Reputation: 31
Using the Android 12 knownSigner protection level flag
so I basically want to explicitly give another app the permission to access my broadcast receiver via the signature|knownSigner protection level.
I am running Android 12.0 (S) API 31 using Android SDK Build-Tools 33-rc4 with the following android attribute in my build.gradle:
android {
compileSdk 31
defaultConfig {
applicationId "com.example.app"
minSdk 31
targetSdk 31
versionCode 1
versionName "1.0"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
}
According to these sources
- https://developer.android.com/guide/topics/manifest/permission-element
- https://developer.android.com/reference/android/R.attr#protectionLevel
- https://developer.android.com/reference/android/R.attr#knownCerts
- https://developer.android.com/about/versions/12/features#safer-grant-signature-perms
I defined the permission in my apps AndroidManifest.xml as
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app">
<permission android:name="com.example.app.permission.MY_PERMISSION"
android:protectionLevel="signature|knownSigner"
android:knownCerts="3a71b28418ed0ad6280d3e6639d29dcd654a42e441e60585607391ccdf1f25c8"/>
...
</manifest>
Now when trying to build the app, the validation for the AndroidManiest.xml fails with:
Invalid value for attribute permission#com.example.app.permission.MY_PERMISSION@protectionLevel at AndroidManifest.xml:6:9-56, value=(signature|knownSigner), acceptable delimiter-separated values are (normal|dangerous|signature|signatureOrSystem|privileged|system|development|appop|pre23|installer|verifier|preinstalled|setup|ephemeral|instant|runtime|oem|vendorPrivileged|textClassifier|wellbeing|documenter|configurator|incidentReportApprover|appPredictor|companion|retailDemo)
So I am wondering how to properly implement the knownSigner protection level flag.
Can somebody help?
Thanks!
Upvotes: 3
Views: 1659
Answers (1)
Reputation: 21
Yes, this has been a problem for the last year. But now, it seems that an update has been released that fixes this behavior.
https://issuetracker.google.com/issues/209652486
Upvotes: 2
Related Questions
- NDK application Signature Check
- Acquiring Android Permission with Signature Protection Level
- systemOrSignature protection level
- Android Security application signing
- Android registering security provider
- signatureOrSystem protection level in Android Studio
- Regarding Android Permissions and Signature Protection level
- Acquire "signature" permissionlevel on Android
- Issue using android:protectionLevel="signature"
- Does protectionLevel "signature" work properly with Android debug keys?