Fixed
Status Update
No update yet.
Comments
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit d6e2ff5b12660a8b2d5ea2fa8d1903160377cee7
Author: Jelle Fresen <jellefresen@google.com>
Date: Wed Apr 07 12:31:17 2021
Fix exported activities in manifest files
ComponentActivity in ui-test-manifest is now exported, and the
ComponentActivity with TestTheme is now exposed to all compose libraries
through test-utils instead of through ui-test and ui-test-junit4.
Also fixes the TestActivity from ui-tooling that was inadvertently
exported as well.
Bug: 184718994
Test: ./gradlew cC
Relnote: "The AndroidManifest files from ui-test-manifest and
ui-tooling-data are now compatible with Android 12"
Change-Id: I6f9dec0515ad6eb7fd232eeb124ee0164f4e90cb
M activity/activity-compose/build.gradle
M compose/animation/animation-core/build.gradle
M compose/animation/animation/build.gradle
M compose/foundation/foundation-layout/build.gradle
M compose/integration-tests/docs-snippets/src/main/AndroidManifest.xml
M compose/runtime/runtime-rxjava2/build.gradle
M compose/runtime/runtime-rxjava3/build.gradle
M compose/runtime/runtime-saveable/build.gradle
M compose/runtime/runtime/integration-tests/build.gradle
M compose/test-utils/src/androidMain/AndroidManifest.xml
M compose/test-utils/src/androidMain/res/values/styles.xml
M compose/ui/ui-test-junit4/src/androidAndroidTest/AndroidManifest.xml
M compose/ui/ui-test-junit4/src/androidMain/AndroidManifest.xml
D compose/ui/ui-test-junit4/src/androidMain/res/values/styles.xml
M compose/ui/ui-test-manifest/src/main/AndroidManifest.xml
M compose/ui/ui-test/src/androidAndroidTest/AndroidManifest.xml
M compose/ui/ui-test/src/androidMain/AndroidManifest.xml
M compose/ui/ui-tooling-data/src/androidTest/AndroidManifest.xml
M compose/ui/ui-tooling-data/src/main/AndroidManifest.xml
M compose/ui/ui-tooling/build.gradle
M lifecycle/lifecycle-viewmodel-compose/build.gradle
https://android-review.googlesource.com/1667140
Branch: androidx-main
commit d6e2ff5b12660a8b2d5ea2fa8d1903160377cee7
Author: Jelle Fresen <jellefresen@google.com>
Date: Wed Apr 07 12:31:17 2021
Fix exported activities in manifest files
ComponentActivity in ui-test-manifest is now exported, and the
ComponentActivity with TestTheme is now exposed to all compose libraries
through test-utils instead of through ui-test and ui-test-junit4.
Also fixes the TestActivity from ui-tooling that was inadvertently
exported as well.
Bug: 184718994
Test: ./gradlew cC
Relnote: "The AndroidManifest files from ui-test-manifest and
ui-tooling-data are now compatible with Android 12"
Change-Id: I6f9dec0515ad6eb7fd232eeb124ee0164f4e90cb
M activity/activity-compose/build.gradle
M compose/animation/animation-core/build.gradle
M compose/animation/animation/build.gradle
M compose/foundation/foundation-layout/build.gradle
M compose/integration-tests/docs-snippets/src/main/AndroidManifest.xml
M compose/runtime/runtime-rxjava2/build.gradle
M compose/runtime/runtime-rxjava3/build.gradle
M compose/runtime/runtime-saveable/build.gradle
M compose/runtime/runtime/integration-tests/build.gradle
M compose/test-utils/src/androidMain/AndroidManifest.xml
M compose/test-utils/src/androidMain/res/values/styles.xml
M compose/ui/ui-test-junit4/src/androidAndroidTest/AndroidManifest.xml
M compose/ui/ui-test-junit4/src/androidMain/AndroidManifest.xml
D compose/ui/ui-test-junit4/src/androidMain/res/values/styles.xml
M compose/ui/ui-test-manifest/src/main/AndroidManifest.xml
M compose/ui/ui-test/src/androidAndroidTest/AndroidManifest.xml
M compose/ui/ui-test/src/androidMain/AndroidManifest.xml
M compose/ui/ui-tooling-data/src/androidTest/AndroidManifest.xml
M compose/ui/ui-tooling-data/src/main/AndroidManifest.xml
M compose/ui/ui-tooling/build.gradle
M lifecycle/lifecycle-viewmodel-compose/build.gradle
je...@google.com
wi...@gmail.com
Hello! I'd like to ask if today, in the build/intermediates/merged_manifest/debug/AndroidManifest.xml file, the following entry:
<activity
android:name="androidx.activity.ComponentActivity"
android:exported="true" />
has been flagged by SonarQube as a security concern, suggesting to "Implement permissions on this exported component." However, it seems like this was added through some plugins in Gradle. How can I change its exported attribute to false? Or does this configuration not affect the app's security, so I don't need to modify it?
The project in the attachment is my current gradle file, thank you for your help!
<activity
android:name="androidx.activity.ComponentActivity"
android:exported="true" />
has been flagged by SonarQube as a security concern, suggesting to "Implement permissions on this exported component." However, it seems like this was added through some plugins in Gradle. How can I change its exported attribute to false? Or does this configuration not affect the app's security, so I don't need to modify it?
The project in the attachment is my current gradle file, thank you for your help!
je...@google.com
I'm not sure what SonarQube means by that suggestion.
The exported ComponentActivity is merged into your manifest because you have a debugImplementation dependency on ui-test-manifest. You need this if you have tests that use createComposeRule() or createAndroidComposeRule<ComponentActivity>(). Because it is a debug dependency, release builds won't be affected.
To answer your question, you can just remove the dependency on ui-test-manifest and add ComponentActivity to your (debug) manifest manually if necessary.
Description
<activity android:name="androidx.activity.ComponentActivity" />
Expected and mandatory in the future:
<activity android:name="androidx.activity.ComponentActivity"
android:exported="true" />