From cd1b08e1e239269f7d0d48119505313f52d3dd5a Mon Sep 17 00:00:00 2001 From: Scott Main Date: Tue, 27 Dec 2011 16:22:27 -0800 Subject: docs: fix broken links in .jd docs Change-Id: Ide8bb1a11a704d6821b52a0128b24a76de2e707f --- docs/html/guide/practices/screens-support-1.5.jd | 2 +- docs/html/guide/practices/security.jd | 103 ++++++++++------------ docs/html/guide/practices/tablets-and-handsets.jd | 2 +- 3 files changed, 48 insertions(+), 59 deletions(-) (limited to 'docs/html/guide/practices') diff --git a/docs/html/guide/practices/screens-support-1.5.jd b/docs/html/guide/practices/screens-support-1.5.jd index 9f033b4..4c6fb99 100644 --- a/docs/html/guide/practices/screens-support-1.5.jd +++ b/docs/html/guide/practices/screens-support-1.5.jd @@ -46,7 +46,7 @@ android:targetSdkVersion} set to {@code "4"} or higher, then this document i default, an application written for Android 1.5 or below that does not set the {@code android:targetSdkVersion} set to {@code "4"} or higher runs in screen compatibility mode when on a device with a screen larger than +href="screen-compat-mode.html">screen compatibility mode when on a device with a screen larger than the normal screen size (basically, the system displays the application in a small window that is roughly the size of the normal screen size).

diff --git a/docs/html/guide/practices/security.jd b/docs/html/guide/practices/security.jd index 476c301..eeaac44 100644 --- a/docs/html/guide/practices/security.jd +++ b/docs/html/guide/practices/security.jd @@ -126,8 +126,8 @@ applications.

Use of world writable or world readable files for IPC is discouraged because it does not provide +href="{@docRoot}reference/android/content/Context.html#MODE_WORLD_READABLE">world +readable files for IPC is discouraged because it does not provide the ability to limit data access to particular applications, nor does it provide any control on data format. As an alternative, you might consider using a ContentProvider which provides read and write permissions, and can make @@ -199,10 +199,10 @@ ContentProvider.

ContentProviders can also provide more granular access by declaring the grantUriPermissions element and using the FLAG_GRANT_READ_URI_PERMISSION and FLAG_GRANT_WRITE_URI_PERMISSION flags in the Intent object +href="{@docRoot}reference/android/content/Intent.html#FLAG_GRANT_READ_URI_PERMISSION">FLAG_GRANT_READ_URI_PERMISSION +and FLAG_GRANT_WRITE_URI_PERMISSION +flags in the Intent object that activates the component. The scope of these permissions can be further limited by the @@ -211,14 +211,9 @@ grant-uri-permission element.

When accessing a ContentProvider, use parameterized query methods such as -query(), update(), and delete() to avoid +query(), update(), and delete() to avoid potential SQL Injection from untrusted data. Note that using parameterized methods is not sufficient if the selection is built by concatenating user data @@ -249,8 +244,9 @@ href="{@docRoot}reference/android/R.styleable.html#AndroidManifestActivity"> Activities, and Services are all declared in the application manifest. If your IPC mechanism is -not intended for use by other applications, set the android:exported property -to false. This is useful for applications that consist of multiple processes +not intended for use by other applications, set the {@code android:exported} +property to false. This is useful for applications that consist of multiple processes within the same UID, or if you decide late in development that you do not actually want to expose functionality as IPC but you don’t want to rewrite the code.

@@ -276,11 +272,10 @@ activity.

Intents are the preferred mechanism for asynchronous IPC in Android. Depending on your application requirements, you might use sendBroadcast(), sendOrderedBroadcast(), or -direct an intent to a specific application component.

+href="{@docRoot}reference/android/content/Context.html#sendBroadcast(android.content.Intent)">sendBroadcast(), +sendOrderedBroadcast(), +or direct an intent to a specific application component.

Note that ordered broadcasts can be “consumed” by a recipient, so they may not be delivered to all applications. If you are sending an Intent where @@ -311,14 +306,13 @@ and/or access controls on a specific binder interface, those controls must be explicitly added as code in the interface.

If providing an interface that does require access controls, use checkCallingPermission() to verify whether the +href="{@docRoot}reference/android/content/Context.html#checkCallingPermission(java.lang.String)">checkCallingPermission() +to verify whether the caller of the Binder has a required permission. This is especially important before accessing a Service on behalf of the caller, as the identify of your application is passed to other interfaces. If invoking an interface provided by a Service, the bindService() +href="{@docRoot}reference/android/content/Context.html#bindService(android.content.Intent,%20android.content.ServiceConnection,%20int)">bindService() invocation may fail if you do not have permission to access the given Service. If calling an interface provided locally by your own application, it may be useful to use the

By default, receivers are exported and can be invoked by any other application. If your +href="{@docRoot}reference/android/content/BroadcastReceiver.html"> BroadcastReceivers is intended for use by other applications, you may want to apply security permissions to receivers using the +href="{@docRoot}guide/topics/manifest/receiver-element.html"> <receiver> element within the application manifest. This will prevent applications without appropriate permissions from sending an intent to the +href="{@docRoot}reference/android/content/BroadcastReceiver.html"> BroadcastReceivers.

Using Services

@@ -349,19 +343,21 @@ use. Each service class must have a corresponding declaration in its package's AndroidManifest.xml.

By default, Services are exported and can be invoked by any other -application. Services can be protected using the android:permission attribute +application. Services can be protected using the {@code android:permission} +attribute within the manifest’s +href="{@docRoot}guide/topics/manifest/service-element.html"> <service> tag. By doing so, other applications will need to declare a corresponding <uses-permission> element in their own manifest to be +href="{@docRoot}guide/topics/manifest/uses-permission-element.html"><uses-permission> + element in their own manifest to be able to start, stop, or bind to the service.

A Service can protect individual IPC calls into it with permissions, by calling checkCallingPermission()before executing +href="{@docRoot}reference/android/content/Context.html#checkCallingPermission(java.lang.String)">checkCallingPermission() +before executing the implementation of that call. We generally recommend using the declarative permissions in the manifest, since those are less prone to oversight.

@@ -376,9 +372,9 @@ Service to handle IPC, since this modular approach reduces the risk of exposing functionality that is not intended for use by other applications.

If you do expose an Activity for purposes of IPC, the android:permission attribute in the +href="{@docRoot}guide/topics/manifest/activity-element.html#prmsn">android:permission +attribute in the <activity> declaration in the application manifest can be used to restrict access to only those applications which have the stated permissions.

@@ -432,8 +428,8 @@ rkeley.edu/~afelt/felt_usenixsec2011.pdf

Generally, you should strive to create as few permissions as possible while satisfying your security requirements. Creating a new permission is relatively uncommon for most applications, since -system-defined permissions cover many situations. Where appropriate, +href="{@docRoot}reference/android/Manifest.permission.html">system-defined +permissions cover many situations. Where appropriate, perform access checks using existing permissions.

If you must create a new permission, consider whether you can accomplish @@ -560,17 +556,14 @@ href="{@docRoot}reference/android/webkit/WebView.html">WebView does not execute JavaScript so cross-site-scripting is not possible.

Use addJavaScriptInterface() with +href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavaScriptInterface() with particular care because it allows JavaScript to invoke operations that are normally reserved for Android applications. Only expose addJavaScriptInterface() to +href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavaScriptInterface() to sources from which all input is trustworthy. If untrusted input is allowed, untrusted JavaScript may be able to invoke Android methods. In general, we recommend only exposing addJavaScriptInterface() to +href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavaScriptInterface() to JavaScript that is contained within your application APK.

Do not trust information downloaded over HTTP, use HTTPS instead. Even if @@ -578,13 +571,11 @@ you are connecting only to a single website that you trust or control, HTTP is subject to MiTM attacks and interception of data. Sensitive capabilities using addJavaScriptInterface() should +href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavaScriptInterface() should not ever be exposed to unverified script downloaded over HTTP. Note that even with the use of HTTPS, addJavaScriptInterface() +href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavaScriptInterface() increases the attack surface of your application to include the server infrastructure and all CAs trusted by the Android-powered device.

@@ -683,8 +674,7 @@ discussed in the Requesting Permissions section.

If a GUID is required, create a large, unique number and store it. Do not use phone identifiers such as the phone number or IMEI which may be associated with personal information. This topic is discussed in more detail in the Android Developer Blog.

+href="http://android-developers.blogspot.com/2011/03/identifying-app-installations.html">Android Developer Blog.

Application developers should be careful writing to on-device logs. In Android, logs are a shared resource, and are available @@ -724,9 +714,8 @@ credentials to the wrong application.

If credentials are to be used only by applications that you create, then you can verify the application which accesses the -AccountManager using checkSignature(). +AccountManager using checkSignature(). Alternatively, if only one application will use the credential, you might use a KeyStore for @@ -756,15 +745,15 @@ RSA provided in the Cipher class.

Use a secure random number generator ( - + SecureRandom) to initialize any cryptographic keys ( +href="{@docRoot}reference/javax/crypto/KeyGenerator.html"> KeyGenerator). Use of a key that is not generated with a secure random number generator significantly weakens the strength of the algorithm, and may allow offline attacks.

If you need to store a key for repeated use, use a mechanism like KeyStore that +href="{@docRoot}reference/java/security/KeyStore.html">KeyStore that provides a mechanism for long term storage and retrieval of cryptographic keys.

diff --git a/docs/html/guide/practices/tablets-and-handsets.jd b/docs/html/guide/practices/tablets-and-handsets.jd index dc35801..3f4aaa9 100644 --- a/docs/html/guide/practices/tablets-and-handsets.jd +++ b/docs/html/guide/practices/tablets-and-handsets.jd @@ -481,7 +481,7 @@ href="{@docRoot}guide/topics/ui/actionbar.html#Home">Action Bar developer gu information in each list item based on the available space. That is, you can create alternative layouts to be used by the items in your list adapter such that a large screen might display more detail for each item. -
  • Create alternative resource +
  • Create alternative resource files for values such as integers, dimensions, and even booleans. Using size qualifiers for these resources, you can easily apply different layout sizes, font sizes, or enable/disable features based on the current screen size.
    • -- cgit v1.1