INTENTS AND PERMISSIONSRoberto Beraldi

Intents and openness• Android is an ‘open’ software system

• This means:

• Android source code is available (AOSP)

• Software components (e.g., Activity) can be installed in the device and activated (also indirectly) by already installed components (without changing them)

• A software component can activate another component without knowing where it is installed, its name, etc.

Intenet: base case

‘INTENT BUS’ (Android System)

ActivityA

ActivityB

Same package

A creates an Intent destined to BA starts activity B

Intenet: base case

1. A Creates the intent and calls startActivity with a reference to B2. The ‘android system’ checks if such an Activity is installed3. The ‘android system’ calls the B’s onCreate method

General activation rule• An android software component is always «activated»

from another software component

• An application is also initiated from another applicationcalled the luncher (home screen)

• The underlying activation mechamism is based on the notion of Intent

• An intent may be seen as an asynchronous message w or w/o designated target

Intents• An intents is like a messages that activates another

software component

• Conceptually, it has a target(s) and a body (containing data and metadata)

• An intent may also describe an abstract description of an operation to be performed

Intents and filters• An Intent can be

• explicit when the target of the intent is declared inside the intent

• implicit : the intent just specifies the action the component should provide

• Software components declare the action they can perform inside their intent-filters tag in the manifest file

Pending intents and broadcast intents• An intent can also be pending , meaning that some

component will be activated in the future (e.g., notification)

• It can be broadcast when it announces something to all (see broadcast receivers)

Intents and actions• There are a lot of predefined actions (unicast or bcast)

• User can define new actions

• An app may be not allowed to generate some specific action as they are reserved to the system

Intents: classification

Intent

Unicast

Broadcast

target)

Explicit(spefictarget)

an action)

Implicit(specifiesan action)

Start an ActivityStart a ServiceData access (content prov)

No target found� errorOnly one target � startedMany targets�user choice

Processed byBrodcast ReceiversGenerated by the system

Pending Used as a notificationCan launch an activity in the future

Intent Fields (primary attributes)• Action:

• a string representing the operation• For example: «android.intent.action.MAIN » (if it goes in the manifest

file)• Referred symbolically in the code as Intent.ACTION_MAIN

• Data: • A URI that references data to operate on (scheme://authority/path)

• For example: content://contacts/people/1 � Display information about the person whose identifier is "1"

Intent Fields (secondary attributes)• Category:

• A string representing additional information about the component that can manage the intent• For example: «android.intent.category.LAUNCHER »• Symbolically ad Intent.CATEGORY_LAUNCHER

• Type:• Specicies the MIME type of the intent data

• Component• The name of the component to start (used when the component that can

handle the intent is known).

• Extras• Key-value pairs (i.e., a bundle) to carry additional information required to

perform the requested action• For example, if the action it to send an e-mail message, one could also include extra

pieces of data here to supply a subject, body, etc.

Explicit intent • Activities are independent from each other and interact

through Intents

• The explicit intent targets one specific activity, for example just to change the screen

• The two activities must reside in the same package and declared into the manifest file

Example

Starting an activity and getting results • Allows to call an activity and get results• The calling Activity will not wait (asynchronous interaction)• The called activity will issue setResult method call• This causes the onActivityResult method of the calling

activity to be executed

Starting an activity and getting results

Activity1 Activity2

Create an Intent

onActivityResult

StartActivityForResult

setResult

ActivityCalls(demo)

Passing data to the new activity• When an Activity A has to pass some data to anohter

activity it needs to set extra fields in the intent object

Passing data via a bundle

Activity2

Passing data via a bundle • In the example, data are just echoed back to the caller• The called activity gets the intent via getIntent method • The called activity sets no screen and it is immediately

finished

OtherActivity

Implicit intents

• The Intent doesn’t specify the Activity to start, but only an “Action”• There are several predefined actions in the ‘system’ to choose from

• A user can define its own action as well• Intents declares their ability to perform actions in the manifest file

Activity Main

OtherActivity

Implicit intent resolution• Action Test

• The Intent’s action must be declared in the intent-filter

• Category Test• All the categories of the Intent must be declared in the intent-filter,

not vice versa

• Data Test• The data scheme must be declared in intent-filter

• If there are many Activities that can perform the required action, then the user needs to select one

Example

• In this example, the system proposes all the installed application that declares to be able to respond to the MAIN action

Example of system defined actions

Example• Select a contact from the contact list • Show the contact ID on the screen and view the details

Example of action/data pairs

Example: placing a call

Same as

Example: sending sms

Example: sending an email

• The are two activities in the device that can perform the action

• The user needs to select one• Can set the choice as the default

Another example: showing settings

Starting an activity in another package

• Activity A (in package PA) wants to call Activity B (in package PB). How to do that?

• Activity B defines an intent-filter containing a custom action and DEFAULT category

• Activity A creates an intent with the custom action and call startActivity

• Do the activities run inside the same process?• No, they run as two different separate users.

Activity A

Starting an activity in another package

Activity Anew

Intent(‘a.b.c.d’)

Package PA

Activity AActivity B

<intent-filer>a.b.c.d

Package PB

Activity Manager

Starting an activity into another package

‘INTENT BUS’ (Android System)

ActivityA

ActivityB

Package A Package B

ActityManager (demo)

Sending intent from adb

C:\Users\roberto\AppData\Local\Android\sdk\platform-tools>adb shell am start –a android.intent.action.VIEW* daemon not running. starting it now on port 5037 ** daemon started successfully *Starting: Intent { act=android.intent.action.VIEW }

Sending intent from the adb• adb shell am start –a android.intent.action.VIEW –d

"http://developer.android.com"• Starting: Intent { act=android.intent.action.VIEW

dat=http://developer.android.com }

• adb shell am start –a android.intent.action.VIEW -d "geo:42,12"• Starting: Intent { act=android.intent.action.VIEW dat=geo:42,12 }

Example: Using maps • It is possible to show google maps or getting driving

directions very easily

• intent.setAction(Intent.ACTION_VIEW);intent.setData(Uri.parse("geo:42,12 "));

• intent.setAction(Intent.ACTION_VIEW);intent.setData(Uri.parse("http://maps.google.com/maps?sadd=42.12,10.2&daddr=42.12,10.11 "));

•

Exercise • Write a simple activity for typing a phone number and then

place the call

PendingIntents• They specify an action to take in the future• The application that will execute that Intent will have the

same permissions as the sending application, whether or not such application is still around when the Intent is eventually invoked.

• For example used in notification

Notication (demo)

Broadcast intents and receivers

The action specifies that an event is occurred

Broadcast Receiver• It’s a software component that reacts to system-wide

events (in the form bcast action)• A receiver has to register to specific intents

Registering Broadcast receivers• Registration to receive bcast intent can be done

• Statically (through XML, e.g., <receiver> tag)

• Dynamically (from an activity). Called in the UI thread..

• Statically registered receivers reamin dormant and respond to the intent

• Dynamically registered event are alive as long as the registering activity is alive

• Subscription to some events can only be done dynamically(e.g., TIME_TICK – this is to avoid battery drain)

BroadcastReceiver (demo)• Register to the TIME_TICK event• Warning: the registration can only be done dynamically

from the code. Also, for security reason it cannot be generated (sendBroadcast(…))

when the time changes a toast is displayedUseful for example to perform polling…

Example of Broadcast receiver• BOOT_COMPLETED:

• Warning: RECEIVE_BOOT_COMPLETED permission is required

• The receiver could for example generate a usernotification, start an activity or a service

Permissions• It is a way to protect system functionalities

• Up to android 5.0 (API level 22) or lower, the app requests permissions from the user at installation time

• Users either accept all the permissions or not (all-or-nothing model)• Security Issue

• <uses-permission android:name=“…..’/>

Pemission Levels• Normal

• Automatically granted by the system

• Dangerous• Granted by the user

• Signature• Granted by the system if the app requiring the permission is signed

with the same key declared in the permission, i.e., the app isdeveloped by the same entity

• Signature/System• Used by manufacters (not of interests)

Dangerous permission (granted by users)

Dynamic permissions• If the device is running Android 6.0 (API level 23) or higher, and

the app's targetSdkVersion is 23 or higher, the app requests permissions from the user at run-time .

• The user can revoke the permissions at any time, so the app needs to check whether it has the permissions every time it runs.

• This is done from “Settings”

Dynamic permission flow

PermissionGranted?

yes

do protectedoperation

no

Requestpermission

«wait»RequestPermission

result

First time?

yes

no

Continue without

Protectedoperation

Explain whypermission is

important

granted?

yes

Example

time

Example• If user selects DENY and checks «don’t ask me again», • The permission can be granted only from

• Settings�Apps�AppName�Permissions

Use of Permissions• Use of a permission (at run-time)

• <uses-permission> tag

• Restrict the access to a software component, i.e., the caller must hold the permission

• Activity, Services, Content providers: a security exceptionis thrown

• Broadcast receivers: no exception (intent is just notdelivered)

How permissions are implemented?• Each app runs as a user and receives a UID and a GID• Each permission is associated to a different group

• For example ACCESS_FINE_LOCATION has GID=Location

• When a permission is granted for an app, the system willassign a supplumentary GID corresponding to the permissions• An app may belong to many groups

Activity B

Example

Intent ‘bus’

Activity A ServiceBroadcastReceiver

NotificationService

Examples:1. Activity A launches Activity B2. Activity A launches a Service (see future lectures)3. Activity A wants to perform an action on some data (i.e., contacts via Activity C)4. An activity wants to notify something to the user (icon in the notification bar)5. System notifies some event to ‘all’ (for example, TIME_TICK)

For security reason: It’s better to start a service explicitally, i.e. not using filters(see official documentation)

Activity C

Content provider