Modify S5594(XML - Android): Improve text understandability (APPSEC-134) (#1433)
This commit is contained in:
Loris S
GitHub
parent
73f990a9a0
commit
ffe62c05a5
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"title": "Restrict access to exported components with appropriate permissions",
|
"title": "Exported component access should be restricted with appropriate permissions",
|
||||||
"type": "VULNERABILITY",
|
"type": "VULNERABILITY",
|
||||||
"status": "ready",
|
"status": "ready",
|
||||||
"remediation": {
|
"remediation": {
|
||||||
|
|||||||
@ -1,15 +1,35 @@
|
|||||||
If an Android component is exported and no permissions are defined then other mobile apps can interact with it and perform potential unauthorized actions.
|
Once an Android component has been exported, it can be used by attackers to
|
||||||
|
launch malicious actions and might also give access to other components
|
||||||
|
that are not exported.
|
||||||
|
|
||||||
|
As a result, sensitive user data can be stolen, and components can be launched
|
||||||
|
unexpectedly.
|
||||||
|
|
||||||
For instance, an exported content provider can expose sensitive data, if no permissions are defined, to other mobile apps.
|
For this reason, the following components should be protected:
|
||||||
|
|
||||||
|
* Providers
|
||||||
|
* Activities
|
||||||
|
* Activity-aliases
|
||||||
|
* Services
|
||||||
|
|
||||||
It's highly recommended to implement restrictive permissions on exposed components.
|
To do so, it is recommended to either set `exported` to `false`, add
|
||||||
|
`android:readPermission` and `android:writePermission` attributes, or add a
|
||||||
|
`<permission>` tag.
|
||||||
|
|
||||||
|
**Warning**: When targeting Android versions lower than 12, the presence of intent filters will cause ``++exported++`` to be set to
|
||||||
|
``++true++`` by default.
|
||||||
|
|
||||||
|
If a component must be exported, use a `<permission>` tag and the
|
||||||
|
https://developer.android.com/guide/topics/manifest/permission-element#plevel[protection level]
|
||||||
|
that matches your use case and data confidentiality requirements. +
|
||||||
|
For example, https://developer.android.com/training/sync-adapters[Sync adapters]
|
||||||
|
should use a `signature` protection level to remain both exported **and** protected.
|
||||||
|
|
||||||
== Noncompliant Code Example
|
== Noncompliant Code Example
|
||||||
|
|
||||||
An exported component is vulnerable when read and write permissions are not defined:
|
The following components are vulnerable because permissions are undefined or
|
||||||
|
partially defined:
|
||||||
|
|
||||||
[source,xml]
|
[source,xml]
|
||||||
----
|
----
|
||||||
<provider
|
<provider
|
||||||
@ -27,7 +47,6 @@ An exported component is vulnerable when read and write permissions are not defi
|
|||||||
android:writePermission="com.example.app.WRITE_PERMISSION" /> <!-- Noncompliant: read permission is not defined -->
|
android:writePermission="com.example.app.WRITE_PERMISSION" /> <!-- Noncompliant: read permission is not defined -->
|
||||||
----
|
----
|
||||||
|
|
||||||
With an ``++<intent-filter>++`` the component's attibute ``++android:exported++`` default value is "true":
|
|
||||||
[source,xml]
|
[source,xml]
|
||||||
----
|
----
|
||||||
<activity android:name="com.example.activity.Activity"> <!-- Noncompliant: permissions are not defined -->
|
<activity android:name="com.example.activity.Activity"> <!-- Noncompliant: permissions are not defined -->
|
||||||
@ -42,7 +61,8 @@ With an ``++<intent-filter>++`` the component's attibute ``++android:exported++`
|
|||||||
== Compliant Solution
|
== Compliant Solution
|
||||||
|
|
||||||
|
|
||||||
If the component is not intended to be shared with other apps ``++exported++`` attribute should be set to ``++false++``:
|
If the component's capabilities or data are not intended to be shared with
|
||||||
|
other apps, its ``++exported++`` attribute should be set to ``++false++``:
|
||||||
|
|
||||||
[source,xml]
|
[source,xml]
|
||||||
----
|
----
|
||||||
@ -52,7 +72,7 @@ If the component is not intended to be shared with other apps ``++exported++`` a
|
|||||||
android:exported="false" />
|
android:exported="false" />
|
||||||
----
|
----
|
||||||
|
|
||||||
Otherwise, implement permissions (``++protectionLevel++`` https://developer.android.com/guide/topics/manifest/permission-element#plevel[value] must be defined depending on the sensitivity of the component):
|
Otherwise, implement permissions:
|
||||||
[source,xml]
|
[source,xml]
|
||||||
----
|
----
|
||||||
<provider
|
<provider
|
||||||
@ -60,10 +80,10 @@ Otherwise, implement permissions (``++protectionLevel++`` https://developer.andr
|
|||||||
android:name="com.example.app.Provider"
|
android:name="com.example.app.Provider"
|
||||||
android:exported="true"
|
android:exported="true"
|
||||||
android:readPermission="com.example.app.READ_PERMISSION"
|
android:readPermission="com.example.app.READ_PERMISSION"
|
||||||
android:readPermission="com.example.app.WRITE_PERMISSION" />
|
android:writePermission="com.example.app.WRITE_PERMISSION" />
|
||||||
|
|
||||||
<activity android:name="com.example.activity.Activity"
|
<activity android:name="com.example.activity.Activity"
|
||||||
android:permission="com.example.app.PERMISSION">
|
android:permission="com.example.app.PERMISSION" >
|
||||||
<intent-filter>
|
<intent-filter>
|
||||||
<action android:name="com.example.OPEN_UI"/>
|
<action android:name="com.example.OPEN_UI"/>
|
||||||
<category android:name="android.intent.category.DEFAULT" />
|
<category android:name="android.intent.category.DEFAULT" />
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user