Android

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 24

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
languagehtml/xml
titleAndroidManifest.xml
<activity android:configChanges="keyboard|keyboardHidden|orientation" android:name=".media.yfrog.YfrogUploadDialog" android:theme="@style/Vulnerable.Dialog" android:windowSoftInputMode="stateAlwaysHidden">            
	<intent-filter android:icon="@drawable/yfrog_icon" android:label="@string/YFROG">
		<action android:name="jp.co.vulnerable.ACTION_UPLOAD" />                 
		<category android:name="android.intent.category.DEFAULT" />                 
		<data android:mimeType="image/*" />                 
		<data android:mimeType="video/*" />             
	</intent-filter>         
</activity>

 androidandroid:name refers to the name of the class that implements this activity. The name of the package is "jp.co.vulnerable" so the fully qualified name of the class implementing this activity is jp.co.vulnerable.media.yfrog.YfrogUploadDialog. Since the intent filter is defined, this activity is exported to other apps.

...

Android Secure Coding Guidebook by JSSEC

4.1.1.1 Create and use private activity  
4.1.3.1. The combination of exported flag and the intent-filter  
4.1.3.2. Validate the caller of the activity

...