[tbb-bugs] #31144 [Applications/Tor Browser]: ESR68 Network Code Review
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 11 19:33:53 UTC 2019
#31144: ESR68 Network Code Review
-------------------------------------------------+-------------------------
Reporter: pili | Owner: tbb-
| team
Type: task | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201910R, tbb-9.0 | Actual Points:
-alpha-must |
Parent ID: | Points: 10
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by sysrqb):
(continuing...)
Replying to [comment:11 mikeperry]:
> 3. IntentHelper openUriExternal usage - maybe we should just patch this
to always prompt?
This seems like the easiest solution. I'll add that.
> - ActivityStreamContextMenu.java
Caught by forcing above prompt.
> - BrowserApp.java (see also onNewIntent() delegation to
BrowserAppDelegates list)
Can you provide a link for this? I'm missing it somehow.
> - ChromeCastDisplay.java
We unset `MOZ_NATIVE_DEVICES` which excludes this.
> - HomeFragment.java
Caught by forcing above prompt.
> 4. android.content.Intent startActivity() usage (may or may not be
unsafe depending on circumstance :/)
> - ActivityHandlerHelper - Good candidate to patch for external
activities, but not everything uses it :/
> - BrowserApp.onUrlOpenWithRefferer () - Might be able to launch other
apps if OPEN_WITH_INTENT flag is set?
Caught by forcing above prompt.
> - CustomTabsActivity.java - Several methods emit potentially external
Intents
My only concern here is `onLoadRequest()` when the scheme isn't handled by
the browser. That's the only place where the user wasn't prompted. I don't
know how the customtabs UI should handle this situation. We can break this
functionality for now, until we find how this should be done correctly.
> - WebAppActivity.onLoadRequest()
WebActivities can't be installed from PBM (which is the new default tab
mode). There will be a weird situation at the next upgrade, because
WebApps worked in the current stable due to normal tabs being usable. In
the next release, only private tabs will be used (by default). I don't
know what will happen if a webapp is loaded in PBM, it seems like they
will still work.
> - BasicGeckoViewPrompt.onFilePrompt()
> - GeckoViewActivity.onExternalResponse()
This is not part of the app (geckoview_example). We should patch these in
the future.
> 5. Intent bindService() usage:
> - SurfaceAllocator - no idea what is happening here :/
Connecting the app to a background service.
> - RemoteManager - no idea what is happening here :/
Needs `MediaManager` which is excluded.
> 6. android.app.PendingIntent
> - ChromeCastDisplay.java - probably want to make sure this is
disabled?
Disabled.
> - CustomTabsActivity.performPendingIntent - again, hard to tell what
is happening here
These seem like they could be arbitrary actions.
> 7. android.app.DownloadManager
> - DownloadsIntegration.java uses it, but has a check for
useSystemDownloadManager() to avoid using it
> - BrowserApp.java uses it to download items without any checks
>
This is controlled by
`browser.download.forward_oma_android_download_manager` which is false.
(https://bugzilla.mozilla.org/show_bug.cgi?id=1253684 which is
restricted?). I'll add this into the override file, just so we aren't
surprised by a change later.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31144#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list