Modify S5594(XML - Android): Improve text understandability (APPSEC-134) (#1433)
This commit is contained in:
Loris S
GitHub
parent
73f990a9a0
commit
ffe62c05a5
@ -1,5 +1,5 @@
|
||||
{
|
||||
"title": "Restrict access to exported components with appropriate permissions",
|
||||
"title": "Exported component access should be restricted with appropriate permissions",
|
||||
"type": "VULNERABILITY",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
|
||||
@ -1,22 +1,42 @@
|
||||
If an Android component is exported and no permissions are defined then other mobile apps can interact with it and perform potential unauthorized actions.
|
||||
Once an Android component has been exported, it can be used by attackers to
|
||||
launch malicious actions and might also give access to other components
|
||||
that are not exported.
|
||||
|
||||
As a result, sensitive user data can be stolen, and components can be launched
|
||||
unexpectedly.
|
||||
|
||||
For instance, an exported content provider can expose sensitive data, if no permissions are defined, to other mobile apps.
|
||||
For this reason, the following components should be protected:
|
||||
|
||||
* Providers
|
||||
* Activities
|
||||
* Activity-aliases
|
||||
* Services
|
||||
|
||||
It's highly recommended to implement restrictive permissions on exposed components.
|
||||
To do so, it is recommended to either set `exported` to `false`, add
|
||||
`android:readPermission` and `android:writePermission` attributes, or add a
|
||||
`<permission>` tag.
|
||||
|
||||
**Warning**: When targeting Android versions lower than 12, the presence of intent filters will cause ``++exported++`` to be set to
|
||||
``++true++`` by default.
|
||||
|
||||
If a component must be exported, use a `<permission>` tag and the
|
||||
https://developer.android.com/guide/topics/manifest/permission-element#plevel[protection level]
|
||||
that matches your use case and data confidentiality requirements. +
|
||||
For example, https://developer.android.com/training/sync-adapters[Sync adapters]
|
||||
should use a `signature` protection level to remain both exported **and** protected.
|
||||
|
||||
== Noncompliant Code Example
|
||||
|
||||
An exported component is vulnerable when read and write permissions are not defined:
|
||||
The following components are vulnerable because permissions are undefined or
|
||||
partially defined:
|
||||
|
||||
[source,xml]
|
||||
----
|
||||
<provider
|
||||
android:authorities="com.example.app.Provider"
|
||||
android:name="com.example.app.Provider"
|
||||
android:exported="true"
|
||||
android:readPermission="com.example.app.READ_PERMISSION" /> <!-- Noncompliant: write permission is not defined -->
|
||||
android:readPermission="com.example.app.READ_PERMISSION" /> <!-- Noncompliant: write permission is not defined -->
|
||||
----
|
||||
[source,xml]
|
||||
----
|
||||
@ -24,13 +44,12 @@ An exported component is vulnerable when read and write permissions are not defi
|
||||
android:authorities="com.example.app.Provider"
|
||||
android:name="com.example.app.Provider"
|
||||
android:exported="true"
|
||||
android:writePermission="com.example.app.WRITE_PERMISSION" /> <!-- Noncompliant: read permission is not defined -->
|
||||
android:writePermission="com.example.app.WRITE_PERMISSION" /> <!-- Noncompliant: read permission is not defined -->
|
||||
----
|
||||
|
||||
With an ``++<intent-filter>++`` the component's attibute ``++android:exported++`` default value is "true":
|
||||
[source,xml]
|
||||
----
|
||||
<activity android:name="com.example.activity.Activity"> <!-- Noncompliant: permissions are not defined -->
|
||||
<activity android:name="com.example.activity.Activity"> <!-- Noncompliant: permissions are not defined -->
|
||||
<intent-filter>
|
||||
<action android:name="com.example.OPEN_UI"/>
|
||||
<category android:name="android.intent.category.DEFAULT"/>
|
||||
@ -42,7 +61,8 @@ With an ``++<intent-filter>++`` the component's attibute ``++android:exported++`
|
||||
== Compliant Solution
|
||||
|
||||
|
||||
If the component is not intended to be shared with other apps ``++exported++`` attribute should be set to ``++false++``:
|
||||
If the component's capabilities or data are not intended to be shared with
|
||||
other apps, its ``++exported++`` attribute should be set to ``++false++``:
|
||||
|
||||
[source,xml]
|
||||
----
|
||||
@ -52,18 +72,18 @@ If the component is not intended to be shared with other apps ``++exported++`` a
|
||||
android:exported="false" />
|
||||
----
|
||||
|
||||
Otherwise, implement permissions (``++protectionLevel++`` https://developer.android.com/guide/topics/manifest/permission-element#plevel[value] must be defined depending on the sensitivity of the component):
|
||||
Otherwise, implement permissions:
|
||||
[source,xml]
|
||||
----
|
||||
<provider
|
||||
android:authorities="com.example.app.Provider"
|
||||
android:name="com.example.app.Provider"
|
||||
android:exported="true"
|
||||
android:readPermission="com.example.app.READ_PERMISSION"
|
||||
android:readPermission="com.example.app.WRITE_PERMISSION" />
|
||||
android:readPermission="com.example.app.READ_PERMISSION"
|
||||
android:writePermission="com.example.app.WRITE_PERMISSION" />
|
||||
|
||||
<activity android:name="com.example.activity.Activity"
|
||||
android:permission="com.example.app.PERMISSION">
|
||||
android:permission="com.example.app.PERMISSION" >
|
||||
<intent-filter>
|
||||
<action android:name="com.example.OPEN_UI"/>
|
||||
<category android:name="android.intent.category.DEFAULT" />
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user