阿里巴巴Android开发手册
【强制】避免使用隐式 Intent 广播敏感信息,信息可能被其他注册了对应BroadcastReceiver 的 App 接收。
说明:
通过 Context#sendBroadcast()发送的隐式广播会被所有感兴趣的 receiver 接收,恶意应用注册监听该广播的 receiver 可能会获取到 Intent 中传递的敏感信息,并进行其他危险操作。如果发送的广播为使用 Context#sendOrderedBroadcast()方法发送的有序广播,优先级较高的恶意 receiver 可能直接丢弃该广播,造成服务不可用,或者向广播结果塞入恶意数据。
如果广播仅限于应用内,则可以使用 LocalBroadcastManager#sendBroadcast()实现,避免敏感信息外泄和 Intent 拦截的风险
【推荐】对于只用于应用内的广播,优先使用 LocalBroadcastManager 来进行注册和发送,LocalBroadcastManager 安全性更好,同时拥有更高的运行效率。
说明:
对于使用 Context#sendBroadcast()等方法发送全局广播的代码进行提示。如果该广播仅用于应用内,则可以使用 LocalBroadcastManager 来避免广播泄漏以及广播被拦截等安全问题,同时相对全局广播本地广播的更高效
基础概念
1.BroadcastReceiver安全问题
BroadcastReceiver设计的初衷是从全局考虑可以方便应用程序和系统、应用程序之间、应用程序内的通信,所以对单个应用程序而言BroadcastReceiver是存在安全性问题的(恶意程序脚本不断的去发送你所接收的广播)。为了解决这个问题LocalBroadcastManager就应运而生了。
2.LocalBroadcastManager 是V4包中的一个类,主要负责程序内部广播的注册与发送。也就是说,它只是适用代码中注册发送广播,对于在AndroidManifest中注册的广播接收,则不适用。
3.LocalBroadcastManager是Android Support包提供了一个工具,用于在同一个应用内的不同组件间发送Broadcast。LocalBroadcastManager也称为局部通知管理器,这种通知的好处是安全性高,效率也高,适合局部通信,可以用来代替Handler更新UI
4.LocalBroadcastManager注册广播只能通过代码注册的方式。传统的广播可以通过代码和xml两种方式注册。
5.LocalBroadcastManager注册广播后,一定要记得取消监听。这一步可以有效的解决内存泄漏的问题。
6.LocalBroadcastManager所发送的广播action,只能与注册到LocalBroadcastManager中BroadcastReceiver产生互动
LocalBroadcastManager用法
1.LocalBroadcastManager对象的创建
LocalBroadcastManager localBroadcastManager = LocalBroadcastManager.getInstance( this ) ;
2.注册广播接收器
LocalBroadcastManager.registerReceiver( broadcastReceiver , intentFilter );
3.发送广播
LocalBroadcastManager.sendBroadcast( intent ) ;
4.取消注册广播接收器
LocalBroadcastManager.unregisterReceiver( broadcastReceiver );
源码分析
源码路径:
/frameworks/support/core-utils/java/android/support/v4/content/LocalBroadcastManager.java
public final class LocalBroadcastManager { //内部类ReceiverRecord,保存IntentFilter和BroadcastReceiver private static class ReceiverRecord { final IntentFilter filter; final BroadcastReceiver receiver; boolean broadcasting; ReceiverRecord(IntentFilter _filter, BroadcastReceiver _receiver) { filter = _filter; receiver = _receiver; } @Override public String toString() { StringBuilder builder = new StringBuilder(128); builder.append("Receiver{"); builder.append(receiver); builder.append(" filter="); builder.append(filter); builder.append("}"); return builder.toString(); } } private static class BroadcastRecord { final Intent intent; final ArrayList<ReceiverRecord> receivers; BroadcastRecord(Intent _intent, ArrayList<ReceiverRecord> _receivers) { intent = _intent; receivers = _receivers; } } private static final String TAG = "LocalBroadcastManager"; private static final boolean DEBUG = false; private final Context mAppContext; private final HashMap<BroadcastReceiver, ArrayList<IntentFilter>> mReceivers = new HashMap<BroadcastReceiver, ArrayList<IntentFilter>>(); private final HashMap<String, ArrayList<ReceiverRecord>> mActions = new HashMap<String, ArrayList<ReceiverRecord>>(); private final ArrayList<BroadcastRecord> mPendingBroadcasts = new ArrayList<BroadcastRecord>(); static final int MSG_EXEC_PENDING_BROADCASTS = 1; private final Handler mHandler; private static final Object mLock = new Object(); private static LocalBroadcastManager mInstance; //单例模式的做法,并且把外部传进来的Context 转化成了ApplicationContext,有效的避免了当前Context的内存泄漏的问题 public static LocalBroadcastManager getInstance(Context context) { synchronized (mLock) { if (mInstance == null) { mInstance = new LocalBroadcastManager(context.getApplicationContext()); } return mInstance; } } private LocalBroadcastManager(Context context) { mAppContext = context; //构造函数中创建了Handler,使用的getMainLooper是主线程的消息队列,所以避免耗时操作 mHandler = new Handler(context.getMainLooper()) { @Override public void handleMessage(Message msg) { switch (msg.what) { //收到MSG_EXEC_PENDING_BROADCASTS,调用函数处理广播 case MSG_EXEC_PENDING_BROADCASTS: executePendingBroadcasts(); break; default: super.handleMessage(msg); } } }; } public void registerReceiver(BroadcastReceiver receiver, IntentFilter filter) { synchronized (mReceivers) { ReceiverRecord entry = new ReceiverRecord(filter, receiver); ArrayList<IntentFilter> filters = mReceivers.get(receiver); if (filters == null) { filters = new ArrayList<IntentFilter>(1); mReceivers.put(receiver, filters); } filters.add(filter); for (int i=0; i<filter.countActions(); i++) { String action = filter.getAction(i); ArrayList<ReceiverRecord> entries = mActions.get(action); if (entries == null) { entries = new ArrayList<ReceiverRecord>(1); mActions.put(action, entries); } entries.add(entry); } } } public void unregisterReceiver(BroadcastReceiver receiver) { synchronized (mReceivers) { ArrayList<IntentFilter> filters = mReceivers.remove(receiver); if (filters == null) { return; } for (int i=0; i<filters.size(); i++) { IntentFilter filter = filters.get(i); for (int j=0; j<filter.countActions(); j++) { String action = filter.getAction(j); ArrayList<ReceiverRecord> receivers = mActions.get(action); if (receivers != null) { for (int k=0; k<receivers.size(); k++) { if (receivers.get(k).receiver == receiver) { receivers.remove(k); k--; } } if (receivers.size() <= 0) { mActions.remove(action); } } } } } } //根据Intent的信息,匹配出对应的BroadcastReceiver,然后用BroadcastReceiver构造出BroadcastRecord对象,并发送消息,触发主线程进行处理 public boolean sendBroadcast(Intent intent) { synchronized (mReceivers) { //首先解析出Intent中携带的信息 final String action = intent.getAction(); final String type = intent.resolveTypeIfNeeded( mAppContext.getContentResolver()); final Uri data = intent.getData(); final String scheme = intent.getScheme(); final Set<String> categories = intent.getCategories(); final boolean debug = DEBUG || ((intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0); if (debug) Log.v( TAG, "Resolving type " + type + " scheme " + scheme + " of intent " + intent); //根据Action取出所有初步匹配的ReceiverRecord,其中包含IntentFilter和BroadcastReceiver ArrayList<ReceiverRecord> entries = mActions.get(intent.getAction()); if (entries != null) { if (debug) Log.v(TAG, "Action list: " + entries); ArrayList<ReceiverRecord> receivers = null; for (int i=0; i<entries.size(); i++) { ReceiverRecord receiver = entries.get(i); if (debug) Log.v(TAG, "Matching against filter " + receiver.filter); if (receiver.broadcasting) { if (debug) { Log.v(TAG, " Filter's target already added"); } continue; } //利用IntentFilter的接口进行完整的匹配 int match = receiver.filter.match(action, type, scheme, data, categories, "LocalBroadcastManager"); if (match >= 0) { if (debug) Log.v(TAG, " Filter matched! match=0x" + Integer.toHexString(match)); if (receivers == null) { receivers = new ArrayList<ReceiverRecord>(); } //匹配成功后,将receiver加入到receivers中,并将broadcasting标志置为true receivers.add(receiver); receiver.broadcasting = true; } else { if (debug) { String reason; switch (match) { case IntentFilter.NO_MATCH_ACTION: reason = "action"; break; case IntentFilter.NO_MATCH_CATEGORY: reason = "category"; break; case IntentFilter.NO_MATCH_DATA: reason = "data"; break; case IntentFilter.NO_MATCH_TYPE: reason = "type"; break; default: reason = "unknown reason"; break; } Log.v(TAG, " Filter did not match: " + reason); } } } if (receivers != null) { for (int i=0; i<receivers.size(); i++) { receivers.get(i).broadcasting = false; } //最后,构造BroadcastRecord,并加入到mPendingBroadcasts中 mPendingBroadcasts.add(new BroadcastRecord(intent, receivers)); //若主线程队列中没有MSG_EXEC_PENDING_BROADCASTS,则发送该消息 if (!mHandler.hasMessages(MSG_EXEC_PENDING_BROADCASTS)) { mHandler.sendEmptyMessage(MSG_EXEC_PENDING_BROADCASTS); } return true; } } } return false; } public void sendBroadcastSync(Intent intent) { if (sendBroadcast(intent)) { executePendingBroadcasts(); } } private void executePendingBroadcasts() { while (true) { BroadcastRecord[] brs = null; synchronized (mReceivers) { final int N = mPendingBroadcasts.size(); if (N <= 0) { return; } brs = new BroadcastRecord[N]; mPendingBroadcasts.toArray(brs); mPendingBroadcasts.clear(); } for (int i=0; i<brs.length; i++) { BroadcastRecord br = brs[i]; for (int j=0; j<br.receivers.size(); j++) { //回调BroadcastReceiver的onReceive函数 //从这里可以看出,无论在什么线程利用LocalBroadcastManager注册BroadcastReceiver //BroadcastReceiver的onReceive函数均在主线程被回调 //这与普通广播的处理相似 br.receivers.get(j).receiver.onReceive(mAppContext, br.intent); } } } } }
源码分析总结:
1.在获取LocalBroadcastManager对象实例的时候,这里用了单例模式。并且把外部传进来的Context 转化成了ApplicationContext,有效的避免了当前Context的内存泄漏的问题。这一点我们在设计单例模式框架的时候是值得学习的,看源码可以学习到很多东西。
2.在LocalBroadcastManager构造函数中创建了一个Handler.可见 LocalBroadcastManager 的本质上是通过Handler机制发送和接收消息的。
3.在创建Handler的时候,用了 context.getMainLooper() , 说明这个Handler是在Android 主线程中创建的,广播接收器的接收消息的时候会在Android 主线程,所以我们决不能在广播接收器里面做耗时操作,以免阻塞UI。
2018年开通了个人微信公众号,后面将持续在公众号上发布技术,管理,职业规划,生活趣事等文章,欢迎关注!
参考:
Android LocalBroadcastManager 的使用总结
http://www.cnblogs.com/zhaoyanjun/p/6048369.html
Android编程之LocalBroadcastManager源码详解
http://blog.csdn.net/xyz_fly/article/details/18970569
Android中LocalBroadcastManager的基本用法及源码分析
http://blog.csdn.net/gaugamela/article/details/56671312
Android接收广播阻塞解决和优先级的问题
http://www.cnblogs.com/lijunamneg/p/5859662.html