All geek questions in one place

How to safely check Android resolution in dynamic mode

Multiple choice question:

which of the following will correctly check if the application has a specific permission declared in their AndroidManifest.xml?

getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED

or

 getContext().getPackageManager().checkPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE, getContext().getPackageName()) == PackageManager.PERMISSION_GRANTED

Basically, I got scared of the android documentation that checkCallingOrSelfPermission claims -> does it grant IPC permissions if you just check it? what does that even mean? http://developer.android.com/reference/android/content/Context.html#checkCallingOrSelfPermission(java.lang.String)

So any explanation of the true differences would be surprising: D

* note: I pass this code to the library, so I am allowed to check permissions at runtime if you do not know a better way.

+6
source share
3 answers

From my understanding (which may be wrong, since I have not worked much with IPC):

Given that your code is executed from another application (for example, your library was not compiled into the application, but is accessible to a third party using Binder or something like that), you can use checkCallingPermission to check if the third-party application has this permission , and checkCallingOrSelfPermission includes permissions from the application into which your library was compiled.

You need to handle the caller’s permissions separately, since you can also allow other applications to leak when checking your own permissions. From safety tips :

Do not skip protected data. This happens when your application provides IPC data, which is available only because it has specific permissions, but does not require the permission of any clients on its IPC interface.

[...]

If you provide an interface that requires access control, use checkCallingPermission() to check if the caller has permission. This is especially important before accessing the service on behalf of the caller, as the identity of your application is transferred to other interfaces.

The package manager method that you describe only checks the permissions of the application into which your library was compiled.

So, if your code is not executing from another process, you probably don't need to care about this difference. Also, use the package manager method or clear the calling identification file if you are interested in whether you can complete the task; additionally check the caller’s permissions if you want to check whether the calling process can complete the task.

+4
source

You can use this method:

 //for example, permission can be "android.permission.WRITE_EXTERNAL_STORAGE" public boolean hasPermission(String permission) { try { PackageInfo info = getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_PERMISSIONS); if (info.requestedPermissions != null) { for (String p : info.requestedPermissions) { if (p.equals(permission)) { return true; } } } } catch (Exception e) { e.printStackTrace(); } return false; }
+3
source

You can use the Context.checkCallingorSelfPermission() function for this. Here is an example

 private boolean checkWriteExternalPermission() { String permission = "android.permission.WRITE_EXTERNAL_STORAGE"; int res = getContext().checkCallingOrSelfPermission(permission); return (res == PackageManager.PERMISSION_GRANTED); }
0
source

Source: https://habr.com/ru/post/952325/

More articles:


All Articles