Package 

Class SecurityPolicy

  • @CheckReturnValue() 
public abstract class SecurityPolicy

    Decides whether a given Android UID is authorized to access some resource. While it's possible to extend this class to define your own policy, it's strongly recommended that you only use the policies provided by the SecurityPolicies or UntrustedSecurityPolicies classes. Implementing your own security policy requires significant care, and an understanding of the details and pitfalls of Android security.

    IMPORTANT For any concrete extensions of this class, it's assumed that the authorization status of a given UID will not change as long as a process with that UID is alive.

    In order words, we expect the security policy for a given transport to remain constant for the lifetime of that transport. This is considered acceptable because no transport will survive the re-installation of the applications involved.

    • Method Summary

      Modifier and Type Method Description
      abstract Status checkAuthorization(int uid) Decides whether the given Android UID is authorized.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • checkAuthorization

         abstract Status checkAuthorization(int uid)

        Decides whether the given Android UID is authorized. (Validity is implementation dependent).

        IMPORTANT: This method may block for extended periods of time.

        As long as any given UID has active processes, this method should return the same value forthat UID. In order words, policy changes which occur while a transport instance is active, willhave no effect on that transport instance.

        Parameters:
        uid - The Android UID to authenticate.