Issue using android:protectionLevel="signature"

Question

I am trying to prevent applications from binding to a Service if they are not signed with the same certificate as the containing application. For this I have declared a new permission in the manifest (of the application containing the Service) by using a element and set the protectionLevel of the new permission to Signature as shown.

<permission android:name="jp.co.abc.android.OMRSSettings.permission.Access"
android:protectionLevel="signature"></permission>

<uses-permission android:name="jp.co.abc.android.OMRSSettings.permission.Access"/>

Then, in the manifest declaration for the Service,I use an android:permission attribute so that this new permission is required to bind to the Service.

<service android:name="jp.co.xyz.bluetooth.profile.TIPServer"
 android:permission="jp.co.abc.android.OMRSSettings.permission.Access" >
<intent-filter>
<action android:name="jp.co.xyz.bluetooth.api.ICommonResultCallback" />
<action android:name="jp.co.xyz.bluetooth.api.ITimeServer" />
</intent-filter>

I try to access this service from another application. In the manifest of this second application, I add the <uses-permission android:name="jp.co.abc.android.OMRSSettings.permission.Access"/> and try to bind to the service of the first application.

But I get the following exception.

01-02 00:06:54.531: INFO/PowerManagerService(425): Start Light.setBrightness(), [20],  [3]
01-02 00:06:56.473: INFO/PowerManagerService(425): Start Light.setBrightness(), [130], [3]
01-02 00:06:58.055: WARN/dalvikvm(4956): threadid=1: thread exiting with uncaught exception (group=0x40b70390)
01-02 00:06:58.055: WARN/ActivityManager(425): Permission Denial: Accessing service ComponentInfo{jp.co.abc.android.omrsettings/jp.co.xyz.bluetooth.profile.TIPServer} from   pid=4956, uid=10158 requires jp.co.abc.android.OMRSSettings.permission.Access
01-02 00:06:58.065: ERROR/AndroidRuntime(4956): FATAL EXCEPTION: main
java.lang.SecurityException: Not allowed to bind to service Intent {     act=jp.co.xyz.bluetooth.api.ITimeServer }
at android.app.ContextImpl.bindService(ContextImpl.java:1187)
at android.content.ContextWrapper.bindService(ContextWrapper.java:370)
at jp.co.abc.middleware.tip.LeTimeServerProfile.startTimeServer(LeTimeServerProfile.java:45)
at jp.co.abc.tip.TimeActivity.onClick(TimeActivity.java:49)
at android.view.View.performClick(View.java:3511)
at android.view.View$PerformClick.run(View.java:14133)
at android.os.Handler.handleCallback(Handler.java:605)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:4507)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:787)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:554)
at dalvik.system.NativeStart.main(Native Method)
01-02 00:06:58.095: WARN/ActivityManager(425): Force finishing activity      jp.co.abc.tip/.TimeActivity

Can someone please let me know why I have permission issues though I correctly declare <uses-permission android:name="jp.co.abc.android.OMRSSettings.permission.Access"/> in the manifest of my second app.

Any help is much appreciated.

EDIT

Modified to include the correction lenik suggested in his answer.

Answer 1

In addition to lenik's solution of not messing up your permission names, with your current implementation, installation order matters. You have to install the service first (where the <permission> is defined), before you install the client. Otherwise, the client will not receive the permission, since Android will ignore a <uses-permission> for a permission that it does not recognize. If you put the <permission> element in both apps (with the same values), the installation order will no longer matter.