如何解决有关导出的Firebase消息服务实现的android lint投诉？ [英] How to address android lint complaint about exported Firebase Messaging service implementations?

问题描述

遵循 Google开发者关于在我的应用中实施Firebase的说明，我注意到，Android lint抱怨。

这个想法是我们必须实施两项从Firebase服务继承的服务：

  public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService {...} 
 $ b $ public class MyFirebaseMessagingService extends FirebaseMessagingService {...} 
  

，然后在清单中注册这些服务。但是，这并不完美。特别是，这两个推荐的AndroidManifest.xml服务条目不包含任何特殊权限：

 < service android：name = .MyFirebaseMessagingService> 
< intent-filter> 
< action android：name =com.google.firebase.MESSAGING_EVENT/> 
< / intent-filter> 
< / service> 
 
< service android：name =。MyFirebaseInstanceIDService> 
< intent-filter> 
< action android：name =com.google.firebase.INSTANCE_ID_EVENT/> 
< / intent-filter> 
< / service> 
  

等linter说：

导出的服务（设置了exported = true或者包含intent-filter并且没有指定exported = false的服务）应该定义一个实体为了启动服务或绑定到服务而必须拥有的权限。如果没有这个，任何应用程序都可以使用这个服务。

我应该只添加这个属性到每个服务标签， p>

  tools：ignore =ExportedService
  

或者在这种情况下有更好的方法吗？我的意思是，这是暴露这些特定的Firebase派生的服务是这样的安全吗？解决方案

是暴露这些特定的Firebase派生的服务是这样吗？它是如果你信任清单文件中的这些服务的意见。
$ b $在Android Studio ，打开你的应用程序的AndroidManifest.xml文件。在窗口的底部，选择合并清单的标签。滚动查找 FirebaseMessagingService 的条目。双击包含服务名称的行。这个服务的清单文件应该打开，你会看到这个：

$ p $ < manifest xmlns：android =http：// schemas.android.com/apk/res/androidpackage =com.google.firebase.messaging>
< uses-sdk android：minSdkVersion =14/>

< application>

- FirebaseMessagingService在运行时执行安全检查，
不需要明确的权限，尽管exported =true - >
< service android：name =com.google.firebase.messaging.FirebaseMessagingServiceandroid：exported =true>
< intent-filter android：priority = - 500>
< action android：name =com.google.firebase.MESSAGING_EVENT/>
< / intent-filter>
< / service>

< / application>
< / manifest>


注意： FirebaseMessagingService在运行时执行安全检查，不需要显式权限=true

您可以对 FirebaseInstanceIdService 执行相同的注释。 / p>

如果您信任评论（我这样做），您可以安全地忽略lint警告或禁用检查。

Following the Google developer instructions on implementing Firebase in my app, I notice that android lint complains.

The idea is that we have to implement two services which inherit from Firebase services:

public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService { ... }

public class MyFirebaseMessagingService extends FirebaseMessagingService { ... }

and then register those services in the manifest. But, it's not quite perfect. In particular, these two recommended AndroidManifest.xml service entries do not contain any special permissions:

<service android:name=".MyFirebaseMessagingService">
    <intent-filter>
        <action android:name="com.google.firebase.MESSAGING_EVENT"/>
    </intent-filter>
</service>

<service android:name=".MyFirebaseInstanceIDService">
    <intent-filter>
        <action android:name="com.google.firebase.INSTANCE_ID_EVENT"/>
    </intent-filter>
</service>

and so the linter says:

Exported services (services which either set exported=true or contain an intent-filter and do not specify exported=false) should define a permission that an entity must have in order to launch the service or bind to it. Without this, any application can use this service.

Should I just add this attribute to each service tag and be done with it

tools:ignore="ExportedService"

or is there a better approach in this situation? I mean, is it safe to expose these particular Firebase derived services like this?

解决方案

You ask: ...is it safe to expose these particular Firebase derived services like this? It is if you trust the comments in the manifest files for these services.

In Android Studio, open your app's AndroidManifest.xml file. At the bottom of the window, select the tab for Merged Manifest. Scroll to find the entry for FirebaseMessagingService. Double-click on the line that contains the service name. The manifest file for the service should open and you will see this:

<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.google.firebase.messaging">
    <uses-sdk android:minSdkVersion="14"/>

    <application>

        <!-- FirebaseMessagingService performs security checks at runtime,
             no need for explicit permissions despite exported="true" -->
        <service android:name="com.google.firebase.messaging.FirebaseMessagingService" android:exported="true">
            <intent-filter android:priority="-500">
                <action android:name="com.google.firebase.MESSAGING_EVENT"/>
            </intent-filter>
        </service>

    </application>
</manifest>

Note the comment: FirebaseMessagingService performs security checks at runtime, no need for explicit permissions despite exported="true"

You can do the same for FirebaseInstanceIdService and see the same comment.

If you trust the comments (I do), you can safely ignore the lint warnings or disable the checks.

这篇关于如何解决有关导出的Firebase消息服务实现的android lint投诉？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！