Assigned

Bug

Status Update

No update yet.

Description

xa...@gtempaccount.com

created issue #1

Apr 6, 2023 11:53AM

Component used: androidx.browser:browser

Version used: 1.5.0

Devices/Android versions reproduced on: Samsung A10 - Android 11. Although I suspect this is not a device-specific issue.

Description of the problem:

The androidx Browser package doesn't do a lot of error handling when launching Intents. We're seeing some SecurityExceptions in our app that occur when the Firebase in-app messaging library launches a web URL Intent. That library uses the androidx Browser package (Source). After some research, I've found that the problem can be observed when the following conditions are met:

A device has 2 apps installed.
- App Consumer. This is the 'victim', this app is the one that uses the androidx Browser package to open a website.
- App Buggy. This is the troublemaker. This app declares at least 2 Activities that can handle web URL intents. See below.
The device has no other Activities that can handle web URL Intents (this can be done by uninstalling all browser apps and disabling any system browser app).

If all the above happens, then when the Consumer app tries to navigate to any website using Custom Tabs, a SecurityException will be thrown. There may be other ways of reproducing, but I was only able to reproduce it with the above set up.

Code

The relevant code snippet of the Buggy app is this:

<activity
    android:name=".NonExportedActivity"
    android:exported="false" <----- *Not* exported
    android:label="@string/app_name">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="http" />
        <data android:scheme="https" />
    </intent-filter>
</activity>
<activity
    android:name=".ExportedActivity"
    android:exported="true" <----- Exported
    android:label="@string/app_name">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="http" />
        <data android:scheme="https" />
    </intent-filter>
</activity>

As I mentioned earlier this crash was first observed in the Firebase in-app messaging library, but I was able to reproduce it using 2 sample apps (see attached), that's why I'm reporting the issue here.

Stacktrace

FATAL EXCEPTION: main
Process: com.example.bugreportconsumerapp, PID: 2217
java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.VIEW dat=https://google.com/... cmp=com.example.bugreportunexportedwebbrowseractivity/.NonExportedActivity (has extras) } from ProcessRecord{f1b73b7 2217:com.example.bugreportconsumerapp/u0a1027} (pid=2217, uid=11027) not exported from uid 11026
	at android.os.Parcel.createExceptionOrNull(Parcel.java:2385)
	at android.os.Parcel.createException(Parcel.java:2369)
	at android.os.Parcel.readException(Parcel.java:2352)
	at android.os.Parcel.readException(Parcel.java:2294)
	at android.app.IActivityTaskManager$Stub$Proxy.startActivity(IActivityTaskManager.java:4276)
	at android.app.Instrumentation.execStartActivity(Instrumentation.java:1723)
	at android.app.Activity.startActivityForResult(Activity.java:5377)
	at android.app.Activity.startActivityForResult(Activity.java:5335)
	at android.app.Activity.startActivity(Activity.java:5721)
	at androidx.core.content.ContextCompat.startActivity(ContextCompat.java:251)
	at androidx.browser.customtabs.CustomTabsIntent.launchUrl(CustomTabsIntent.java:483)
	at com.example.bugreportconsumerapp.DemoActivity.onCreate$lambda$0(DemoActivity.kt:17)
	at com.example.bugreportconsumerapp.DemoActivity.$r8$lambda$P8-hzZy7zrZ2U62dZ34rQQE7apk(Unknown Source:0)
	at com.example.bugreportconsumerapp.DemoActivity$$ExternalSyntheticLambda0.onClick(Unknown Source:2)
	at android.view.View.performClick(View.java:8160)
	at android.widget.TextView.performClick(TextView.java:16222)
	at android.view.View.performClickInternal(View.java:8137)
	at android.view.View.access$3700(View.java:888)
	at android.view.View$PerformClick.run(View.java:30236)
	at android.os.Handler.handleCallback(Handler.java:938)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:246)
	at android.app.ActivityThread.main(ActivityThread.java:8625)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:602)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1130)
Caused by: android.os.RemoteException: Remote stack trace:
	at com.android.server.wm.ActivityStackSupervisor.checkStartAnyActivityPermission(ActivityStackSupervisor.java:1338)
	at com.android.server.wm.ActivityStarter.executeRequest(ActivityStarter.java:1263)
	at com.android.server.wm.ActivityStarter.execute(ActivityStarter.java:897)
	at com.android.server.wm.ActivityTaskManagerService.startActivityAsUser(ActivityTaskManagerService.java:1721)
	at com.android.server.wm.ActivityTaskManagerService.startActivityAsUser(ActivityTaskManagerService.java:1571)

Thanks in advance!

BugReportConsumerApp.zip

73 KB

Download

BugReportUnexportedWebBrowserActivity.zip

74 KB

Download

Comments

xa...@gtempaccount.com <xa...@gtempaccount.com> #2Apr 6, 2023 12:05PM

having the same issue
Room version > 2.7.0-alpha08
agp = "8.2.2"
kotlin = "2.0.20"
ksp-plugin = "2.0.20-1.0.24"

also Reverting to Room version 2.7.0-alpha07 solves the issue.

pe...@google.com <pe...@google.com> #3Apr 24, 2023 10:36AM

Thanks for the report, this issue is likely due to the Room Gradle Plugin changes that try to also configure the android test app asset directory to include the schemas so the MigrationTestHelper can pick them up. I'll try to work on a fix soon.

xa...@gtempaccount.com <xa...@gtempaccount.com> #4Apr 24, 2023 12:05PM

Project: platform/frameworks/support
Branch: androidx-main
Author: Daniel Santiago Rivera <danysantiago@google.com>
Link: https://android-review.googlesource.com/3391005

Configure the schema asset android copy task within its register block and not within AGP's wiredWith lambda.

Expand for full commit details

Configure the schema asset android copy task within its register block and not within AGP's wiredWith lambda. 
 
Otherwise the tasks inputs are locked by the time the wiredWith lambda passed to addGeneratedSourceDirector() is invoked and will lead to "property 'inputDirectory' is final and cannot be changed any further". 
 
Bug: 376071291 
Test: Manual with sample repro app 
Change-Id: I2c9da4855cd31d7df3276424546aba4c53edf7ea

Files:

M room/room-gradle-plugin/src/main/java/androidx/room/gradle/integration/AndroidPluginIntegration.kt

Hash: 1dbb4c1876e1e8a8e930bec4625741ac6dc05a0b
Date: Thu Dec 05 14:21:51 2024

pe...@google.com <pe...@google.com> #5Jul 12, 2024 12:57PM

I'm having the same problem in my Compose Multiplatform project and I'm using the latest version available 2.7.0-alpha12. The way I found to get around this was by adding the following task to my build.gradle

tasks.matching { it.name.startsWith("copyRoomSchemasToAndroidTestAssetsDebugAndroidTest") }.configureEach {
enabled = false
}

But I believe this is not the right thing to do, since I'm hiding the error. Is there another way to solve it or will the library be updated to fix it?

IssueTracker

SecurityException not handled when starting intents (when exported and non exported Activities exist)

Status Update

Description

Description of the problem:

Code

Stacktrace

Comments

xa...@gtempaccount.com <xa...@gtempaccount.com> #2Apr 6, 2023 12:05PM

pe...@google.com <pe...@google.com> #3Apr 24, 2023 10:36AM

xa...@gtempaccount.com <xa...@gtempaccount.com> #4Apr 24, 2023 12:05PM

pe...@google.com <pe...@google.com> #5Jul 12, 2024 12:57PM

Issue 277060963

Description

Description of the problem:

Code

Stacktrace

Issue summary

Comments

xa...@gtempaccount.com <xa...@gtempaccount.com> #2Apr 6, 2023 12:05PM

pe...@google.com <pe...@google.com> #3Apr 24, 2023 10:36AM

xa...@gtempaccount.com <xa...@gtempaccount.com> #4Apr 24, 2023 12:05PM

pe...@google.com <pe...@google.com> #5Jul 12, 2024 12:57PM

Add comment

Issue metadata