivity.java

  1. package org.jssec.android.activity.inhouseactivity;
  3. import org.jssec.android.shared.SigPerm;
  4. import org.jssec.android.shared.Utils;
  5. import android.app.Activity;
  6. import android.content.Context;
  7. import android.content.Intent;
  8. import android.os.Bundle;
  9. import android.view.View;
  10. import android.widget.Toast;
  12. public class InhouseActivity extends Activity {
  14.     // In-house Signature Permission
  15.     private static final String MY_PERMISSION = "org.jssec.android.activity.inhouseactivity.MY_PERMISSION";
  16.     // In-house certificate hash value
  17.     private static String sMyCertHash = null;
  19.     private static String myCertHash(Context context) {
  20.         if (sMyCertHash == null) {
  21.             if (Utils.isDebuggable(context)) {
  22.                 // Certificate hash value of "androiddebugkey" in the debug.keystore.
  23.                 sMyCertHash = "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255";
  24.             } else {
  25.                 // Certificate hash value of "my company key" in the keystore.
  26.                 sMyCertHash = "D397D343 A5CBC10F 4EDDEB7C A10062DE 5690984F 1FB9E88B D7B3A7C2 42E142CA";
  27.             }
  28.         }
  29.         return sMyCertHash;
  30.     }
  32.     @Override
  33.     public void onCreate(Bundle savedInstanceState) {
  34.         super.onCreate(savedInstanceState);
  35.         setContentView(R.layout.main);
  36.         // *** POINT 6 *** Verify that the in-house signature permission is defined by an in-house application.
  37.         if (!SigPerm.test(this, MY_PERMISSION, myCertHash(this))) {
  38.             Toast.makeText(this, "The in-house signature permission is not declared by in-house application.",
  39.             Toast.LENGTH_LONG).show();
  40.             finish();
  41.             return;
  42.         }
  43.         // *** POINT 7 *** Handle the received intent carefully and securely, even though the intent was sent from an in-house application.
  44.         // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  45.         String param = getIntent().getStringExtra("PARAM");
  46.         Toast.makeText(this, String.format("Received param: ¥"%s¥"", param), Toast.LENGTH_LONG).show();
  47.     }
  49.     public void onReturnResultClick(View view) {
  50.         // *** POINT 8 *** Sensitive information can be returned since the requesting application is inhouse.
  51.         Intent intent = new Intent();
  52.         intent.putExtra("RESULT", "Sensitive Info");
  53.         setResult(RESULT_OK, intent);
  54.         finish();
  55.     }
  56. }

SigPerm.java

  1. package org.jssec.android.shared;
  3. import android.content.Context;
  4. import android.content.pm.PackageManager;
  5. import android.content.pm.PackageManager.NameNotFoundException;
  6. import android.content.pm.PermissionInfo;
  8. public class SigPerm {
  10.     public static boolean test(Context ctx, String sigPermName, String correctHash) {
  11.         if (correctHash == null) return false;
  12.         correctHash = correctHash.replaceAll(" ", "");
  13.         return correctHash.equals(hash(ctx, sigPermName));
  14.     }
  16.     public static String hash(Context ctx, String sigPermName) {
  17.         if (sigPermName == null) return null;
  18.         try {
  19.             // Get the package name of the application which declares a permission named sigPermName.
  20.             PackageManager pm = ctx.getPackageManager();
  21.             PermissionInfo pi;
  22.             pi = pm.getPermissionInfo(sigPermName, PackageManager.GET_META_DATA);
  23.             String pkgname = pi.packageName;
  24.             // Fail if the permission named sigPermName is not a Signature Permission
  25.             if (pi.protectionLevel != PermissionInfo.PROTECTION_SIGNATURE) return null;
  26.             // Return the certificate hash value of the application which declares a permission named sigPermName.
  27.             return PkgCert.hash(ctx, pkgname);
  28.         } catch (NameNotFoundException e) {
  29.             return null;
  30.         }
  31.     }
  32. }

PkgCert.java

  1. package org.jssec.android.shared;
  3. import java.security.MessageDigest;
  4. import java.security.NoSuchAlgorithmException;
  5. import android.content.Context;
  6. import android.content.pm.PackageInfo;
  7. import android.content.pm.PackageManager;
  8. import android.content.pm.PackageManager.NameNotFoundException;
  9. import android.content.pm.Signature;
  11. public class PkgCert {
  12.     public static boolean test(Context ctx, String pkgname, String correctHash) {
  13.         if (correctHash == null) return false;
  14.         correctHash = correctHash.replaceAll(" ", "");
  15.         return correctHash.equals(hash(ctx, pkgname));
  16.     }
  18.     public static String hash(Context ctx, String pkgname) {
  19.         if (pkgname == null) return null;
  20.         try {
  21.             PackageManager pm = ctx.getPackageManager();
  22.             PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);
  23.             if (pkginfo.signatures.length != 1) return null; // Will not handle multiple signatures.
  24.             Signature sig = pkginfo.signatures[0];
  25.             byte[] cert = sig.toByteArray();
  26.             byte[] sha256 = computeSha256(cert);
  27.             return byte2hex(sha256);
  28.         } catch (NameNotFoundException e) {
  29.             return null;
  30.         }
  31.     }
  33.     private static byte[] computeSha256(byte[] data) {
  34.         try {
  35.             return MessageDigest.getInstance("SHA-256").digest(data);
  36.         } catch (NoSuchAlgorithmException e) {
  37.             return null;
  38.         }
  39.     }
  41.     private static String byte2hex(byte[] data) {
  42.         if (data == null) return null;
  43.         final StringBuilder hexadecimal = new StringBuilder();
  44.         for (final byte b : data) {
  45.             hexadecimal.append(String.format("%02X", b));
  46.         }
  47.         return hexadecimal.toString();
  48.     }
  49. }

要点 9:导出 APK 时,请使用与目标应用相同的开发人员密钥对 APK 进行签名。

4.1.1.4.md - 图1

使用内部活动的代码如下:

要点(使用活动):

  1. 声明你要使用内部签名权限。

  2. 确认内部签名权限是由内部应用定义的。

  3. 验证目标应用是否使用内部证书签名。

  4. 由于目标应用是内部的,所以敏感信息只能由putExtra()发送。

  5. 使用显式意图调用内部活动。

  6. 即使数据来自内部应用,也要小心并安全地处理接收到的数据。

  7. 导出 APK 时,请使用与目标应用相同的开发人员密钥对 APK 进行签名。

AndroidManifest.xml

  1. <?xml version="1.0" encoding="utf-8"?>
  2. <manifest xmlns:android="http://schemas.android.com/apk/res/android"
  3.     package="org.jssec.android.activity.inhouseuser" >
  5.     <!-- *** POINT 10 *** Declare to use the in-house signature permission -->
  6.     <uses-permission
  7.     android:name="org.jssec.android.activity.inhouseactivity.MY_PERMISSION" />
  9.     <application
  10.         android:allowBackup="false"
  11.         android:icon="@drawable/ic_launcher"
  12.         android:label="@string/app_name" >
  14.         <activity
  15.             android:name="org.jssec.android.activity.inhouseuser.InhouseUserActivity"
  16.             android:label="@string/app_name"
  17.             android:exported="true" >
  18.             <intent-filter>
  19.                 <action android:name="android.intent.action.MAIN" />
  20.                 <category android:name="android.intent.category.LAUNCHER" />
  21.             </intent-filter>
  22.         </activity>
  23.     </application>
  24. </manifest>

InhouseUserActivity.java

  1. package org.jssec.android.activity.inhouseuser;
  3. import org.jssec.android.shared.PkgCert;
  4. import org.jssec.android.shared.SigPerm;
  5. import org.jssec.android.shared.Utils;
  6. import android.app.Activity;
  7. import android.content.ActivityNotFoundException;
  8. import android.content.Context;
  9. import android.content.Intent;
  10. import android.os.Bundle;
  11. import android.view.View;
  12. import android.widget.Toast;
  14. public class InhouseUserActivity extends Activity {
  16.     // Target Activity information
  17.     private static final String TARGET_PACKAGE = "org.jssec.android.activity.inhouseactivity";
  18.     private static final String TARGET_ACTIVITY = "org.jssec.android.activity.inhouseactivity.InhouseActivity";
  19.     // In-house Signature Permission
  20.     private static final String MY_PERMISSION = "org.jssec.android.activity.inhouseactivity.MY_PERMISSION";
  21.     // In-house certificate hash value
  22.     private static String sMyCertHash = null;
  24.     private static String myCertHash(Context context) {
  25.         if (sMyCertHash == null) {
  26.             if (Utils.isDebuggable(context)) {
  27.                 // Certificate hash value of "androiddebugkey" in the debug.keystore.
  28.                 sMyCertHash = "0EFB7236 328348A9 89718BAD DF57F544 D5CCB4AE B9DB34BC 1E29DD26 F77C8255";
  29.             } else {
  30.                 // Certificate hash value of "my company key" in the keystore.
  31.                 sMyCertHash = "D397D343 A5CBC10F 4EDDEB7C A10062DE 5690984F 1FB9E88B D7B3A7C2 42E142CA";
  32.             }
  33.         }
  34.         return sMyCertHash;
  35.     }
  37.     private static final int REQUEST_CODE = 1;
  39.     @Override
  40.     public void onCreate(Bundle savedInstanceState) {
  41.         super.onCreate(savedInstanceState);
  42.         setContentView(R.layout.main);
  43.     }
  45.     public void onUseActivityClick(View view) {
  46.         // *** POINT 11 *** Verify that the in-house signature permission is defined by an in-house application.
  47.         if (!SigPerm.test(this, MY_PERMISSION, myCertHash(this))) {
  48.             Toast.makeText(this, "The in-house signature permission is not declared by in-house application.",
  49.             Toast.LENGTH_LONG).show();
  50.             return;
  51.         }
  52.         // ** POINT 12 *** Verify that the destination application is signed with the in-house certificate.
  53.         if (!PkgCert.test(this, TARGET_PACKAGE, myCertHash(this))) {
  54.             Toast.makeText(this, "Target application is not an in-house application.", Toast.LENGTH_LONG).show();
  55.             return;
  56.         }
  57.         try {
  58.             Intent intent = new Intent();
  59.             // *** POINT 13 *** Sensitive information can be sent only by putExtra() since the destination application is in-house.
  60.             intent.putExtra("PARAM", "Sensitive Info");
  62.             // *** POINT 14 *** Use explicit intents to call an In-house Activity.
  63.             intent.setClassName(TARGET_PACKAGE, TARGET_ACTIVITY);
  64.             startActivityForResult(intent, REQUEST_CODE);
  65.         } catch (ActivityNotFoundException e) {
  66.             Toast.makeText(this, "Target activity not found.", Toast.LENGTH_LONG).show();
  67.         }
  68.     }
  70.     @Override
  71.     public void onActivityResult(int requestCode, int resultCode, Intent data) {
  72.         super.onActivityResult(requestCode, resultCode, data);
  73.         if (resultCode != RESULT_OK) return;
  74.         switch (requestCode) {
  75.             case REQUEST_CODE:
  76.                 String result = data.getStringExtra("RESULT");
  77.                 // *** POINT 15 *** Handle the received data carefully and securely,
  78.                 // even though the data came from an in-house application.
  79.                 // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  80.                 Toast.makeText(this, String.format("Received result: ¥"%s¥"", result), Toast.LENGTH_LONG).show();
  81.                 break;
  82.         }
  83.     }
  84. }

SigPerm.java

  1. package org.jssec.android.shared;
  3. import android.content.Context;
  4. import android.content.pm.PackageManager;
  5. import android.content.pm.PackageManager.NameNotFoundException;
  6. import android.content.pm.PermissionInfo;
  8. public class SigPerm {
  10.     public static boolean test(Context ctx, String sigPermName, String correctHash) {
  11.         if (correctHash == null) return false;
  12.         correctHash = correctHash.replaceAll(" ", "");
  13.         return correctHash.equals(hash(ctx, sigPermName));
  14.     }
  16.     public static String hash(Context ctx, String sigPermName) {
  17.         if (sigPermName == null) return null;
  18.         try {
  19.             // Get the package name of the application which declares a permission named sigPermName.
  20.             PackageManager pm = ctx.getPackageManager();
  21.             PermissionInfo pi;
  22.             pi = pm.getPermissionInfo(sigPermName, PackageManager.GET_META_DATA);
  23.             String pkgname = pi.packageName;
  24.             // Fail if the permission named sigPermName is not a Signature Permission
  25.             if (pi.protectionLevel != PermissionInfo.PROTECTION_SIGNATURE) return null;
  26.             // Return the certificate hash value of the application which declares a permission named sigPermName.
  27.             return PkgCert.hash(ctx, pkgname);
  28.         } catch (NameNotFoundException e) {
  29.             return null;
  30.         }
  31.     }
  32. }

PkgCert.java

  1. package org.jssec.android.shared;
  3. import java.security.MessageDigest;
  4. import java.security.NoSuchAlgorithmException;
  5. import android.content.Context;
  6. import android.content.pm.PackageInfo;
  7. import android.content.pm.PackageManager;
  8. import android.content.pm.PackageManager.NameNotFoundException;
  9. import android.content.pm.Signature;
  11. public class PkgCert {
  13.     public static boolean test(Context ctx, String pkgname, String correctHash) {
  14.         if (correctHash == null) return false;
  15.         correctHash = correctHash.replaceAll(" ", "");
  16.         return correctHash.equals(hash(ctx, pkgname));
  17.     }
  19.     public static String hash(Context ctx, String pkgname) {
  20.         if (pkgname == null) return null;
  21.         try {
  22.             PackageManager pm = ctx.getPackageManager();
  23.             PackageInfo pkginfo = pm.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);
  24.             if (pkginfo.signatures.length != 1) return null; // Will not handle multiple signatures.
  25.             Signature sig = pkginfo.signatures[0];
  26.             byte[] cert = sig.toByteArray();
  27.             byte[] sha256 = computeSha256(cert);
  28.             return byte2hex(sha256);
  29.         } catch (NameNotFoundException e) {
  30.             return null;
  31.         }
  32.     }
  34.     private static byte[] computeSha256(byte[] data) {
  35.         try {
  36.             return MessageDigest.getInstance("SHA-256").digest(data);
  37.         } catch (NoSuchAlgorithmException e) {
  38.             return null;
  39.         }
  40.     }
  42.     private static String byte2hex(byte[] data) {
  43.         if (data == null) return null;
  44.         final StringBuilder hexadecimal = new StringBuilder();
  45.         for (final byte b : data) {
  46.             hexadecimal.append(String.format("%02X", b));
  47.         }
  48.         return hexadecimal.toString();
  49.     }
  50. }

要点 16:导出 APK 时,请使用与目标应用相同的开发人员密钥对 APK 进行签名。

4.1.1.4.md - 图2