android - 如何修复 UnsafeProtectedBroadcastReceiver？

Question

在我的 BroadcastReceiver 之后:

public class MyBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
       // my code
    }
}

它在 AndroidManifest 中注册:

<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

<receiver android:enabled="true"
            android:name=".MyBroadcastReceiver">
            <intent-filter>
                <action android:name="android.intent.action.DATE_CHANGED" />
                <action android:name="android.intent.action.BOOT_COMPLETED"/>
            </intent-filter>
</receiver>

linter在MyBroadcastReceiver的onReceive方法中报如下错误:

This broadcast receiver declares an intent-filter for a protected broadcast action string, which can only be sent by the system, not third-party applications. However, the receiver's onReceive method does not appear to call getAction to ensure that the received Intent's action string matches the expected value, potentially making it possible for another actor to send a spoofed intent with no action string or a different action string and cause undesired behavior. BroadcastReceivers that declare an intent-filter for a protected-broadcast action string must check that the received intent's action string matches the expected value, otherwise it is possible for malicious actors to spoof intents.

Issue id: UnsafeProtectedBroadcastReceiver

如何修复 UnsafeProtectedBroadcastReceiver？

Answer 1

过滤 Action ，就像它说的那样:

public class MyBroadcastReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
        switch (intent.getAction()) {
            case Intent.ACTION_DATE_CHANGED:
                //what you want to do
                break;
            case Intent.ACTION_BOOT_COMPLETED:
                //what you want to do
                break;
        }
    }
}

如果您不检查它，任何应用程序都可以通过指定类名在您的 Receiver 上“调用”BOOT_COMPLETED，因为这会绕过过滤器。