(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
If an app is using a granted permission to respond to a calling app then it must check that the calling app has that permission as well. Otherwise, the responding app may be granting privileges to the calling app that it should not have. (This is sometimes called the "confused deputy" problem.)
The methods Context.checkCallingPermission()
and Context.enforceCallingPermission()
can be used to ensure that the calling app has the correct permissions.
Noncompliant Code Example
This noncompliant code example shows an app responding to a calling app without first checking the permissions of the calling app.
TBD
Compliant Solution
In this compliant solution the permissions of the calling app are checked before the response is sent:
TBD
Risk Assessment
Responding to a calling app without checking that it has the appropriate permissions can leak sensitive information.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DRD14-J | High | Probable | Medium | P12 | L1 |
Automated Detection
It is not feasible to automatically detect whether an app's permissions need to be checked before responding to it.
Bibliography