1159390 - Set sharedUserId in robocop.apk

Status: RESOLVED FIXED

(Firefox for Android Graveyard :: Testing, defect)

Description

[Nick Alexander :nalexander [he/him] (PTO Feb 24-March 3)]

Right now, the Fennec APK sets an Android sharedUserId and the Robocop APK does not.  You can see the sharedUserId by doing

$ aapt dump xmltree fennec-40.0a1.en-US.android-arm.apk AndroidManifest.xml | grep sharedUserId
    A: android:sharedUserId(0x0101000b)="org.mozilla.fennec.sharedID" (Raw: "org.mozilla.fennec.sharedID")

$ aapt dump xmltree robocop.apk AndroidManifest.xml | grep sharedUserId
(nothing)

I really have no idea how this works in the wild; I expect to see security errors across the board when the instrumentation APK and the target APK have different sharedUserIds.  Perhaps instrumentation is doing something interesting?  Regardless, I see security errors when building these APKs using Gradle, and we should set the sharedUserId for the Robocop APK.

Comment 1

[Nick Alexander :nalexander [he/him] (PTO Feb 24-March 3)]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=0544c161de5c

Comment 2

[Nick Alexander :nalexander [he/him] (PTO Feb 24-March 3)]

Attachment: MozReview Request: bz://1159390/nalexander

/r/7793 - Bug 1159390 - Set sharedUserId in robocop.apk. r=gbrown

Pull down this commit:

hg pull -r 0544c161de5c4e0eedc4e929226a19a40fbb4e90 https://reviewboard-hg.mozilla.org/gecko/

Comment 3

[Geoff Brown [:gbrown]]

Comment on attachment 8598832 [details]
MozReview Request: bz://1159390/nalexander

https://reviewboard.mozilla.org/r/7791/#review6593

Ship It!

Comment 4

[Nick Alexander :nalexander [he/him] (PTO Feb 24-March 3)]

https://hg.mozilla.org/integration/fx-team/rev/556e96942c27

Comment 5

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/556e96942c27

Comment 7

[Nick Alexander :nalexander [he/him] (PTO Feb 24-March 3)]

Attachment: MozReview Request: Bug 1159390 - Set sharedUserId in robocop.apk. r=gbrown