CODEWITHSUNDEEP
androidandroid-servicewear-osandroid-permissionsandroid-security
RoLAN210
RoLAN210

Reputation: 68

How to only allow my companion watch app to connect to my wearable listener service on handheld?

I want to ensure my WearableListenerService running on my handheld is only accessible by my companion app. I would think that creating a custom permission would be the route to take however I faced issues with this approach and could not get the wearable to successfully bind to the handheld, I would get the following exception on my handheld;

Permission Denial: Accessing service ComponentInfo{com.mypackage.android/com.mypackage.android.androidwear.service.WearListenerService} from pid=4868, uid=10014 requires com.mypackage.android.WATCHAPP
WearableService: bind: Permission denied connecting to ServiceRecord[com.mypackage.android.androidwear.service.WearListenerService, events=1, bound=false, [Event[79380002: onMessageReceived, event=requestId=16741, action=/start-activity, dataSize=26, source=31c5457d]]]
                                              java.lang.SecurityException: Not allowed to bind to service Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=com.mypackage.android/.androidwear.service.WearListenerService }
                                                  at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:1437)
                                                  at android.app.ContextImpl.bindService(ContextImpl.java:1395)
                                                  at android.content.ContextWrapper.bindService(ContextWrapper.java:632)
                                                  at android.content.ContextWrapper.bindService(ContextWrapper.java:632)
                                                  at android.content.ContextWrapper.bindService(ContextWrapper.java:632)
                                                  at aeim.a(:com.google.android.gms:6693)
                                                  at aeim.a(:com.google.android.gms:1378)
                                                  at aeim.handleMessage(:com.google.android.gms:1295)
                                                  at android.os.Handler.dispatchMessage(Handler.java:102)
                                                  at android.os.Looper.loop(Looper.java:158)
                                                  at android.os.HandlerThread.run(HandlerThread.java:61)

I have tried defining a custom permission in a number of ways, initially in only the handheld manifest and then in both manifests, as well as trying different protection levels, normal, signature, signatureOrSystem. I even verified that the permission was successfully granted to my wearable by running the dumpsys command;

declared permissions:
  com.mypackage.android.WATCHAPP: prot=normal, INSTALLED
requested permissions:
  android.permission.WAKE_LOCK
  com.mypackage.android.WATCHAPP
install permissions:
  com.mypackage.android.WATCHAPP: granted=true
  android.permission.WAKE_LOCK: granted=true

I have applied a data filter to my service however I would like to enforce that only MY app can launch my service and the filter approach doesn't seem sufficient.

Upvotes: 2

Views: 384

Answers (1)

ianhanniballake
ianhanniballake

Reputation: 200050

Your watch app and handheld app never directly talk to one another. All of the Data Layer APIs go through Google Play services (the com.google.android.gms lines of your exception) - first on the Wear side, then on the handheld side.

Given that, it is not possible to add a custom permission that secure the communication over the Data Layer (as the Google Play services app will never add your custom permission).

Upvotes: 1

Related Questions