Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7970fff4 authored by Michael Groover's avatar Michael Groover
Browse files

Add a receiver exported flag to mark unaudited runtime receivers 

Android T allows apps to declare a runtime receiver as not exported
by invoking registerReceiver with a new RECEIVER_NOT_EXPORTED flag;
receivers registered with this flag will only receive broadcasts from
the platform and the app itself. However to ensure developers can
properly protect their receivers, all apps targeting T or later
registering a receiver for non-system broadcasts must specify either
the exported or not exported flag when invoking #registerReceiver;
if one of these flags is not provided, the platform will throw a
SecurityException. The platform and system apps have several locations
where a receiver is registered for non-system broadcasts that have
not yet been audited to determine if they should be exported. This
commit introduces a temporary flag that can be used to meet the
new requirement that a flag be specified while also marking the
receiver as needing an audit before the T release to determine
whether the receiver should be exported or not.

Bug: 161145287
Test: atest ContextTest
Change-Id: Ie9d1e2ad6e2d831c374437ed65d085711b7dc3b7
parent 8704be36

core/api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -699,6 +699,7 @@ package android.content { 
    field public static final String FONT_SERVICE = "font";

    field public static final String POWER_EXEMPTION_SERVICE = "power_exemption";

    field @Deprecated public static final String POWER_WHITELIST_MANAGER = "power_whitelist";

    field @Deprecated public static final int RECEIVER_EXPORTED_UNAUDITED = 2; // 0x2

    field public static final String TEST_NETWORK_SERVICE = "test_network";

  }

core/java/android/content/Context.java

+10 −1
Original line number Diff line number Diff line
@@ -534,7 +534,8 @@ public abstract class Context { 


    /** @hide */

    @IntDef(flag = true, prefix = { "RECEIVER_VISIBLE" }, value = {

            RECEIVER_VISIBLE_TO_INSTANT_APPS, RECEIVER_EXPORTED, RECEIVER_NOT_EXPORTED

            RECEIVER_VISIBLE_TO_INSTANT_APPS, RECEIVER_EXPORTED, RECEIVER_NOT_EXPORTED,

            RECEIVER_EXPORTED_UNAUDITED

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface RegisterReceiverFlags {}
@@ -550,6 +551,14 @@ public abstract class Context { 
     */

    public static final int RECEIVER_EXPORTED = 0x2;



    /**

     * @deprecated Use {@link #RECEIVER_NOT_EXPORTED} or {@link #RECEIVER_EXPORTED} instead.

     * @hide

     */

    @Deprecated

    @TestApi

    public static final int RECEIVER_EXPORTED_UNAUDITED = RECEIVER_EXPORTED;



    /**

     * Flag for {@link #registerReceiver}: The receiver cannot receive broadcasts from other Apps.

     * Has the same behavior as marking a statically registered receiver with "exported=false"