Add enhanced manifest analysis: permission, component, and intent filter security

davideagostini · davideagostini · commit c6d8fd453f8a · 2026-02-17T20:52:56.000+01:00
diff --git a/test-app/app/src/main/AndroidManifest.xml b/test-app/app/src/main/AndroidManifest.xml
@@ -1,7 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android">
 
+    <!-- Dangerous permissions for testing -->
     <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+    <uses-permission android:name="android.permission.CAMERA" />
+    <uses-permission android:name="android.permission.READ_CONTACTS" />
+    <uses-permission android:name="android.permission.READ_SMS" />
+    <uses-permission android:name="android.permission.RECORD_AUDIO" />
+    <uses-permission android:name="android.permission.READ_CALL_LOG" />
 
     <application
         android:allowBackup="true"
@@ -17,7 +24,34 @@
                 <action android:name="android.intent.action.MAIN" />
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
+            <!-- Intent filter with data for testing -->
+            <intent-filter>
+                <action android:name="com.example.ACTION_VIEW" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:mimeType="text/plain" />
+            </intent-filter>
         </activity>
+
+        <!-- Exported Service without permission -->
+        <service
+            android:name=".MyService"
+            android:exported="true" />
+
+        <!-- Exported Broadcast Receiver without permission -->
+        <receiver
+            android:name=".MyReceiver"
+            android:exported="true">
+            <intent-filter>
+                <action android:name="com.example.ACTION_UPDATE" />
+            </intent-filter>
+        </receiver>
+
+        <!-- Exported Content Provider without permission -->
+        <provider
+            android:name=".MyProvider"
+            android:authorities="com.example.provider"
+            android:exported="true" />
+
     </application>
 
 </manifest>
diff --git a/test-app/build.gradle.kts b/test-app/build.gradle.kts
@@ -2,5 +2,4 @@
 plugins {
     id("com.android.application") version "8.2.2" apply false
     id("org.jetbrains.kotlin.android") version "1.9.22" apply false
-    id("com.davideagostini.analyzer") version "1.0.0" apply false
 }
diff --git a/test-app/settings.gradle.kts b/test-app/settings.gradle.kts
@@ -4,6 +4,9 @@ pluginManagement {
         mavenCentral()
         gradlePluginPortal()
     }
+    includeBuild("../") {
+        name = "android-build-analyzer"
+    }
 }
 
 dependencyResolutionManagement {

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,4 @@`
`2`	`2`	`plugins {`
`3`	`3`	`id("com.android.application") version "8.2.2" apply false`
`4`	`4`	`id("org.jetbrains.kotlin.android") version "1.9.22" apply false`
`5`		`- id("com.davideagostini.analyzer") version "1.0.0" apply false`
`6`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,9 @@ pluginManagement {`
`4`	`4`	`mavenCentral()`
`5`	`5`	`gradlePluginPortal()`
`6`	`6`	`}`
	`7`	`+ includeBuild("../") {`
	`8`	`+ name = "android-build-analyzer"`
	`9`	`+ }`
`7`	`10`	`}`
`8`	`11`
`9`	`12`	`dependencyResolutionManagement {`