[tbb-bugs] #31144 [Applications/Tor Browser]: ESR68 Network Code Review
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 14 18:20:12 UTC 2019
#31144: ESR68 Network Code Review
-------------------------------------------------+-------------------------
Reporter: pili | Owner: tbb-
| team
Type: task | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201910R, tbb-9.0 | Actual Points:
-alpha-must |
Parent ID: | Points: 10
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mikeperry):
Replying to [comment:15 sysrqb]:
> (continuing...)
>
> Replying to [comment:11 mikeperry]:
> > - BrowserApp.java (see also onNewIntent() delegation to
BrowserAppDelegates list)
>
> Can you provide a link for this? I'm missing it somehow.
In ./mobile/android/base/java/org/mozilla/gecko/BrowserApp.java search for
BrowserAppDelegate (sorry, no s). That type is used to create a list of
things that have Activity related things passed to them. I think it might
be harmless though.
> > 4. android.content.Intent startActivity() usage (may or may not be
unsafe depending on circumstance :/)
> > - ActivityHandlerHelper - Good candidate to patch for external
activities, but not everything uses it :/
> > - BrowserApp.onUrlOpenWithRefferer () - Might be able to launch
other apps if OPEN_WITH_INTENT flag is set?
>
> Caught by forcing above prompt.
Wait, both of these call startActivity() directly with an intent. Forcing
the prompy from IntentHelper will NOT catch these.
If ActivityHandlerHelper was patched to call into IntentHelper (or add its
own prompt), then all the things that us it would prompt, but BrowserApp
doesn't use either of the Helper classes to handle its Intents.
> > 6. android.app.PendingIntent
> > - ChromeCastDisplay.java - probably want to make sure this is
disabled?
>
> Disabled.
>
> > - CustomTabsActivity.performPendingIntent - again, hard to tell
what is happening here
>
> These seem like they could be arbitrary actions.
Hrmm.. should we patch that somehow, or assume it is handled when the
Intent is finally delivered?
> > 7. android.app.DownloadManager
> > - DownloadsIntegration.java uses it, but has a check for
useSystemDownloadManager() to avoid using it
> > - BrowserApp.java uses it to download items without any checks
> >
>
> This is controlled by
`browser.download.forward_oma_android_download_manager` which is false.
(https://bugzilla.mozilla.org/show_bug.cgi?id=1253684 which is
restricted?). I'll add this into the override file, just so we aren't
surprised by a change later.
Are we sure that pref governs both usages of the download mamager? I did
not see any checks in the BrowserApp itself.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31144#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list