一、前言
public activity可任意引用的应用程序。其风险是恶意软件可以接收或发送intent到public Activity,注意事项有:1、显式设置导出属性为true。@b@2、注意接收到的intent是否为恶意。@b@3、返回结果时不能包含敏感数据。
二、代码示例
1.AndroidManifest.xml<?xml version="1.0" encoding="utf-8"?>?@b@@b@ @b@ @b@ @b@ ?@b@ @b@ @b@ @b@ @b@ @b@ @b@ @b@ @b@ @b@ @b@
2.PublicActivity.javapackage org.jssec.android.activity.publicactivity;@b@ @b@import android.app.Activity;@b@import android.content.Intent;@b@import android.os.Bundle;@b@import android.view.View;@b@import android.widget.Toast;@b@ @b@public class PublicActivity extends Activity {@b@ @b@ @Override public void onCreate(Bundle savedInstanceState) {@b@ super.onCreate(savedInstanceState); setContentView(R.layout.main); @b@ String param = getIntent().getStringExtra("PARAM"); @b@ Toast.makeText(this, String.format("Received param: ¥"%s¥"", param), Toast.LENGTH_LONG).show();@b@ } @b@ public void onReturnResultClick(View view) { @b@ Intent intent = new Intent(); @b@ intent.putExtra("RESULT", "Not Sensitive Info"); @b@ setResult(RESULT_OK, intent); finish();@b@ }@b@}
3.PublicUserActivity.javapackage org.jssec.android.activity.publicuser;@b@ @b@import android.app.Activity; @b@import android.content.ActivityNotFoundException;@b@import android.content.Intent; @b@import android.os.Bundle; @b@import android.view.View; @b@import android.widget.Toast;@b@ @b@public class PublicUserActivity extends Activity {@b@ @b@ private static final int REQUEST_CODE = 1;@b@ @b@ @Override public void onCreate(Bundle savedInstanceState) {@b@ super.onCreate(savedInstanceState);@b@ setContentView(R.layout.main);@b@ }@b@ @b@ public void onUseActivityClick(View view) {@b@ @b@ try { @b@ Intent intent = new Intent("org.jssec.android.activity.MY_ACTION"); @b@ intent.putExtra("PARAM", "Not Sensitive Info");@b@ startActivityForResult(intent, REQUEST_CODE);@b@ } catch (ActivityNotFoundException e) { @b@ Toast.makeText(this, "Target activity not found.", Toast.LENGTH_LONG).show();@b@ }@b@ }@b@ @b@ @Override @b@ public void onActivityResult(int requestCode, int resultCode, Intent data) {@b@ super.onActivityResult(requestCode, resultCode, data); @b@ @b@ if (resultCode != RESULT_OK) return; @b@ switch (requestCode) { @b@ case REQUEST_CODE:@b@ String result = data.getStringExtra("RESULT"); @b@ Toast.makeText(this, String.format("Received result: ¥"%s¥"", result), @b@ Toast.LENGTH_LONG).show();@b@ break;@b@ }@b@ }@b@}