• Home
• org.sonarsource.xml
• sonar-xml-plugin
• 2.8.1.4006
• source code
• S6359.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.xml.rules.xml.S6359.html Maven / Gradle / Ivy

Why is this an issue?
Defining a custom permission in the android.permission namespace may result in an unexpected permission assignment if a newer version
of Android adds a permission with the same name. It is recommended to use a namespace specific to the application for custom permissions.
Noncompliant code example
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.organization.app">

    <permission
        android:name="android.permission.MYPERMISSION" /> <!-- Noncompliant -->

</manifest>

Compliant solution
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.organization.app">

    <permission
        android:name="com.organization.app.permission.MYPERMISSION" />

</manifest>

Resources

  
 Mobile AppSec Verification
  Standard - Platform Interaction Requirements 
  
 OWASP Mobile Top 10 2016 Category M1 - Improper
  Platform Usage 
  
 MITRE, CWE-265 - Privilege Issues 
  
 MITRE, CWE-732 - Incorrect Permission Assignment for Critical Resource 
  
 developer.android.com - Define a Custom App Permission