I have a pair of simple apps: one provides a service (installed as a 'platform'
app) and the other is the client (running as untrusted_app). However they are
not related (i.e. they are signed differently), but the client knows the
startIntent.setClassName. The client sends an intent to start the service.
I did not expect the service to start with the default intent_mac.xml and
mmac_types.xml files, however it did.
After some digging I found that it was allowed because of this entry in the
intent_mac.xml file:
<intent>
<filter>
<action name="android.intent.action.MAIN"/>
<category name="android.intent.category.LAUNCHER"/>
</filter>
<!-- Allow all apps to send this intent -->
<allow name="find_main_activities"/>
</intent>
This does not seem that secure, so I've patched the file with the attached
patch. This allows AOSP apps to send the intent, but not others. I then
added entries in intent_mac and mmac_types to allow my apps to communicate.
This seems a more secure solution.
Richard
--- a/intent_mac.xml 2013-07-17 13:48:23.839900750 +0100
+++ b/intent_mac.xml 2013-07-17 15:56:13.468589338 +0100
@@ -26,8 +26,13 @@
<action name="android.intent.action.MAIN"/>
<category name="android.intent.category.LAUNCHER"/>
</filter>
- <!-- Allow all apps to send this intent -->
- <allow name="find_main_activities"/>
+ <!-- Allow only AOSP apps to send this intent. If user installed apps
+ need to send this they must be added separately. -->
+ <allow name="shared_intent_action_main" srcctx="u:r:shared_app:s0"/>
+ <allow name="platform_intent_action_main" srcctx="u:r:platform_app:s0"/>
+ <allow name="media_intent_action_main" srcctx="u:r:media_app:s0"/>
+ <allow name="release_intent_action_main" srcctx="u:r:release_app:s0"/>
+ <allow name="radio_intent_action_main" srcctx="u:r:radio:s0"/>
</intent>
<intent>
