Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUM-5750 Use NO_EXPORT_FLAG for BroadcastReceiver on API above 26 #2170

Merged
merged 1 commit into from
Aug 12, 2024
+141 −1
Merged

RUM-5750 Use NO_EXPORT_FLAG for BroadcastReceiver on API above 26 #2170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion ...oid-core/src/main/kotlin/com/datadog/android/core/internal/receiver/ThreadSafeReceiver.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,16 @@ internal abstract class ThreadSafeReceiver : BroadcastReceiver() {

val isRegistered = AtomicBoolean(false)

@SuppressLint("UnspecifiedRegisterReceiverFlag")
// We suppress the warning here as this method is not available on all Android versions
@SuppressLint("WrongConstant", "UnspecifiedRegisterReceiverFlag")
Copy link
Member

@jonathanmos jonathanmos Aug 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following on from the dev chat, if we have to suppress perhaps we should document the reason in a comment

fun registerReceiver(
context: Context,
filter: IntentFilter
): Intent? {
val intent = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
context.registerReceiver(this, filter, Context.RECEIVER_NOT_EXPORTED)
} else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
Copy link
Member Author

@mariusc83 mariusc83 Aug 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally we should use ContextCompat here:
https://developer.android.com/reference/androidx/core/content/ContextCompat#RECEIVER_NOT_EXPORTED()
but not sure if we should bring the ContextCompat dependency only for this reason. The drawback on this approach would be in case that Flag value will be changed in the future (quite unlikely) . he worse thing it could happen is that this flag to change later but I checked and the SDK is not crashing it is just ignoring it. On the other side if the flag value (logic will change under the hood) we might end up with a different access rights for this receiver exposing again a security issue. I think this is highly unlikely but reviewers please have this in mind.

context.registerReceiver(this, filter, RECEIVER_NOT_EXPORTED_COMPAT)
} else {
context.registerReceiver(this, filter)
}
Expand All @@ -37,4 +40,8 @@ internal abstract class ThreadSafeReceiver : BroadcastReceiver() {
context.unregisterReceiver(this)
}
}

companion object {
internal const val RECEIVER_NOT_EXPORTED_COMPAT: Int = 0x4
}
}
133 changes: 133 additions & 0 deletions ...core/src/test/kotlin/com/datadog/android/core/internal/receiver/ThreadSafeReceiverTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
/*
* Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
* This product includes software developed at Datadog (https://www.datadoghq.com/).
* Copyright 2016-Present Datadog, Inc.
*/

package com.datadog.android.core.internal.receiver

import android.annotation.SuppressLint
import android.content.Context
import android.content.Intent
import android.content.IntentFilter
import android.os.Build
import com.datadog.android.utils.forge.Configurator
import com.datadog.tools.unit.annotations.TestTargetApi
import com.datadog.tools.unit.extensions.ApiLevelExtension
import fr.xgouchet.elmyr.junit5.ForgeConfiguration
import fr.xgouchet.elmyr.junit5.ForgeExtension
import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.junit.jupiter.api.extension.Extensions
import org.mockito.Mock
import org.mockito.junit.jupiter.MockitoExtension
import org.mockito.junit.jupiter.MockitoSettings
import org.mockito.kotlin.verify
import org.mockito.kotlin.verifyNoInteractions
import org.mockito.kotlin.verifyNoMoreInteractions
import org.mockito.quality.Strictness

@Extensions(
ExtendWith(MockitoExtension::class),
ExtendWith(ForgeExtension::class),
ExtendWith(ApiLevelExtension::class)
)
@MockitoSettings(strictness = Strictness.LENIENT)
@ForgeConfiguration(Configurator::class)
internal class ThreadSafeReceiverTest {
private lateinit var testedReceiver: ThreadSafeReceiver

@Mock
lateinit var mockContext: Context

@Mock
lateinit var mockIntentFilter: IntentFilter

@BeforeEach
fun `set up`() {
testedReceiver = TestableThreadSafeReceiver()
}

// region registerReceiver

@TestTargetApi(Build.VERSION_CODES.O)
@Test
fun `M use the no export flag W registerReceiver { API version above 26}`() {
// When
testedReceiver.registerReceiver(mockContext, mockIntentFilter)

// Then
verify(mockContext).registerReceiver(
testedReceiver,
mockIntentFilter,
ThreadSafeReceiver.RECEIVER_NOT_EXPORTED_COMPAT
)
assertThat(this.testedReceiver.isRegistered.get()).isTrue()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: this can be removed. Same for other similar lines in this file.

Suggested change
assertThat(this.testedReceiver.isRegistered.get()).isTrue()
assertThat(testedReceiver.isRegistered.get()).isTrue()

}

@TestTargetApi(Build.VERSION_CODES.TIRAMISU)
@Test
fun `M use the no export flag W registerReceiver { API version above 33}`() {
// When
testedReceiver.registerReceiver(mockContext, mockIntentFilter)

// Then
verify(mockContext).registerReceiver(
testedReceiver,
mockIntentFilter,
Context.RECEIVER_NOT_EXPORTED
)
assertThat(this.testedReceiver.isRegistered.get()).isTrue()
}

@SuppressLint("UnspecifiedRegisterReceiverFlag")
@TestTargetApi(Build.VERSION_CODES.N)
@Test
fun `M not use the no export flag W registerReceiver { API version below 26}`() {
// When
testedReceiver.registerReceiver(mockContext, mockIntentFilter)

// Then
verify(mockContext).registerReceiver(testedReceiver, mockIntentFilter)
verifyNoMoreInteractions(mockContext)
assertThat(this.testedReceiver.isRegistered.get()).isTrue()
}

// endregion

// region unregisterReceiver

@Test
fun `M unregister the receiver W unregisterReceiver { registered }`() {
// Given
testedReceiver.isRegistered.set(true)

// When
testedReceiver.unregisterReceiver(mockContext)

// Then
verify(mockContext).unregisterReceiver(testedReceiver)
assertThat(this.testedReceiver.isRegistered.get()).isFalse()
}

@Test
fun `M do nothing W unregisterReceiver { not registered }`() {
// Given
testedReceiver.isRegistered.set(false)

// When
testedReceiver.unregisterReceiver(mockContext)

// Then
verifyNoInteractions(mockContext)
assertThat(this.testedReceiver.isRegistered.get()).isFalse()
}

// endregion
}

internal class TestableThreadSafeReceiver : ThreadSafeReceiver() {
override fun onReceive(context: Context?, intent: Intent?) {}
}