When auditing the flutter android embedder we discovered that we have design pattern that makes it easy to accidentally introduce vulnerabilities. Specifically in
|
public static FlutterShellArgs fromIntent(@NonNull Intent intent) { |
the pattern of trusting flags that can be set by a malicious app in release mode should be modified.
Non public docs: go/flutter-android-intent-based-flag-analysis go/flutter-fragment-flag-security-analysis
This issue tracks both the design review process and implementation of a better system for enabling engine flags in release mode.
Ideally there would be no way to set flags with intent values, possibly by using android manifest flags to set values in release builds. If that proves non feasible then creating an allow list of flags that can be set in release mode should be the next option.
When auditing the flutter android embedder we discovered that we have design pattern that makes it easy to accidentally introduce vulnerabilities. Specifically in
flutter/engine/src/flutter/shell/platform/android/io/flutter/embedding/engine/FlutterShellArgs.java
Line 70 in 404fb3f
Non public docs: go/flutter-android-intent-based-flag-analysis go/flutter-fragment-flag-security-analysis
This issue tracks both the design review process and implementation of a better system for enabling engine flags in release mode.
Ideally there would be no way to set flags with intent values, possibly by using android manifest flags to set values in release builds. If that proves non feasible then creating an allow list of flags that can be set in release mode should be the next option.