android – How to get application package name or UID which is trying to bind my service from onBind function?-ThrowExceptions

Exception or error:

I have a service in an application, and I can reach this service from different applications.
And when applications are tried to bind this service I want to know which application is trying to bind my service in onBind function,
but I can’t get the package name or UID of this application in onBind function.

Is it possible to get the application name or UID which is trying to bind my service in onBind function?

How to solve:

You can use the following to determine the calling application.

 String callingApp = context.getPackageManager().getNameForUid(Binder.getCallingUid());

It’s important to note the JavaDoc for getCallingUid() which says:

Return the Linux uid assigned to the process that sent you the current transaction that is being processed. This uid can be used with higher-level system services to determine its identity and check permissions. If the current thread is not currently executing an incoming transaction, then its own uid is returned.

###

You can’t do this.

onBind() is called from the Android “lifecycle manager” (making up a helpful name), and will only be called once for each Intent (so it can learn which Binder should be returned for that Intent).

The calls to your service then come in over that Binder, and you can do Binder.getCallingUid() in any one of those methods.

###

The above accepted answer did not worked for me. But a small modification did the trick. This works quite well with Messenger based communication.

public class BoundService extends Service {

    public static final int TEST = 100;
    private final Messenger messenger = new Messenger(new MessageHandler());

    class MessageHandler extends Handler {
        @Override
        public void handleMessage(Message msg) {

            String callerId = getApplicationContext().getPackageManager().getNameForUid(msg.sendingUid);
            Toast.makeText(getApplicationContext(), "Calling App: " + callerId, Toast.LENGTH_SHORT).show();

            switch (msg.what) {
                case TEST:
                    Log.e("BoundService", "Test message successfully received.")
                    break;
                default:
                    super.handleMessage(msg);
            }
        }
    }

    @Override
    public IBinder onBind(Intent intent) {
        return messenger.getBinder();
    }
}

From the above answer, you only need to change from Binder.getCallingUid() to msg.sendingUid

###

The accepted answer was not quite right! Why? If two or more applications use the same android:sharedUserId, the method Binder.getCallingUid() will return a same uid and getPackageManager().getNameForUid(uid) will return a same string, it looks like: com.codezjx.demo:10058, but is not a package name!

The right way is use the pid:

int pid = Binder.getCallingPid();

And then use pid to get package name by ActivityManager, each process can hold multiple packages, so it looks like:

private String[] getPackageNames(Context context, int pid) {
    ActivityManager am = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE);
    List<RunningAppProcessInfo> infos = am.getRunningAppProcesses();
    if (infos != null && infos.size() > 0) {
        for(RunningAppProcessInfo info : infos) {
            if(info.pid == pid) {
                return info.pkgList;
            }
        }
    }
    return null;
}

Warnning: When using method Binder.getCallingPid() and if the current thread is not currently executing an incoming transaction, then its own pid is returned. That means you need to call this method in AIDL exposed interface method.

###

I was looking how LocationManagerService restricts access, and here is what I found:

  1. They make you pass the package name whenever you try to access location
// android.location.ILocationService

Location getLastLocation(LocationRequest request, String packageName) throws RemoteException;
  1. When handling the transaction they check if the caller uid matches the package name that was provided (as mentioned in other answers there may be multiple package names that share same uid).
// com.android.server.LocationManagerService

public Location getLastLocation(LocationRequest r, String packageName) {
    ...
    checkPackageName(packageName);

    // From this point on we assume that the provided packageName is the real one
    if (mBlacklist.isBlacklisted(packageName)) {
        if (D) {
            Log.d(TAG, "not returning last loc for blacklisted app: "
                    + packageName);
        }
        return null;
    }
    ...
}
...
private void checkPackageName(String packageName) {
    if (packageName == null) {
        throw new SecurityException("invalid package name: " + null);
    }
    int uid = Binder.getCallingUid();
    String[] packages = mPackageManager.getPackagesForUid(uid);
    if (packages == null) {
        throw new SecurityException("invalid UID " + uid);
    }
    for (String pkg : packages) {
        if (packageName.equals(pkg)) return;
    }
    throw new SecurityException("invalid package name: " + packageName);
}

I guess, this is satisfactory, because for the apps to share uid they need to be signed with the same key, so could be equally trusted

Leave a Reply

Your email address will not be published. Required fields are marked *