Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SecurityException in UsersAndGroupsSearchProvider #12616

Merged
merged 1 commit into from
Feb 29, 2024
Merged

Fix SecurityException in UsersAndGroupsSearchProvider #12616

merged 1 commit into from
Feb 29, 2024

Conversation

ZetaTom
Copy link
Collaborator

@ZetaTom ZetaTom commented Feb 28, 2024

This change fixes an issue where java.lang.SecurityException would be displayed when searching for sharees. Because of a hard-coded string this only affected non-vanilla builds.

Stacktrace of exception 

SuggestionsAdapter      com.nextcloud.android.qa             W  Search suggestions cursor threw exception. 
                                                                java.lang.SecurityException: Permission Denial: opening provider com.owncloud.android.providers.UsersAndGroupsSearchProvider from ProcessRecord{9b498c4 3310:com.nextcloud.android.qa/u0a144} (pid=3310, uid=10144) that is not exported from UID 10143 
                                                                        at android.os.Parcel.createExceptionOrNull(Parcel.java:3057)
                                                                        at android.os.Parcel.createException(Parcel.java:3041)
                                                                        at android.os.Parcel.readException(Parcel.java:3024)
                                                                        at android.os.Parcel.readException(Parcel.java:2966)
                                                                        at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:5906)
                                                                        at android.app.ActivityThread.acquireProvider(ActivityThread.java:7310)
                                                                        at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:3668)
                                                                        at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:2542)
                                                                        at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:2027)
                                                                        at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1858)
                                                                        at android.content.ContentResolver.openInputStream(ContentResolver.java:1528)
                                                                        at androidx.appcompat.widget.SuggestionsAdapter.getDrawable(SuggestionsAdapter.java:559)
                                                                        at androidx.appcompat.widget.SuggestionsAdapter.getDrawableFromResourceValue(SuggestionsAdapter.java:532)
                                                                        at androidx.appcompat.widget.SuggestionsAdapter.getIcon1(SuggestionsAdapter.java:365)
                                                                        at androidx.appcompat.widget.SuggestionsAdapter.bindView(SuggestionsAdapter.java:309)
                                                                        at androidx.cursoradapter.widget.CursorAdapter.getView(CursorAdapter.java:274)
                                                                        at androidx.appcompat.widget.SuggestionsAdapter.getView(SuggestionsAdapter.java:449)
                                                                        at android.widget.AbsListView.obtainView(AbsListView.java:2466)
                                                                        at android.widget.DropDownListView.obtainView(DropDownListView.java:305)
                                                                        at android.widget.ListView.makeAndAddView(ListView.java:2065)
                                                                        at android.widget.ListView.fillDown(ListView.java:791)
                                                                        at android.widget.ListView.fillFromTop(ListView.java:853)
                                                                        at android.widget.ListView.layoutChildren(ListView.java:1836)
                                                                        at android.widget.AbsListView.onLayout(AbsListView.java:2263)
                                                                        at android.view.View.layout(View.java:24421)
                                                                        at android.view.ViewGroup.layout(ViewGroup.java:6440)
                                                                        at android.widget.FrameLayout.layoutChildren(FrameLayout.java:332)
                                                                        at android.widget.FrameLayout.onLayout(FrameLayout.java:270)
                                                                        at android.view.View.layout(View.java:24421)
                                                                        at android.view.ViewGroup.layout(ViewGroup.java:6440)
                                                                        at android.widget.FrameLayout.layoutChildren(FrameLayout.java:332)
                                                                        at android.widget.FrameLayout.onLayout(FrameLayout.java:270)
                                                                        at android.view.View.layout(View.java:24421)
                                                                        at android.view.ViewGroup.layout(ViewGroup.java:6440)
                                                                        at android.view.ViewRootImpl.performLayout(ViewRootImpl.java:4258)
                                                                        at android.view.ViewRootImpl.performTraversals(ViewRootImpl.java:3583)
                                                                        at android.view.ViewRootImpl.doTraversal(ViewRootImpl.java:2465)
                                                                        at android.view.ViewRootImpl$TraversalRunnable.run(ViewRootImpl.java:9305)
                                                                        at android.view.Choreographer$CallbackRecord.run(Choreographer.java:1339)
                                                                        at android.view.Choreographer$CallbackRecord.run(Choreographer.java:1348)
                                                                        at android.view.Choreographer.doCallbacks(Choreographer.java:952)
                                                                        at android.view.Choreographer.doFrame(Choreographer.java:882)
                                                                        at android.view.Choreographer$FrameDisplayEventReceiver.run(Choreographer.java:1322)
                                                                        at android.os.Handler.handleCallback(Handler.java:958)
                                                                        at android.os.Handler.dispatchMessage(Handler.java:99)
                                                                        at android.os.Looper.loopOnce(Looper.java:205)
                                                                        at android.os.Looper.loop(Looper.java:294)
                                                                        at android.app.ActivityThread.main(ActivityThread.java:8177)
                                                                        at java.lang.reflect.Method.invoke(Native Method)
                                                                        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:552)
                                                                        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:971)

Fixes #11712

  • Tests written, or not not needed

@ZetaTom ZetaTom linked an issue Feb 28, 2024 that may be closed by this pull request
SecurityException when searching for sharee #11712
Closed
4 tasks
@github-actions GitHub Actions
Copy link

Codacy

Lint

TypemasterPR
Warnings6969
Errors33

SpotBugs

CategoryBaseNew
Bad practice6868
Correctness7171
Dodgy code351351
Experimental22
Internationalization77
Malicious code vulnerability22
Multithreaded correctness66
Performance5656
Security1919
Total582582

@github-actions GitHub Actions
Copy link

APK file: https://www.kaminsky.me/nc-dev/android-artifacts/12616.apk

qrcode

To test this change/fix you can simply download above APK file and install and test it in parallel to your existing Nextcloud app.

@ZetaTom ZetaTom enabled auto-merge February 28, 2024 11:33
@ZetaTom ZetaTom merged commit 3e75f35 into master Feb 29, 2024
21 checks passed
@delete-merged-branch delete-merged-branch bot deleted the fix/11712-securityexception-when-searching-for-sharee branch February 29, 2024 15:01
@ZetaTom
Copy link
Collaborator Author

ZetaTom commented Mar 5, 2024

/backport to stable-3.28

@backportbot backportbot bot mentioned this pull request Mar 5, 2024
Merged
@AndyScherzinger AndyScherzinger added this to the Nextcloud App 3.29.0 milestone Mar 5, 2024
@github-actions GitHub Actions
Copy link

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alperozturk96 alperozturk96 alperozturk96 approved these changes

@tobiasKaminsky tobiasKaminsky Awaiting requested review from tobiasKaminsky

@JonasMayerDev JonasMayerDev Awaiting requested review from JonasMayerDev

Assignees
No one assigned
Labels
3. to review feedback-requested
Projects
None yet
Milestone
Nextcloud App 3.29.0
Development

Successfully merging this pull request may close these issues.

SecurityException when searching for sharee
3 participants
@ZetaTom @alperozturk96 @AndyScherzinger