AppAuthenticator

const val PERMISSION_DENIED_NO_MATCH = -3: Int

This is returned by checkCallingAppIdentity and checkCallingAppIdentity when the specified package name does not have any of the expected signing identities for the provided permission.

const val PERMISSION_DENIED_PACKAGE_UID_MISMATCH = -5: Int

This is returned by checkCallingAppIdentity and checkCallingAppIdentity when the specified package name does not belong to the provided calling UID, or if the UID is not provided and the specified package name does not belong to the UID of the calling process as returned by getCallingUid.

const val PERMISSION_DENIED_UNKNOWN_PACKAGE = -4: Int

This is returned by checkCallingAppIdentity and checkCallingAppIdentity when the specified package name does not belong to an app installed on the device.

const val PERMISSION_GRANTED = 0: Int

This is returned by checkCallingAppIdentity and checkCallingAppIdentity when the specified package name has the expected signing identity for the provided permission.

const val SIGNATURE_MATCH = 0: Int

This is returned by checkAppIdentity when the specified package name has the expected signing identity.

const val SIGNATURE_NO_MATCH = -1: Int

This is returned by checkAppIdentity when the specified package name does not have the expected signing identity.

fun checkAppIdentity(packageName: String): Int

Checks the specified packageName has the expected signing identity as specified in the <expected-identity> tag.

This method should be used when an app's signing identity must be verified; for instance before a client connects to an exported service this method can be used to verify that the app comes from the expected developer.

fun checkCallingAppIdentity(packageName: String, permission: String): Int

Checks the specified packageName has the expected signing identity for the provided permission.

This method should be used for verifying the identity of a package when the UID / PID is not available. For instance, this should be used within an activity that was started with startActivityForResult where the package name is available from getCallingPackage. For instances where the calling UID is available but the calling PID is not available, (checkCallingAppIdentity should be preferred.

fun checkCallingAppIdentity(packageName: String, permission: String, uid: Int): Int

Checks the specified packageName running under uid has the expected signing identity for the provided permission.

This method should be used for verifying the identity of a package when the UID is available but the PID is not. For instance, this should be used within an activity that is started with setShareIdentityEnabled set to true; the package name would then be accessible via getLaunchedFromPackage and the UID from getLaunchedFromUid.

fun checkCallingAppIdentity(
    packageName: String,
    permission: String,
    pid: Int,
    uid: Int
): Int

Checks the specified packageName running with pid and uid has the expected signing identity for the provided permission.

This method should be used for verifying the identity of a calling process of an IPC.

java-static fun createFromInputStream(context: Context, xmlInputStream: InputStream): AppAuthenticator

Creates a new AppAuthenticator that can be used to guard resources based on package name / signing identity as well as allow verification of expected signing identities before interacting with other apps on a device using the configuration defined in the provided xmlInputStream.

java-static fun createFromResource(context: Context, xmlResource: @XmlRes Int): AppAuthenticator

Creates a new AppAuthenticator that can be used to guard resources based on package name / signing identity as well as allow verification of expected signing identities before interacting with other apps on a device using the configuration defined in the provided XML resource.

fun enforceAppIdentity(packageName: String): Unit

Enforces the specified packageName has the expected signing identity as declared in the <expected-identity> tag.

This method should be used when an app's signing identity must be verified; for instance before a client connects to an exported service this method can be used to verify that the app comes from the expected developer.

fun enforceCallingAppIdentity(packageName: String, permission: String): Unit

Enforces the specified packageName has the expected signing identity for the provided permission.

This method should be used for verifying the identity of a package when the UID / PID is not available. For instance, this should be used within an activity that was started with startActivityForResult where the package name is available from getCallingPackage. For instances where the calling UID is available but the calling PID is not available, (checkCallingAppIdentity should be preferred.

fun enforceCallingAppIdentity(
    packageName: String,
    permission: String,
    uid: Int
): Unit

Enforces the specified packageName belongs to the provided uid and has the expected signing identity for the permission.

This method should be used for verifying the identity of a package when the UID is available but the PID is not. For instance, this should be used within an activity that is started with setShareIdentityEnabled set to true; the package name would then be accessible via getLaunchedFromPackage and the UID from getLaunchedFromUid.

fun enforceCallingAppIdentity(
    packageName: String,
    permission: String,
    pid: Int,
    uid: Int
): Unit

Enforces the specified packageName belongs to the provided pid / uid and has the expected signing identity for the permission.

This method should be used for verifying the identity of a calling process of an IPC.