4.2.1.1 私有广播接收器
私人广播接收器是最安全的广播接收器,因为只能接收到从应用内发送的广播。 动态广播接收器不能注册为私有,所以私有广播接收器只包含静态广播接收器。
要点(接收广播):
将导出属性显示设为
false小心并安全地处理收到的意图,即使意图从相同的应用中发送
敏感信息可以作为返回结果发送,因为请求来自相同应用
AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?><manifest xmlns:android="http://schemas.android.com/apk/res/android"package="org.jssec.android.broadcast.privatereceiver" ><applicationandroid:icon="@drawable/ic_launcher"android:label="@string/app_name"android:allowBackup="false" ><!-- Private Broadcast Receiver --><!-- *** POINT 1 *** Explicitly set the exported attribute to false. --><receiverandroid:name=".PrivateReceiver"android:exported="false" /><activityandroid:name=".PrivateSenderActivity"android:label="@string/app_name"android:exported="true" ><intent-filter><action android:name="android.intent.action.MAIN" /><category android:name="android.intent.category.LAUNCHER" /></intent-filter></activity></application></manifest>
PrivateReceiver.java
package org.jssec.android.broadcast.privatereceiver;import android.app.Activity;import android.content.BroadcastReceiver;import android.content.Context;import android.content.Intent;import android.widget.Toast;public class PrivateReceiver extends BroadcastReceiver {@Overridepublic void onReceive(Context context, Intent intent) {// *** POINT 2 *** Handle the received intent carefully and securely,// even though the intent was sent from within the same application.// Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."String param = intent.getStringExtra("PARAM");Toast.makeText(context,String.format("Received param: ¥"%s¥"", param),Toast.LENGTH_SHORT).show();// *** POINT 3 *** Sensitive information can be sent as the returned results since the requests come from within the same application.setResultCode(Activity.RESULT_OK);setResultData("Sensitive Info from Receiver");abortBroadcast();}}
向私有广播接收器发送广播的代码展示在下面:
要点(发送广播):
使用带有指定类的显式意图,来调用相同应用中的接收器。
敏感信息可以发送,因为目标接收器在相同应用中。
小心并安全地处理收到的返回结果,即使数据来自相同应用中的接收器。
PrivateSenderActivity.java
package org.jssec.android.broadcast.privatereceiver;import android.app.Activity;import android.content.BroadcastReceiver;import android.content.Context;import android.content.Intent;import android.os.Bundle;import android.view.View;import android.widget.TextView;public class PrivateSenderActivity extends Activity {public void onSendNormalClick(View view) {// *** POINT 4 *** Use the explicit Intent with class specified to call a receiver within the same application.Intent intent = new Intent(this, PrivateReceiver.class);// *** POINT 5 *** Sensitive information can be sent since the destination Receiver is within the same application.intent.putExtra("PARAM", "Sensitive Info from Sender");sendBroadcast(intent);}public void onSendOrderedClick(View view) {// *** POINT 4 *** Use the explicit Intent with class specified to call a receiver within the same application.Intent intent = new Intent(this, PrivateReceiver.class);// *** POINT 5 *** Sensitive information can be sent since the destination Receiver is within the same application.intent.putExtra("PARAM", "Sensitive Info from Sender");sendOrderedBroadcast(intent, null, mResultReceiver, null, 0, null, null);}private BroadcastReceiver mResultReceiver = new BroadcastReceiver() {@Overridepublic void onReceive(Context context, Intent intent) {// *** POINT 6 *** Handle the received result data carefully and securely,// even though the data came from the Receiver within the same application.// Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."String data = getResultData();PrivateSenderActivity.this.logLine(String.format("Received result: ¥"%s¥"", data));}};private TextView mLogView;@Overridepublic void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);setContentView(R.layout.main);mLogView = (TextView)findViewById(R.id.logview);}private void logLine(String line) {mLogView.append(line);mLogView.append("¥n");}}
若有收获,就点个赞吧
0 人点赞
