Update

Author: AlanCheen

aidlmodule/src/main/aidl/me/yifeiyuan/aidl/server/Callback.aidl

@@ -0,0 +1,10 @@
+// Callback.aidl
+package me.yifeiyuan.aidl.server;
+
+// Declare any non-default types here with import statements
+
+interface Callback {
+
+    void onCallback(String data);
+
+}

aidlmodule/src/main/aidl/me/yifeiyuan/aidl/server/IServer.aidl

@@ -2,12 +2,12 @@ package me.yifeiyuan.aidl.server;
 
 import me.yifeiyuan.aidl.server.Account;
 import me.yifeiyuan.aidl.server.ParcelableTest;
-
+import me.yifeiyuan.aidl.server.Callback;
 
 //对应的实现是 Server
 interface IServer {
 
-    boolean connectServer(String token);
+    boolean connectServer(String token,Callback cb);
 
     Account getAccountByName(String name);
 

app/src/main/AndroidManifest.xml

@@ -2,6 +2,18 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="me.yifeiyuan.hf.aidl">
 
+    <permission
+        android:name="com.taobao.taobao.storage.WRITE"
+        android:protectionLevel="normal"
+        />
+    <uses-permission android:name="com.taobao.taobao.storage.WRITE" />
+
+<!--    <permission-->
+<!--        android:name="com.taobao.taobao.ACCESS_STORAGE"-->
+<!--        android:protectionLevel="normal" />-->
+
+<!--    <uses-permission android:name="com.taobao.taobao.ACCESS_STORAGE" />-->
+
     <application
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
@@ -14,15 +26,19 @@
         <service
             android:name=".MyService"
             android:enabled="true"
-            android:exported="true">
+            android:exported="true"
+            >
             <intent-filter>
                 <action android:name="me.yifeiyuan.hf.aidl.MyService" />
             </intent-filter>
         </service>
         <service
             android:name=".Server"
             android:enabled="true"
-            android:exported="true">
+            android:exported="true"
+            android:process=":server"
+            >
+<!--            android:permission="com.taobao.taobao.storage.WRITE"-->
             <intent-filter>
                 <action android:name="me.yifeiyuan.hf.aidl.Server.Action" />
             </intent-filter>

app/src/main/java/me/yifeiyuan/hf/aidl/MainActivity.kt

@@ -49,7 +49,10 @@ class MainActivity : AppCompatActivity() {
     }
 
     fun bindService(view: View) {
-        bindService(Intent(this, RemoteService::class.java), connection, BIND_AUTO_CREATE)
+        val result =
+            bindService(Intent(this, RemoteService::class.java), connection, BIND_AUTO_CREATE)
+
+        Log.d(TAG, "bindService: $result")
     }
 
     fun testMessenger(view: View) {

app/src/main/java/me/yifeiyuan/hf/aidl/Server.kt

@@ -2,26 +2,62 @@ package me.yifeiyuan.hf.aidl
 
 import android.app.Service
 import android.content.Intent
+import android.content.pm.PackageManager
+import android.os.Binder
 import android.os.IBinder
+import android.os.Process
+import android.text.TextUtils
 import android.util.Log
 import me.yifeiyuan.aidl.server.Account
+import me.yifeiyuan.aidl.server.Callback
 import me.yifeiyuan.aidl.server.IServer
 import me.yifeiyuan.aidl.server.ParcelableTest
+import java.security.Permission
 
 //IServer 的服务端实现
 class Server : Service() {
 
     private val TAG = "Server"
 
+    var callback: Callback? = null
+
     private val server: IServer = object : IServer.Stub() {
 
-        override fun connectServer(token: String?): Boolean {
+        override fun connectServer(token: String?, cb: Callback?): Boolean {
             Log.d(TAG, "connectServer() called with: token = $token")
 
+            val permission = checkCallingPermission("com.taobao.taobao.storage.WRITE")
+            Log.d(TAG, "connectServer: permission = $permission")
+
+            Log.d(
+                TAG,
+                "connectServer() called with calling info: ${Binder.getCallingPid()},${Binder.getCallingUid()},${Binder.getCallingUserHandle()},"
+            )
+
+            Log.d(
+                TAG,
+                "connectServer() called with my info: ${Process.myPid()},${Process.myUid()},${Process.myTid()},"
+            )
+
+            var callerPackageName: String? = null
+            packageManager.getPackagesForUid(Binder.getCallingUid())?.forEach {
+                Log.d(TAG, "connectServer() called with pkgs: ${it},")
+                callerPackageName = it
+            }
+
+            Log.d(TAG, "connectServer() called with getNameForUid: ${packageManager.getNameForUid(Binder.getCallingUid())},")
+
+            if (TextUtils.isEmpty(callerPackageName) || whitePackageNameList.indexOf(callerPackageName) < 0) {
+                // 非法访问
+                Log.d(TAG, "connectServer() called callerPackageName 非法")
+//            return null
+            }
+
+            callback = cb
+            callback?.onCallback("callback data")
             if (token.equals("client")) {
                 return true
             }
-
             return false
         }
 
@@ -69,8 +105,60 @@ class Server : Service() {
             Log.d(TAG, "testThread() called with thread : ${Thread.currentThread().name}")
         }
     }
+    val whitePackageNameList = mutableListOf<String>("me.yifeiyuan.hf.aidl","me.yifeiyuan.hf.clientapp")
+
+    override fun onBind(intent: Intent): IBinder? {
+
+        Log.d(
+            TAG,
+            "onBind() called with calling info: ${Binder.getCallingPid()},${Binder.getCallingUid()},${Binder.getCallingUserHandle()},"
+        )
+
+        Log.d(
+            TAG,
+            "onBind() called with my info: ${Process.myPid()},${Process.myUid()},${Process.myTid()},"
+        )
+
+        if (Binder.getCallingUid() == Process.myUid()) {
+            Log.d(TAG, "onBind() called uid 合法")
+        }
+
+        if (Binder.getCallingPid() == Process.myPid()) {
+            Log.d(TAG, "onBind() called pid 合法")
+        }
+
+        if (packageManager.checkSignatures(Binder.getCallingUid(), Process.myUid()) == PackageManager.SIGNATURE_MATCH) {
+            Log.d(TAG, "onBind() called 签名信息 合法")
+        }
+
+        var callerPackageName: String? = null
+        packageManager.getPackagesForUid(Binder.getCallingUid())?.forEach {
+            Log.d(TAG, "onBind() called with pkgs: ${it},")
+            callerPackageName = it
+        }
+
+        Log.d(TAG, "onBind() called with getNameForUid: ${packageManager.getNameForUid(Binder.getCallingUid())},")
+
+        if (TextUtils.isEmpty(callerPackageName) || whitePackageNameList.indexOf(callerPackageName) < 0) {
+            // 非法访问
+            Log.d(TAG, "onBind() called callerPackageName 非法")
+//            return null
+        }
+
+        if (Binder.getCallingPid() != Process.myPid()) {
+            Log.d(TAG, "onBind() called pid 非法")
+//            return null
+        }
+
+        //onbind 的时候不是
+        // 权限校验
+        val permission = checkCallingOrSelfPermission("com.taobao.taobao.storage.WRITE")
+        Log.d(TAG, "onBind: permission = $permission")
+        if (permission != PackageManager.PERMISSION_GRANTED) {
+            Log.d(TAG, "onBind() called 权限非法")
+//            return null
+        }
 
-    override fun onBind(intent: Intent): IBinder {
         Log.d(TAG, "onBind() called with: intent = $intent")
         return server.asBinder()
     }

clientapp/src/main/AndroidManifest.xml

@@ -4,6 +4,10 @@
 
 <!--    <uses-permission android:name="me.yifeiyuan.hf.aidl.Server" />-->
 
+    <uses-permission android:name="com.taobao.taobao.storage.WRITE" />
+
+<!--    <uses-permission android:name="com.taobao.taobao.ACCESS_STORAGE" />-->
+
     <application
         android:allowBackup="true"
         android:icon="@mipmap/ic_launcher"