Upload
nguyencong
View
216
Download
0
Embed Size (px)
Citation preview
INTENTS AND PERMISSIONSRoberto Beraldi
Intents and openness• Android is an ‘open’ software system
• This means:
• Android source code is available (AOSP)
• Software components (e.g., Activity) can be installed in the device and activated (also indirectly) by already installed components (without changing them)
• A software component can activate another component without knowing where it is installed, its name, etc.
Intenet: base case
‘INTENT BUS’ (Android System)
ActivityA
ActivityB
Same package
A creates an Intent destined to BA starts activity B
Intenet: base case
1. A Creates the intent and calls startActivity with a reference to B2. The ‘android system’ checks if such an Activity is installed3. The ‘android system’ calls the B’s onCreate method
General activation rule• An android software component is always «activated»
from another software component
• An application is also initiated from another applicationcalled the luncher (home screen)
• The underlying activation mechamism is based on the notion of Intent
• An intent may be seen as an asynchronous message w or w/o designated target
Intents• An intents is like a messages that activates another
software component
• Conceptually, it has a target(s) and a body (containing data and metadata)
• An intent may also describe an abstract description of an operation to be performed
Intents and filters• An Intent can be
• explicit when the target of the intent is declared inside the intent
• implicit : the intent just specifies the action the component should provide
• Software components declare the action they can perform inside their intent-filters tag in the manifest file
Pending intents and broadcast intents• An intent can also be pending , meaning that some
component will be activated in the future (e.g., notification)
• It can be broadcast when it announces something to all (see broadcast receivers)
Intents and actions• There are a lot of predefined actions (unicast or bcast)
• User can define new actions
• An app may be not allowed to generate some specific action as they are reserved to the system
Intents: classification
Intent
Unicast
Broadcast
target)
Explicit(spefictarget)
an action)
Implicit(specifiesan action)
Start an ActivityStart a ServiceData access (content prov)
No target found� errorOnly one target � startedMany targets�user choice
Processed byBrodcast ReceiversGenerated by the system
Pending Used as a notificationCan launch an activity in the future
Intent Fields (primary attributes)• Action:
• a string representing the operation• For example: «android.intent.action.MAIN » (if it goes in the manifest
file)• Referred symbolically in the code as Intent.ACTION_MAIN
• Data: • A URI that references data to operate on (scheme://authority/path)
• For example: content://contacts/people/1 � Display information about the person whose identifier is "1"
Intent Fields (secondary attributes)• Category:
• A string representing additional information about the component that can manage the intent• For example: «android.intent.category.LAUNCHER »• Symbolically ad Intent.CATEGORY_LAUNCHER
• Type:• Specicies the MIME type of the intent data
• Component• The name of the component to start (used when the component that can
handle the intent is known).
• Extras• Key-value pairs (i.e., a bundle) to carry additional information required to
perform the requested action• For example, if the action it to send an e-mail message, one could also include extra
pieces of data here to supply a subject, body, etc.
Explicit intent • Activities are independent from each other and interact
through Intents
• The explicit intent targets one specific activity, for example just to change the screen
• The two activities must reside in the same package and declared into the manifest file
Example
Starting an activity and getting results • Allows to call an activity and get results• The calling Activity will not wait (asynchronous interaction)• The called activity will issue setResult method call• This causes the onActivityResult method of the calling
activity to be executed
Starting an activity and getting results
Activity1 Activity2
Create an Intent
onActivityResult
StartActivityForResult
setResult
ActivityCalls(demo)
Passing data to the new activity• When an Activity A has to pass some data to anohter
activity it needs to set extra fields in the intent object
Passing data via a bundle
Activity2
Passing data via a bundle • In the example, data are just echoed back to the caller• The called activity gets the intent via getIntent method • The called activity sets no screen and it is immediately
finished
OtherActivity
Implicit intents
• The Intent doesn’t specify the Activity to start, but only an “Action”• There are several predefined actions in the ‘system’ to choose from
• A user can define its own action as well• Intents declares their ability to perform actions in the manifest file
Activity Main
OtherActivity
Implicit intent resolution• Action Test
• The Intent’s action must be declared in the intent-filter
• Category Test• All the categories of the Intent must be declared in the intent-filter,
not vice versa
• Data Test• The data scheme must be declared in intent-filter
• If there are many Activities that can perform the required action, then the user needs to select one
Example
• In this example, the system proposes all the installed application that declares to be able to respond to the MAIN action
Example of system defined actions
Example• Select a contact from the contact list • Show the contact ID on the screen and view the details
Example of action/data pairs
Example: placing a call
Same as
Example: sending sms
Example: sending an email
• The are two activities in the device that can perform the action
• The user needs to select one• Can set the choice as the default
Another example: showing settings
Starting an activity in another package
• Activity A (in package PA) wants to call Activity B (in package PB). How to do that?
• Activity B defines an intent-filter containing a custom action and DEFAULT category
• Activity A creates an intent with the custom action and call startActivity
• Do the activities run inside the same process?• No, they run as two different separate users.
Activity A
Starting an activity in another package
Activity Anew
Intent(‘a.b.c.d’)
Package PA
Activity AActivity B
<intent-filer>a.b.c.d
Package PB
Activity Manager
Starting an activity into another package
‘INTENT BUS’ (Android System)
ActivityA
ActivityB
Package A Package B
ActityManager (demo)
Sending intent from adb
C:\Users\roberto\AppData\Local\Android\sdk\platform-tools>adb shell am start –a android.intent.action.VIEW* daemon not running. starting it now on port 5037 ** daemon started successfully *Starting: Intent { act=android.intent.action.VIEW }
Sending intent from the adb• adb shell am start –a android.intent.action.VIEW –d
"http://developer.android.com"• Starting: Intent { act=android.intent.action.VIEW
dat=http://developer.android.com }
• adb shell am start –a android.intent.action.VIEW -d "geo:42,12"• Starting: Intent { act=android.intent.action.VIEW dat=geo:42,12 }
Example: Using maps • It is possible to show google maps or getting driving
directions very easily
• intent.setAction(Intent.ACTION_VIEW);intent.setData(Uri.parse("geo:42,12 "));
• intent.setAction(Intent.ACTION_VIEW);intent.setData(Uri.parse("http://maps.google.com/maps?sadd=42.12,10.2&daddr=42.12,10.11 "));
•
Exercise • Write a simple activity for typing a phone number and then
place the call
PendingIntents• They specify an action to take in the future• The application that will execute that Intent will have the
same permissions as the sending application, whether or not such application is still around when the Intent is eventually invoked.
• For example used in notification
Notication (demo)
Broadcast intents and receivers
The action specifies that an event is occurred
Broadcast Receiver• It’s a software component that reacts to system-wide
events (in the form bcast action)• A receiver has to register to specific intents
Registering Broadcast receivers• Registration to receive bcast intent can be done
• Statically (through XML, e.g., <receiver> tag)
• Dynamically (from an activity). Called in the UI thread..
• Statically registered receivers reamin dormant and respond to the intent
• Dynamically registered event are alive as long as the registering activity is alive
• Subscription to some events can only be done dynamically(e.g., TIME_TICK – this is to avoid battery drain)
BroadcastReceiver (demo)• Register to the TIME_TICK event• Warning: the registration can only be done dynamically
from the code. Also, for security reason it cannot be generated (sendBroadcast(…))
when the time changes a toast is displayedUseful for example to perform polling…
Example of Broadcast receiver• BOOT_COMPLETED:
• Warning: RECEIVE_BOOT_COMPLETED permission is required
• The receiver could for example generate a usernotification, start an activity or a service
Permissions• It is a way to protect system functionalities
• Up to android 5.0 (API level 22) or lower, the app requests permissions from the user at installation time
• Users either accept all the permissions or not (all-or-nothing model)• Security Issue
• <uses-permission android:name=“…..’/>
Pemission Levels• Normal
• Automatically granted by the system
• Dangerous• Granted by the user
• Signature• Granted by the system if the app requiring the permission is signed
with the same key declared in the permission, i.e., the app isdeveloped by the same entity
• Signature/System• Used by manufacters (not of interests)
Dangerous permission (granted by users)
Dynamic permissions• If the device is running Android 6.0 (API level 23) or higher, and
the app's targetSdkVersion is 23 or higher, the app requests permissions from the user at run-time .
• The user can revoke the permissions at any time, so the app needs to check whether it has the permissions every time it runs.
• This is done from “Settings”
Dynamic permission flow
PermissionGranted?
yes
do protectedoperation
no
Requestpermission
«wait»RequestPermission
result
First time?
yes
no
Continue without
Protectedoperation
Explain whypermission is
important
granted?
yes
Example
time
Example• If user selects DENY and checks «don’t ask me again», • The permission can be granted only from
• Settings�Apps�AppName�Permissions
Use of Permissions• Use of a permission (at run-time)
• <uses-permission> tag
• Restrict the access to a software component, i.e., the caller must hold the permission
• Activity, Services, Content providers: a security exceptionis thrown
• Broadcast receivers: no exception (intent is just notdelivered)
How permissions are implemented?• Each app runs as a user and receives a UID and a GID• Each permission is associated to a different group
• For example ACCESS_FINE_LOCATION has GID=Location
• When a permission is granted for an app, the system willassign a supplumentary GID corresponding to the permissions• An app may belong to many groups
Activity B
Example
Intent ‘bus’
Activity A ServiceBroadcastReceiver
NotificationService
Examples:1. Activity A launches Activity B2. Activity A launches a Service (see future lectures)3. Activity A wants to perform an action on some data (i.e., contacts via Activity C)4. An activity wants to notify something to the user (icon in the notification bar)5. System notifies some event to ‘all’ (for example, TIME_TICK)
For security reason: It’s better to start a service explicitally, i.e. not using filters(see official documentation)
Activity C
Content provider