File: UnsafeIntentLaunchViolation.java

package info (click to toggle)
android-platform-frameworks-base 1%3A14~beta1-3
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 326,092 kB
  • sloc: java: 2,032,373; xml: 343,016; cpp: 304,181; python: 3,683; ansic: 2,090; sh: 1,871; makefile: 117; sed: 19
file content (68 lines) | stat: -rw-r--r-- 2,795 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.os.strictmode;

import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.PendingIntent;
import android.content.Intent;
import android.net.Uri;

import java.util.Objects;

/**
 * Violation raised when your app launches an {@link Intent} which originated
 * from outside your app.
 * <p>
 * Violations may indicate security vulnerabilities in the design of your app,
 * where a malicious app could trick you into granting {@link Uri} permissions
 * or launching unexported components. Here are some typical design patterns
 * that can be used to safely resolve these violations:
 * <ul>
 * <li>The ideal approach is to migrate to using a {@link PendingIntent}, which
 * ensures that your launch is performed using the identity of the original
 * creator, completely avoiding the security issues described above.
 * <li>If using a {@link PendingIntent} isn't feasible, an alternative approach
 * is to create a brand new {@link Intent} and carefully copy only specific
 * values from the original {@link Intent} after careful validation.
 * </ul>
 * <p>
 * Note that this <em>may</em> detect false-positives if your app sends itself
 * an {@link Intent} which is first routed through the OS, such as using
 * {@link Intent#createChooser}. In these cases, careful inspection is required
 * to determine if the return point into your app is appropriately protected
 * with a signature permission or marked as unexported. If the return point is
 * not protected, your app is likely vulnerable to malicious apps.
 */
public final class UnsafeIntentLaunchViolation extends Violation {
    private transient Intent mIntent;

    public UnsafeIntentLaunchViolation(@NonNull Intent intent) {
        super("Launch of unsafe intent: " + intent);
        mIntent = Objects.requireNonNull(intent);
    }

    /**
     * Return the {@link Intent} which caused this violation to be raised. Note
     * that this value is not available if this violation has been serialized
     * since intents cannot be serialized.
     */
    @SuppressWarnings("IntentBuilderName")
    public @Nullable Intent getIntent() {
        return mIntent;
    }
}