New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict intents sent to control FTP server to Amaze only #1815
Restrict intents sent to control FTP server to Amaze only #1815
Conversation
|
Nice solution! |
app/src/main/AndroidManifest.xml
Outdated
| @@ -23,6 +23,9 @@ | |||
| xmlns:tools="http://schemas.android.com/tools" | |||
| package="com.amaze.filemanager"> | |||
|
|
|||
| <permission android:name="com.amaze.filemanager.permission.CONTROL_FTP_SERVER" | |||
| android:protectionLevel="signature" /> | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
protectionLevel="signature" is a bit much isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems dangerous can still prevent unintended intents sent to FtpReceiver.
|
Using this code I am unable to start the service from another app, any ideas? |
Added custom permission to control FTP server, so only Amaze/apps explicitly granted such permission can send intent to start/stop FTP server.
3b48089
to
51cea24
Compare
I got this when I fire the intent from "another app" to Amaze. Not sure if it's related to changes to Android system... was trying on Pixel 2 emulator running Android 9.0; didn't try on earlier versions of Android though. Ref: https://commonsware.com/blog/2017/04/11/android-o-implicit-broadcast-ban.html |
|
@TranceLove AFAIK,'implicit' is when it is not defined in the manifest. |
Tried again on physical devices... possibly you didn't explicitly grant permission to the app. Don't know how to make the permission to appear on app install though...
So I'm standing with my guess. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Accepted to fix urgent issue.
|
@TranceLove please upload the sample app/code as a project on AmazeTeam. |
Restrict intents sent to control FTP server to Amaze only


Per mail discussion offline it is found that any app may fire an Intent with action com.amaze.filemanager.services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER or com.amaze.filemanager.services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER to control Amaze's built-in FTP server without user acknowledgement.
Changes in changeset
This supercedes #1814 which contained unfinished code that makes the PR difficult to understand. Its work (to work out a way to allow third-party apps to start/stop Amaze's FTP server) will continue on another PR.