Closed Bug 1159390 Opened 5 years ago Closed 5 years ago

Set sharedUserId in robocop.apk

Categories

(Firefox for Android :: Testing, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 40
Tracking Status
firefox40 --- fixed

People

(Reporter: nalexander, Assigned: nalexander)

References

Details

Attachments

(1 file, 1 obsolete file)

Right now, the Fennec APK sets an Android sharedUserId and the Robocop APK does not.  You can see the sharedUserId by doing

$ aapt dump xmltree fennec-40.0a1.en-US.android-arm.apk AndroidManifest.xml | grep sharedUserId
    A: android:sharedUserId(0x0101000b)="org.mozilla.fennec.sharedID" (Raw: "org.mozilla.fennec.sharedID")

$ aapt dump xmltree robocop.apk AndroidManifest.xml | grep sharedUserId
(nothing)

I really have no idea how this works in the wild; I expect to see security errors across the board when the instrumentation APK and the target APK have different sharedUserIds.  Perhaps instrumentation is doing something interesting?  Regardless, I see security errors when building these APKs using Gradle, and we should set the sharedUserId for the Robocop APK.
/r/7793 - Bug 1159390 - Set sharedUserId in robocop.apk. r=gbrown

Pull down this commit:

hg pull -r 0544c161de5c4e0eedc4e929226a19a40fbb4e90 https://reviewboard-hg.mozilla.org/gecko/
Attachment #8598832 - Flags: review?(gbrown)
Comment on attachment 8598832 [details]
MozReview Request: bz://1159390/nalexander

https://reviewboard.mozilla.org/r/7791/#review6593

Ship It!
Attachment #8598832 - Flags: review?(gbrown) → review+
Assignee: nobody → nalexander
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/556e96942c27
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 40
Attachment #8598832 - Attachment is obsolete: true
Attachment #8620185 - Flags: review+
You need to log in before you can comment on or make changes to this bug.