Slide 39
Slide 39 text
Validate caller package
@Override
public BrowserRoot onGetRoot(String packageName, int uid, Bundle rootHints) {
LogHelper.d(TAG, "OnGetRoot: clientPackageName=" + packageName,
"; clientUid=" + uid + " ; rootHints=", rootHints);
// To ensure you are not allowing any arbitrary app to browse your app's
contents, you need to check the origin:
if (!mPackageValidator.isCallerAllowed(this, packageName, uid)) {
// If the request comes from an untrusted package, return null.
LogHelper.w(TAG, "OnGetRoot: IGNORING request from untrusted package "
+ packageName);
return null;
}
return new BrowserRoot(Const.MEDIA_ID_ROOT, null);
}
MyMediaBrowserService.java