Open Bug 1699723 Opened 4 years ago Updated 3 years ago

Catch SecurityException when calling startActivity with intent

Categories

(GeckoView :: General, defect, P2)

Product:
GeckoView
Component:
General
Platform:
Unspecified
All
Type:
defect

Tracking

(Not tracked)

People

(Reporter: royang, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [geckoview:m94?] [geckoview:2022h2?])

There's always a chance when trying to startActivity with intent a SecurityException can be thrown. Handle SecurityException when starting activity and handle it as a failure case.

Example stack:
java.lang.SecurityException
at android.os.Parcel.createException(Parcel.java:2074)
at android.os.Parcel.readException(Parcel.java:2042)
at android.os.Parcel.readException(Parcel.java:1990)
at android.app.IActivityTaskManager$Stub$Proxy.startActivity(IActivityTaskManager.java:3973)
at android.app.Instrumentation.execStartActivity(Instrumentation.java:1716)
at android.app.Activity.startActivityForResult(Activity.java:5258)
at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:6)
at android.app.Activity.startActivityForResult(Activity.java:5216)
at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:3)
at android.app.Activity.startActivity(Activity.java:5587)
at android.app.Activity.startActivity(Activity.java:5555)
at org.mozilla.geckoview.BasicSelectionActionDelegate.performAction(BasicSelectionActionDelegate.java:2)
at mozilla.components.browser.engine.gecko.selection.GeckoSelectionActionDelegate.performAction(GeckoSelectionActionDelegate.kt:2)
at org.mozilla.geckoview.BasicSelectionActionDelegate.onActionItemClicked(BasicSelectionActionDelegate.java:9)
at org.mozilla.geckoview.BasicSelectionActionDelegate$Callback2Wrapper.onActionItemClicked(BasicSelectionActionDelegate.java:1)
at com.android.internal.policy.DecorView$ActionModeCallback2Wrapper.onActionItemClicked(DecorView.java:2684)
at com.android.internal.view.FloatingActionMode$3.onMenuItemSelected(FloatingActionMode.java:98)
at com.android.internal.view.menu.MenuBuilder.dispatchMenuItemSelected(MenuBuilder.java:787)
at com.android.internal.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:151)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:934)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:924)
at com.android.internal.view.FloatingActionMode.lambda$setFloatingToolbar$0$FloatingActionMode(FloatingActionMode.java:123)
at com.android.internal.view.-$$Lambda$FloatingActionMode$LU5MpPuKYDtwlFAuYhXYfzgLNLE.onMenuItemClick(Unknown Source:2)
at com.android.internal.widget.FloatingToolbar$FloatingToolbarPopup.lambda$createOverflowPanel$2$FloatingToolbar$FloatingToolbarPopup(FloatingToolbar.java:1475)
at com.android.internal.widget.-$$Lambda$FloatingToolbar$FloatingToolbarPopup$E8FwnPCl7gZpcTlX_UaRPIBRnT0.onItemClick(Unknown Source:8)
at android.widget.AdapterView.performItemClick(AdapterView.java:330)
at android.widget.AbsListView.performItemClick(AbsListView.java:1219)
at android.widget.AbsListView$PerformClick.run(AbsListView.java:3230)
at android.widget.AbsListView.onTouchUp(AbsListView.java:4202)
at android.widget.AbsListView.onTouchEvent(AbsListView.java:3944)
at android.view.View.dispatchTouchEvent(View.java:13484)
at android.view.ViewGroup.dispatchTransformedTouchEvent(ViewGroup.java:3082)
at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:2767)
at com.android.internal.widget.FloatingToolbar$FloatingToolbarPopup$OverflowPanel.dispatchTouchEvent(FloatingToolbar.java:1580)
at android.view.ViewGroup.dispatchTransformedTouchEvent(ViewGroup.java:3088)
at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:2781)
at android.view.ViewGroup.dispatchTransformedTouchEvent(ViewGroup.java:3110)
at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:2781)
at android.view.ViewGroup.dispatchTransformedTouchEvent(ViewGroup.java:3088)
at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:2781)
at android.view.ViewGroup.dispatchTransformedTouchEvent(ViewGroup.java:3088)
at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:2781)
at android.widget.PopupWindow$PopupDecorView.dispatchTouchEvent(PopupWindow.java:2581)
at android.view.View.dispatchPointerEvent(View.java:13745)
at android.view.ViewRootImpl$ViewPostImeInputStage.processPointerEvent(ViewRootImpl.java:5636)
at android.view.ViewRootImpl$ViewPostImeInputStage.onProcess(ViewRootImpl.java:5436)
at android.view.ViewRootImpl$InputStage.deliver(ViewRootImpl.java:4937)
at android.view.ViewRootImpl$InputStage.onDeliverToNext(ViewRootImpl.java:4990)
at android.view.ViewRootImpl$InputStage.forward(ViewRootImpl.java:4956)
at android.view.ViewRootImpl$AsyncInputStage.forward(ViewRootImpl.java:5096)
at android.view.ViewRootImpl$InputStage.apply(ViewRootImpl.java:4964)
at android.view.ViewRootImpl$AsyncInputStage.apply(ViewRootImpl.java:5153)
at android.view.ViewRootImpl$InputStage.deliver(ViewRootImpl.java:4937)
at android.view.ViewRootImpl$InputStage.onDeliverToNext(ViewRootImpl.java:4990)
at android.view.ViewRootImpl$InputStage.forward(ViewRootImpl.java:4956)
at android.view.ViewRootImpl$InputStage.apply(ViewRootImpl.java:4964)
at android.view.ViewRootImpl$InputStage.deliver(ViewRootImpl.java:4937)
at android.view.ViewRootImpl.deliverInputEvent(ViewRootImpl.java:7689)
at android.view.ViewRootImpl.doProcessInputEvents(ViewRootImpl.java:7658)
at android.view.ViewRootImpl.enqueueInputEvent(ViewRootImpl.java:7619)
at android.view.ViewRootImpl$WindowInputEventReceiver.onInputEvent(ViewRootImpl.java:7819)
at android.view.InputEventReceiver.dispatchInputEvent(InputEventReceiver.java:251)
at android.os.MessageQueue.nativePollOnce(Native Method)
at android.os.MessageQueue.next(MessageQueue.java:336)
at android.os.Looper.loop(Looper.java:181)
at android.app.ActivityThread.main(ActivityThread.java:7562)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:539)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950)

Severity: -- → S4
Priority: -- → P3

Roger, do we see this in the wild?

Flags: needinfo?(royang)

Yes, not sure how the crash can be reproduced but the stack is from a crash reported in the wild.

Flags: needinfo?(royang)

Updated this bug with the bugs/issues related to this. Agi has said it was a Fenix issue and Roger said it was a GV issue.

Blocks: 1694983
See Also: → https://github.com/mozilla-mobile/fenix/issues/18238

A workaround was put in A-C to avoid crashing https://github.com/mozilla-mobile/android-components/commit/6ef12c65b3b66c6f96aba40228d7258d4f52e75a.

However, I think BasicSelectionActionDelegate should catch SecurityException since usually the intent is coming from a link, there could be cases that a site will target an activity that Android deems dangerous. The user of BasicSelectionActionDelegate might not understand this.

I agree this is something GeckoView should handle, unfortunately there are a lot of different causes under the same signature. I think we're doing some work around there to make it better so they don't all show up in the same signature.

I'm resetting priority since this is something that we see in the wild and should probably address sooner rather than later.

Severity: S4 → --
Priority: P3 → --
Severity: -- → S3
Priority: -- → P2
Whiteboard: [geckoview:m90]
Whiteboard: [geckoview:m90] → [geckoview:m90?]
Whiteboard: [geckoview:m90?] → [geckoview:m91?]
Whiteboard: [geckoview:m91?] → [geckoview:m93?]
Whiteboard: [geckoview:m93?] → [geckoview:m94?]
Whiteboard: [geckoview:m94?] → [geckoview:m94?] [geckoview:2022h2?]
You need to log in before you can comment on or make changes to this bug.