Tainted data flow across components

Question

Tainted data flow across components

kyuen001 opened this issue 2 years ago · 0 comments

Can MT track data flow from a source to a sink that is located in another component?

public class Activity1 extends Activity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        Intent source = getIntent();    // getIntent() is the source

        Intent serviceIntent = new Intent(this, Service1.class);
        serviceIntent.setData(source.getData());
        startService(serviceIntent);
    }
}

public class Service1 extends Service{
    @Override
    public int onStartCommand(Intent intent, int flags, int startId) {
        sink(intent.getData());    // sink(Uri uri) is the sink
    }
}

Initially, I thought Shims could be used here where I could set:

the Intent constructor, new Intent(Context packageContext, Class<?> cls), as the shimmed-method,
and the lifecycle callbacks of Service as the shim-targets

However, (if I am not wrong) shim-targets are limited to the argument types of the shimmed-method, so I am unable to 'shim over' to Service1.