AppAuthenticator

public class AppAuthenticator
extends Object

java.lang.Object
   ↳ androidx.security.app.authenticator.AppAuthenticator


Provides methods to verify the signing identity of other apps on the device.

Summary

Constants

int PERMISSION_DENIED_NO_MATCH

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not have any of the expected signing identities for the provided permission.

int PERMISSION_DENIED_PACKAGE_UID_MISMATCH

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not belong to the provided calling UID, or if the UID is not provided and the specified package name does not belong to the UID of the calling process as returned by Binder.getCallingUid().

int PERMISSION_DENIED_UNKNOWN_PACKAGE

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not belong to an app installed on the device.

int PERMISSION_GRANTED

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name has the expected signing identity for the provided permission.

int SIGNATURE_MATCH

This is returned by checkAppIdentity(String) when the specified package name has the expected signing identity.

int SIGNATURE_NO_MATCH

This is returned by checkAppIdentity(String) when the specified package name does not have the expected signing identity.

Public methods

int checkAppIdentity(String packageName)

Checks the specified packageName has the expected signing identity as specified in the <expected-identity> tag.

int checkCallingAppIdentity(String packageName, String permission, int pid, int uid)

Checks the specified packageName has the expected signing identity for the provided permission.

int checkCallingAppIdentity(String packageName, String permission)

Checks the specified packageName has the expected signing identity for the provided permission.

static AppAuthenticator createFromInputStream(Context context, InputStream xmlInputStream)

Creates a new AppAuthenticator that can be used to guard resources based on package name / signing identity as well as allow verification of expected signing identities before interacting with other apps on a device using the configuration defined in the provided xmlInputStream.

static AppAuthenticator createFromResource(Context context, int xmlResource)

Creates a new AppAuthenticator that can be used to guard resources based on package name / signing identity as well as allow verification of expected signing identities before interacting with other apps on a device using the configuration defined in the provided XML resource.

void enforceAppIdentity(String packageName)

Enforces the specified packageName has the expected signing identity as declared in the <expected-identity> tag.

void enforceCallingAppIdentity(String packageName, String permission)

Enforces the specified packageName has the expected signing identity for the provided permission.

void enforceCallingAppIdentity(String packageName, String permission, int pid, int uid)

Enforces the specified packageName belongs to the provided pid / uid and has the expected signing identity for the permission.

Inherited methods

Constants

PERMISSION_DENIED_NO_MATCH

public static final int PERMISSION_DENIED_NO_MATCH

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not have any of the expected signing identities for the provided permission.

Constant Value: -3 (0xfffffffd)

PERMISSION_DENIED_PACKAGE_UID_MISMATCH

public static final int PERMISSION_DENIED_PACKAGE_UID_MISMATCH

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not belong to the provided calling UID, or if the UID is not provided and the specified package name does not belong to the UID of the calling process as returned by Binder.getCallingUid().

Constant Value: -5 (0xfffffffb)

PERMISSION_DENIED_UNKNOWN_PACKAGE

public static final int PERMISSION_DENIED_UNKNOWN_PACKAGE

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name does not belong to an app installed on the device.

Constant Value: -4 (0xfffffffc)

PERMISSION_GRANTED

public static final int PERMISSION_GRANTED

This is returned by checkCallingAppIdentity(String, String) and checkCallingAppIdentity(String, String, int, int) when the specified package name has the expected signing identity for the provided permission.

Constant Value: 0 (0x00000000)

SIGNATURE_MATCH

public static final int SIGNATURE_MATCH

This is returned by checkApp