안드로이드 개발사이트에서 아래 내용이 있습니다. 참고하세요 !
Using binder and messenger interfaces
Using Binder
or Messenger
is the preferred mechanism for RPC-style IPC in Android. They provide a well-defined interface that enables mutual authentication of the endpoints, if required.
We strongly encourage designing interfaces in a manner that does not require interface specific permission checks. Binder
and Messenger
objects are not declared within the application manifest, and therefore you cannot apply declarative permissions directly to them. They generally inherit permissions declared in the application manifest for the Service
or Activity
within which they are implemented. If you are creating an interface that requires authentication and/or access controls, those controls must be explicitly added as code in the Binder
or Messenger
interface.
If providing an interface that does require access controls, use checkCallingPermission()
to verify whether the caller has a required permission. This is especially important before accessing a service on behalf of the caller, as the identify of your application is passed to other interfaces. If invoking an interface provided by a Service
, the bindService()
invocation may fail if you do not have permission to access the given service. If calling an interface provided locally by your own application, it may be useful to use the clearCallingIdentity()
to satisfy internal security checks.
For more information about performing IPC with a service, see Bound Services