Closed
Bug 1031569
Opened 10 years ago
Closed 9 years ago
Permission Denial: starting Intent… java.lang.SecurityException: at android.os.Parcel.readException(Parcel.java)
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox38 wontfix, firefox38.0.5 wontfix, firefox39 verified, firefox40 fixed, firefox41 fixed, fennec+)
RESOLVED
FIXED
Firefox 41
People
(Reporter: rnewman, Assigned: rnewman)
Details
(Keywords: crash, reproducible, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
6.12 KB,
patch
|
mfinkle
:
review+
Sylvestre
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Similar to Bug 782566, but different enough that I'm filing a separate bug. https://crash-stats.mozilla.com/report/index/98c66d75-8578-4b21-b594-172c72140623 https://crash-stats.mozilla.com/report/index/0898570b-2802-4818-9d1c-770132140622 Shows up as: java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.VIEW dat=https://plus.google.com/109987227147705019735/posts flg=0x4000000 cmp=com.google.android.apps.plus/com.google.android.libraries.social.gateway.GatewayActivity } from ProcessRecord{42622fc0 10765:org.mozilla.fennec/u0a10223} (pid=10765, uid=10223) not exported from uid 10107 java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.GET_CONTENT cat=[android.intent.category.OPENABLE] typ=*/* flg=0x3000000 cmp=com.evernote/.note.composer.FilePickerActivity } from ProcessRecord{415c3d00 13173:org.mozilla.fennec_aurora/10033} (pid=13173, uid=10033) not exported from uid 10039 at android.os.Parcel.readException(Parcel.java:1327) at android.os.Parcel.readException(Parcel.java:1281) at android.app.ActivityManagerProxy.startActivity(ActivityManagerNative.java:1658) at android.app.Instrumentation.execStartActivity(Instrumentation.java:1379) at android.app.Activity.startActivityForResult(Activity.java:3309) at android.app.Activity.startActivity(Activity.java:3416) at com.android.internal.app.ResolverActivity.onIntentSelected(ResolverActivity.java:207) at com.android.internal.app.ResolverActivity.onClick(ResolverActivity.java:121) at com.android.internal.app.AlertController$AlertParams$3.onItemClick(AlertController.java:924) at android.widget.AdapterView.performItemClick(AdapterView.java:292) at android.widget.AbsListView.performItemClick(AbsListView.java:1068) at android.widget.AbsListView$PerformClick.run(AbsListView.java:2524) at android.widget.AbsListView$1.run(AbsListView.java:3197) at android.os.Handler.handleCallback(Handler.java:605) at android.os.Handler.dispatchMessage(Handler.java:92) at android.os.Looper.loop(Looper.java:137) at android.app.ActivityThread.main(ActivityThread.java:4558) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:511) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:784) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551) at dalvik.system.NativeStart.main(Native Method) More at <https://crash-stats.mozilla.com/report/list?product=FennecAndroid&signature=java.lang.SecurityException%3A+at+android.os.Parcel.readException%28Parcel.java%29>
Assignee | ||
Comment 1•10 years ago
|
||
Layers of problems here: * You'll get a SecurityException whenever you try to launch an Activity that isn't either exported or running in your own process. So we should handle that if we can. * Other apps shouldn't have non-exported activities coming up in the picker. That's kinda puzzling. The crash in Comment 0, for example, looks like Evernote's file picker isn't exported when it should be. I wonder if we can filter that out? * If we're trying to launch an activity in another package, PackageManager has getLaunchIntentForPackage(). I doubt that applies here, though. If I were to guess at call sites, I'd suggest: * File upload * The native app URL bar button (e.g., for Google Plus?)
Comment 2•9 years ago
|
||
I hit this on my Nexus 6 using Firefox beta when I downloaded a PDF file and then clicked on the notification bar to open it - on my device it is consistently reproducible. https://crash-stats.mozilla.com/report/index/bb01db2d-82e8-4d2f-9e59-cfb242150430
Assignee | ||
Updated•9 years ago
|
Hardware: ARM → All
Summary: java.lang.SecurityException: at android.os.Parcel.readException(Parcel.java) → Permission Denial: starting Intent… java.lang.SecurityException: at android.os.Parcel.readException(Parcel.java)
Assignee | ||
Comment 3•9 years ago
|
||
Marcia: your issue seems to be that Boingo Wi-Finder is somehow associated as the handler for that file, but the intent handler isn't public! java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.VIEW dat=file:///storage/emulated/0/Download/0fa6464c-c2d3-434e-b3f3-6e466cdcf3da flg=0x4000000 cmp=com.boingo.boingowifi/.WebGetPostActivity } from ProcessRecord{16a65209 30877:org.mozilla.firefox_beta/u0a88} (pid=30877, uid=10088) not exported from uid 10124 This is a lot like https://commonsware.com/blog/2012/07/09/dont-advertise-intent-filters-that-are-not-yours.html Marcia, could you open Android Settings, Apps, find Boingo Wi-Finder, tap it, scroll to the bottom, and: 1. Tell me if it says "NO DEFAULTS SET" 2. Tap "Clear defaults" 3. See if you can still repro?
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(mozillamarcia.knous)
Assignee | ||
Comment 4•9 years ago
|
||
Here's my theory. The Android intent chooser lets us pick activities that we're not allowed to launch. Our URI handlers can also end up finding activities that we're not allowed to launch, because they're included in the candidate list when we query PM. This patch does two things: * It stops us crashing in the former case by catching the exception. * It stops us hitting the latter case by excluding non-exported activites from the candidate list. This is speculative, because I can't repro this.
Attachment #8622021 -
Flags: review?(mark.finkle)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → rnewman
Status: NEW → ASSIGNED
Assignee | ||
Comment 5•9 years ago
|
||
Here's a great example: https://crash-stats.mozilla.com/report/index/fe8d1241-3190-413e-9c9f-510bc2150613 java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.VIEW dat=file:///storage/emulated/0/Download/[kat.cr]kurt.cobain.montage.of.heck.2015.1080p.brrip.x264.yify.torrent flg=0x4000000 cmp=org.wikipedia/.settings.LicenseActivity } from ProcessRecord{1d62fff 11189:org.mozilla.firefox/u0a350} (pid=11189, uid=10350) not exported from uid 10243 Here's the Wikipedia app's manifest: https://github.com/wikimedia/apps-android-wikipedia/blob/50208e1c91c4b83b2b2d5447949a021f366f413f/wikipedia/AndroidManifest.xml#L126 <activity android:name=".settings.LicenseActivity" android:exported="false"> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <data android:pathPrefix="/android_asset/licenses/" android:scheme="file" /> </intent-filter> </activity> That activity used to be exported! https://github.com/wikimedia/apps-android-wikipedia/commit/8ca9fbeefb758164eac4b044ee173d73b61add82 but even so it could conceivably match for some strange reason, in which case we'd launch it and it'd fail.
Assignee | ||
Comment 6•9 years ago
|
||
The vast majority of crashes I sampled seem to be this Wikipedia license activity.
Comment 7•9 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #3) > Marcia: your issue seems to be that Boingo Wi-Finder is somehow associated > as the handler for that file, but the intent handler isn't public! > > java.lang.SecurityException: Permission Denial: starting Intent { > act=android.intent.action.VIEW > dat=file:///storage/emulated/0/Download/0fa6464c-c2d3-434e-b3f3-6e466cdcf3da > flg=0x4000000 cmp=com.boingo.boingowifi/.WebGetPostActivity } from > ProcessRecord{16a65209 30877:org.mozilla.firefox_beta/u0a88} (pid=30877, > uid=10088) not exported from uid 10124 > > This is a lot like > > https://commonsware.com/blog/2012/07/09/dont-advertise-intent-filters-that- > are-not-yours.html > > Marcia, could you open Android Settings, Apps, find Boingo Wi-Finder, tap > it, scroll to the bottom, and: > > 1. Tell me if it says "NO DEFAULTS SET" > 2. Tap "Clear defaults" > 3. See if you can still repro? Confirming it says "NO DEFAULT SET" I cleared the defaults for that app Haven't yet been able to repro
Flags: needinfo?(mozillamarcia.knous)
Comment 8•9 years ago
|
||
Comment on attachment 8622021 [details] [diff] [review] Don't query for non-exported activities, don't crash if we fail to launch one. v1 Looks safe enough to try
Attachment #8622021 -
Flags: review?(mark.finkle) → review+
Assignee | ||
Comment 9•9 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/7d94ea57d5a0
Assignee | ||
Comment 10•9 years ago
|
||
Requesting tracking, 'cos this seems to be a topcrash.
tracking-fennec: --- → ?
Comment 11•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/7d94ea57d5a0
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 41
Assignee | ||
Comment 12•9 years ago
|
||
ni me to request uplift. Nightly isn't being updated right now, so we need to wait for broader testing.
Flags: needinfo?(rnewman)
Comment 13•9 years ago
|
||
tracking+ because this doesn't look like a regression, but we can track for a specific release if we decide to uplift.
tracking-fennec: ? → +
Assignee | ||
Comment 14•9 years ago
|
||
Comment on attachment 8622021 [details] [diff] [review] Don't query for non-exported activities, don't crash if we fail to launch one. v1 Approval Request Comment [Feature/regressing bug #]: Long-standing. This should definitely go up to Aurora. Release owner can make the call whether the potential reduction is worth taking on Beta; Nightly volume isn't enough to be sure of the fix, particularly with the delay in updates this week, but there have been no crashes on fixed Nightly versions. [User impact if declined]: 4000+ crashes per week. [Describe test coverage new/current, TreeHerder]: Manual testing, touches a chunk of code that gets exercised a lot. [Risks and why]: Possibility of screwing up offering external app links or share destinations. Why? Lots of crashes. This is a sane and small fix, involving an extra catch block and then a filter to exclude activities that we definitely should not be trying to launch. [String/UUID change made/needed]: None.
Flags: needinfo?(rnewman)
Attachment #8622021 -
Flags: approval-mozilla-beta?
Attachment #8622021 -
Flags: approval-mozilla-aurora?
Comment 15•9 years ago
|
||
Comment on attachment 8622021 [details] [diff] [review] Don't query for non-exported activities, don't crash if we fail to launch one. v1 Top crash, taking the fix in aurora.
Attachment #8622021 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 16•9 years ago
|
||
Needs minor rebasing for Aurora, so I'll land this.
Whiteboard: [native-crash] → [native-crash][needs branch patch]
Assignee | ||
Comment 17•9 years ago
|
||
https://hg.mozilla.org/mozilla-aurora/rev/7bf817d87b5a
Assignee | ||
Updated•9 years ago
|
status-firefox38:
--- → wontfix
status-firefox38.0.5:
--- → wontfix
status-firefox39:
--- → affected
status-firefox40:
--- → fixed
Whiteboard: [native-crash][needs branch patch] → [native-crash]
Comment 18•9 years ago
|
||
Comment on attachment 8622021 [details] [diff] [review] Don't query for non-exported activities, don't crash if we fail to launch one. v1 Let's take this for beta in hopes it will decrease the crash rate.
Attachment #8622021 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Updated•9 years ago
|
Comment 21•9 years ago
|
||
I've reproduced this crash on Firefox 38.0.5 when I downloaded a .srt file, then clicked on the notification bar to open it. Previously I have installed the Wikipedia app. https://crash-stats.mozilla.com/report/index/5c21a926-371f-4b60-9fbb-165152150624 Using the same steps I'm not able to reproduce on Firefox 39.0b8 build6. Tested on Nexus 4 (5.1.1). Verifying as fixed on Firefox 39.
Updated•9 years ago
|
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•