StrictMode.VmPolicy.Builder
public
static
final
class
StrictMode.VmPolicy.Builder
extends Object
java.lang.Object | |
↳ | android.os.StrictMode.VmPolicy.Builder |
Creates VmPolicy
instances. Methods whose names start with detect
specify
what problems we should look for. Methods whose names start with penalty
specify
what we should do when we detect a problem.
You can call as many detect
and penalty
methods as you like. Currently
order is insignificant: all penalties apply to all detected problems.
For example, detect everything and log anything that's found:
StrictMode.VmPolicy policy = new StrictMode.VmPolicy.Builder() .detectAll() .penaltyLog() .build(); StrictMode.setVmPolicy(policy);
Summary
Public constructors | |
---|---|
Builder()
|
|
Builder(StrictMode.VmPolicy base)
Builds upon an existing VmPolicy. |
Public methods | |
---|---|
StrictMode.VmPolicy
|
build()
Constructs the VmPolicy instance. |
StrictMode.VmPolicy.Builder
|
detectActivityLeaks()
Detects leaks of |
StrictMode.VmPolicy.Builder
|
detectAll()
Detects everything that's potentially suspect. |
StrictMode.VmPolicy.Builder
|
detectBlockedBackgroundActivityLaunch()
Detects when your app is blocked from launching a background activity or a PendingIntent created by your app cannot be launched. |
StrictMode.VmPolicy.Builder
|
detectCleartextNetwork()
Detects any network traffic from the calling app which is not wrapped in SSL/TLS. |
StrictMode.VmPolicy.Builder
|
detectContentUriWithoutPermission()
Detects when the calling application sends a |
StrictMode.VmPolicy.Builder
|
detectCredentialProtectedWhileLocked()
Detects access to filesystem paths stored in credential protected storage areas while the user is locked. |
StrictMode.VmPolicy.Builder
|
detectFileUriExposure()
Detects when the calling application exposes a |
StrictMode.VmPolicy.Builder
|
detectImplicitDirectBoot()
Detects any implicit reliance on Direct Boot automatic filtering
of |
StrictMode.VmPolicy.Builder
|
detectIncorrectContextUse()
Detects attempts to invoke a method on a |
StrictMode.VmPolicy.Builder
|
detectLeakedClosableObjects()
Detects when an |
StrictMode.VmPolicy.Builder
|
detectLeakedRegistrationObjects()
Detects when a |
StrictMode.VmPolicy.Builder
|
detectLeakedSqlLiteObjects()
Detects when an |
StrictMode.VmPolicy.Builder
|
detectNonSdkApiUsage()
Detects reflective usage of APIs that are not part of the public Android SDK. |
StrictMode.VmPolicy.Builder
|
detectUnsafeIntentLaunch()
Detects when your app sends an unsafe |
StrictMode.VmPolicy.Builder
|
detectUntaggedSockets()
Detects any sockets in the calling app which have not been tagged using |
StrictMode.VmPolicy.Builder
|
ignoreBlockedBackgroundActivityLaunch()
Stops detecting whether your app is blocked from launching a background activity or a PendingIntent created by your app cannot be launched. |
StrictMode.VmPolicy.Builder
|
penaltyDeath()
Crashes the whole process on violation. |
StrictMode.VmPolicy.Builder
|
penaltyDeathOnCleartextNetwork()
Crashes the whole process when cleartext network traffic is detected. |
StrictMode.VmPolicy.Builder
|
penaltyDeathOnFileUriExposure()
Crashes the whole process when a |
StrictMode.VmPolicy.Builder
|
penaltyDropBox()
Enables detected violations log a stacktrace and timing data to the |
StrictMode.VmPolicy.Builder
|
penaltyListener(Executor executor, StrictMode.OnVmViolationListener listener)
Calls # |
StrictMode.VmPolicy.Builder
|
penaltyLog()
Logs detected violations to the system log. |
StrictMode.VmPolicy.Builder
|
permitNonSdkApiUsage()
Permits reflective usage of APIs that are not part of the public Android SDK. |
StrictMode.VmPolicy.Builder
|
permitUnsafeIntentLaunch()
Permits your app to launch any |
StrictMode.VmPolicy.Builder
|
setClassInstanceLimit(Class<T> klass, int instanceLimit)
Sets an upper bound on how many instances of a class can be in memory at once. |
Inherited methods | |
---|---|
Public constructors
Builder
public Builder (StrictMode.VmPolicy base)
Builds upon an existing VmPolicy.
Parameters | |
---|---|
base |
StrictMode.VmPolicy |
Public methods
build
public StrictMode.VmPolicy build ()
Constructs the VmPolicy instance.
Note: if no penalties are enabled before calling build
, penaltyLog()
is implicitly set.
Returns | |
---|---|
StrictMode.VmPolicy |
detectActivityLeaks
public StrictMode.VmPolicy.Builder detectActivityLeaks ()
Detects leaks of Activity
subclasses.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectAll
public StrictMode.VmPolicy.Builder detectAll ()
Detects everything that's potentially suspect.
In the Honeycomb release this includes leaks of SQLite cursors, Activities, and other closable objects but will likely expand in future releases.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectBlockedBackgroundActivityLaunch
public StrictMode.VmPolicy.Builder detectBlockedBackgroundActivityLaunch ()
Detects when your app is blocked from launching a background activity or a PendingIntent created by your app cannot be launched.
Starting an activity requires specific permissions which may depend on the state at runtime and especially
in case of PendingIntent
starts on the collaborating app.
If the activity start is blocked methods like Context.startActivity(Intent)
or PendingIntent.send()
have no way to return that information. Instead you
can use this strct mode feature to detect blocked starts.
Note that in some cases blocked starts may be unavoidable, e.g. when the user clicks the home button while the app tries to start a new activity.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectCleartextNetwork
public StrictMode.VmPolicy.Builder detectCleartextNetwork ()
Detects any network traffic from the calling app which is not wrapped in SSL/TLS. This can help you detect places that your app is inadvertently sending cleartext data across the network.
Using penaltyDeath()
or penaltyDeathOnCleartextNetwork()
will
block further traffic on that socket to prevent accidental data leakage, in addition
to crashing your process.
Using penaltyDropBox()
will log the raw contents of the packet that
triggered the violation.
This inspects both IPv4/IPv6 and TCP/UDP network traffic, but it may be subject to false positives, such as when STARTTLS protocols or HTTP proxies are used.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectContentUriWithoutPermission
public StrictMode.VmPolicy.Builder detectContentUriWithoutPermission ()
Detects when the calling application sends a content://
Uri
to another app without setting Intent.FLAG_GRANT_READ_URI_PERMISSION
or Intent.FLAG_GRANT_WRITE_URI_PERMISSION
.
Forgetting to include one or more of these flags when sending an intent is typically an app bug.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectCredentialProtectedWhileLocked
public StrictMode.VmPolicy.Builder detectCredentialProtectedWhileLocked ()
Detects access to filesystem paths stored in credential protected storage areas while the user is locked.
When a user is locked, credential protected storage is unavailable, and files stored in these locations appear to not exist, which can result in subtle app bugs if they assume default behaviors or empty states. Instead, apps should store data needed while a user is locked under device protected storage areas.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectFileUriExposure
public StrictMode.VmPolicy.Builder detectFileUriExposure ()
Detects when the calling application exposes a file://
Uri
to another app.
This exposure is discouraged since the receiving app may not have access to the
shared path. For example, the receiving app may not have requested the Manifest.permission.READ_EXTERNAL_STORAGE
runtime permission, or the
platform may be sharing the Uri
across user profile boundaries.
Instead, apps should use content://
Uris so the platform can extend
temporary permission for the receiving app to access the resource.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectImplicitDirectBoot
public StrictMode.VmPolicy.Builder detectImplicitDirectBoot ()
Detects any implicit reliance on Direct Boot automatic filtering
of PackageManager
values. Violations are only triggered
when implicit calls are made while the user is locked.
Apps becoming Direct Boot aware need to carefully inspect each query site and explicitly decide which combination of flags they want to use:
PackageManager.MATCH_DIRECT_BOOT_AWARE
PackageManager.MATCH_DIRECT_BOOT_UNAWARE
PackageManager.MATCH_DIRECT_BOOT_AUTO
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectIncorrectContextUse
public StrictMode.VmPolicy.Builder detectIncorrectContextUse ()
Detects attempts to invoke a method on a Context
that is not suited for such
operation.
An example of this is trying to obtain an instance of UI service (e.g.
WindowManager
) from a non-visual Context
. This is not
allowed, since a non-visual Context
is not adjusted to any visual area, and
therefore can report incorrect metrics or resources.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectLeakedClosableObjects
public StrictMode.VmPolicy.Builder detectLeakedClosableObjects ()
Detects when an Closeable
or other object with an explicit
termination method is finalized without having been closed.
You always want to explicitly close such objects to avoid unnecessary resources leaks.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectLeakedRegistrationObjects
public StrictMode.VmPolicy.Builder detectLeakedRegistrationObjects ()
Detects when a BroadcastReceiver
or ServiceConnection
is leaked
during Context
teardown.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectLeakedSqlLiteObjects
public StrictMode.VmPolicy.Builder detectLeakedSqlLiteObjects ()
Detects when an SQLiteCursor
or other SQLite
object is finalized without having been closed.
You always want to explicitly close your SQLite cursors to avoid unnecessary database contention and temporary memory leaks.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectNonSdkApiUsage
public StrictMode.VmPolicy.Builder detectNonSdkApiUsage ()
Detects reflective usage of APIs that are not part of the public Android SDK.
Note that any non-SDK APIs that this processes accesses before this detection is enabled may not be detected. To ensure that all such API accesses are detected, you should apply this policy as early as possible after process creation.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectUnsafeIntentLaunch
public StrictMode.VmPolicy.Builder detectUnsafeIntentLaunch ()
Detects when your app sends an unsafe Intent
.
Violations may indicate security vulnerabilities in the design of
your app, where a malicious app could trick you into granting
Uri
permissions or launching unexported components. Here
are some typical design patterns that can be used to safely
resolve these violations:
- If you are sending an implicit intent to an unexported component, you should
make it an explicit intent by using
Intent.setPackage
,Intent.setClassName
orIntent.setComponent
. - If you are unparceling and sending an intent from the intent delivered, The
ideal approach is to migrate to using a
PendingIntent
, which ensures that your launch is performed using the identity of the original creator, completely avoiding the security issues described above. - If using a
PendingIntent
isn't feasible, an alternative approach is to create a brand newIntent
and carefully copy only specific values from the originalIntent
after careful validation.
Note that this may detect false-positives if your app
sends itself an Intent
which is first routed through the
OS, such as using Intent.createChooser
. In these cases,
careful inspection is required to determine if the return point
into your app is appropriately protected with a signature
permission or marked as unexported. If the return point is not
protected, your app is likely vulnerable to malicious apps.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
detectUntaggedSockets
public StrictMode.VmPolicy.Builder detectUntaggedSockets ()
Detects any sockets in the calling app which have not been tagged using TrafficStats
. Tagging sockets can help you investigate network usage inside your
app, such as a narrowing down heavy usage to a specific library or component.
This currently does not detect sockets created in native code.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
ignoreBlockedBackgroundActivityLaunch
public StrictMode.VmPolicy.Builder ignoreBlockedBackgroundActivityLaunch ()
Stops detecting whether your app is blocked from launching a background activity or a PendingIntent created by your app cannot be launched.
This disables the effect of detectBlockedBackgroundActivityLaunch()
.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
penaltyDeath
public StrictMode.VmPolicy.Builder penaltyDeath ()
Crashes the whole process on violation. This penalty runs at the end of all enabled penalties so you'll still get your logging or other violations before the process dies.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
penaltyDeathOnCleartextNetwork
public StrictMode.VmPolicy.Builder penaltyDeathOnCleartextNetwork ()
Crashes the whole process when cleartext network traffic is detected.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
See also:
penaltyDeathOnFileUriExposure
public StrictMode.VmPolicy.Builder penaltyDeathOnFileUriExposure ()
Crashes the whole process when a file://
Uri
is exposed
beyond this app.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
See also:
penaltyDropBox
public StrictMode.VmPolicy.Builder penaltyDropBox ()
Enables detected violations log a stacktrace and timing data to the DropBox
on policy violation. Intended mostly for platform
integrators doing beta user field data collection.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
penaltyListener
public StrictMode.VmPolicy.Builder penaltyListener (Executor executor, StrictMode.OnVmViolationListener listener)
Calls #OnVmViolationListener.onVmViolation(Violation)
on every violation.
Parameters | |
---|---|
executor |
Executor : This value cannot be null . |
listener |
StrictMode.OnVmViolationListener : This value cannot be null . |
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
penaltyLog
public StrictMode.VmPolicy.Builder penaltyLog ()
Logs detected violations to the system log.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
permitNonSdkApiUsage
public StrictMode.VmPolicy.Builder permitNonSdkApiUsage ()
Permits reflective usage of APIs that are not part of the public Android SDK. Note
that this only affects StrictMode
, the underlying runtime may
continue to restrict or warn on access to methods that are not part of the
public SDK.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
permitUnsafeIntentLaunch
public StrictMode.VmPolicy.Builder permitUnsafeIntentLaunch ()
Permits your app to launch any Intent
which originated
from outside your app.
Disabling this check is strongly discouraged, as
violations may indicate security vulnerabilities in the design of
your app, where a malicious app could trick you into granting
Uri
permissions or launching unexported components.
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |
See also:
setClassInstanceLimit
public StrictMode.VmPolicy.Builder setClassInstanceLimit (Class<T> klass, int instanceLimit)
Sets an upper bound on how many instances of a class can be in memory at once. Helps to prevent object leaks.
Parameters | |
---|---|
klass |
Class |
instanceLimit |
int |
Returns | |
---|---|
StrictMode.VmPolicy.Builder |
This value cannot be null . |