search

microsoftconnect / ms-intune-app-sdk-android

Intune App SDK for Android enables data protection features and mobile app management via Microsoft Intune
43 stars 17 forks source link

SecurityException: Isolated process not allowed to call registerReceiver #168

Closed shashank-msra closed 11 months ago

shashank-msra commented 1 year ago

Summary

We are facing the following crash on our android application.

Exception java.lang.RuntimeException:
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:6932)
  at android.app.ActivityThread.-$$Nest$mhandleBindApplication
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2219)
  at android.os.Handler.dispatchMessage (Handler.java:111)
  at android.os.Looper.loopOnce (Looper.java:238)
  at android.os.Looper.loop (Looper.java:357)
  at android.app.ActivityThread.main (ActivityThread.java:8088)
  at java.lang.reflect.Method.invoke
  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:548)
  at com.android.internal.os.ChildZygoteInit.runZygoteServer (ChildZygoteInit.java:136)
  at com.android.internal.os.WebViewZygoteInit.main (WebViewZygoteInit.java:147)
  at java.lang.reflect.Method.invoke
  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:548)
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:957)
Caused by java.lang.SecurityException: Isolated process not allowed to call registerReceiver
  at android.os.Parcel.createExceptionOrNull (Parcel.java:3028)
  at android.os.Parcel.createException (Parcel.java:3012)
  at android.os.Parcel.readException (Parcel.java:2995)
  at android.os.Parcel.readException (Parcel.java:2937)
  at android.app.IActivityManager$Stub$Proxy.registerReceiverWithFeature (IActivityManager.java:5611)
  at android.app.ContextImpl.registerReceiverInternal (ContextImpl.java:1827)
  at android.app.ContextImpl.registerReceiver (ContextImpl.java:1761)
  at android.app.ContextImpl.registerReceiver (ContextImpl.java:1749)
  at android.content.ContextWrapper.registerReceiver (ContextWrapper.java:747)
  at com.microsoft.intune.mam.client.notification.CompanyPortalInstallReceiverBase.registerReceiver (CompanyPortalInstallReceiverBase.java:98)
  at com.microsoft.intune.mam.client.app.offline.OfflineCommonApplicationOnCreateOps.registerInstallReceivers (OfflineCommonApplicationOnCreateOps.java:44)
  at com.microsoft.intune.mam.client.app.MAMApplication$Impl.onCreate (MAMApplication.java:113)
  at com.microsoft.intune.mam.client.app.MAMApplication.onCreate (MAMApplication.java)
  at android.app.Instrumentation.callApplicationOnCreate (Instrumentation.java:1268)
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:6927)
Caused by android.os.RemoteException: Remote stack trace:
  at com.android.server.am.ActivityManagerService.enforceNotIsolatedCaller (ActivityManagerService.java:3050)
  at com.android.server.am.ActivityManagerService.registerReceiverWithFeature (ActivityManagerService.java:13466)
  at android.app.IActivityManager$Stub.onTransact (IActivityManager.java:2498)
  at com.android.server.am.ActivityManagerService.onTransact (ActivityManagerService.java:2737)
  at android.os.Binder.execTransactInternal (Binder.java:1294)

I went through the application manifest & we do not have any component that might be triggering the application in an isolated process. We do not have any service explicitly marked as isolated. I noticed that a similar issue was recently fixed in Intune's release v9.7.0 but it mentioned API 27 or below while the above cases are being registered lately on our playstore for Android 13(93% cases), 12, 10 & 14-Beta as well.

I have read through the Intune Guidelines related to isolated process but since we do not have any identifiable component that might be triggering the application in such a process, it doesn't feel safe to go with the meta tag addition. Its the reason reaching out to you to get any additional insights into the same.

Repro Steps

We do not have exact reproduction steps but as per the logs it seems adding a isolated service & triggering the same in MAM variant of the app will cause the issue

Details

AndroidX Dependencies

If your app includes any AndroidX libraries, please list them here, along with the version info: androidxCore = "1.6.0" androidxLifecycle = "2.3.1" androidxWorkManager = "2.7.0" androidxNavigation = "2.5.2" androidxStartupRuntime = "1.1.0" androidxDatastore = "1.0.0"

Third-Party Library Dependencies

If your app includes any third-party libraries, please list them here, along with the version info:

microsoftjoe commented 1 year ago

@shashank-msra The isolated service that you are adding runs in an isolated process. In order to support this with MAM, you should use the documented meta-data item.

rygo-msft commented 1 year ago

Hi @shashank-msra were you able to solve your issue using the Isolated Process metadata item?

You can find the issolated processes in your app by searching for Services with android:isolatedProcess=true in your app manifest https://developer.android.com/guide/topics/manifest/service-element

shashank-msra commented 1 year ago

Hi @rygo-msft , as I described in my issue description itself, we do not have any service marked as isolated within the manifest. I also validated the merged manifest file & couldn't find any such entry. I could add isolated process metadata tag but since I am unaware what component is causing the issue, it didn't feel right to introduce such tag blindfolded. Any other suggestion would be much appreciated.

bannus commented 1 year ago

@shashank-msra If your app is not defining an android:isolatedProcess=true, is must be coming from a library you're using. Can you share a minimal sample project that reproduces this crash?

bannus commented 11 months ago

Closing as no minimal sample has been shared. Please re-open if the sample can be provided.

singh-srikant commented 10 months ago

@bannus Reopening this issue since the crash numbers have spiked in our latest release.

This crash is not reproducible at our side as of now. We are looking at the crash logs and will share a minimum sample once reproduced. We also don't have any process marked as isolated in our code or third party library.

Can you confirm if Intune throws SecurityException: Isolated process not allowed to call registerReceiver only for isolated process and not due to other reasons ?

FYI, we are using Intune Version 9.1.0 in our application. As per release v9.7.0, it fixes SecurityException in isolated processes on devices with API 27 or under. Is SecurityException in isolated processes for API 29 or above fixed in the latest Intune versions, since most of our crashes are for higher API levels ?

bannus commented 10 months ago

@singh-srikant The system is throwing that security exception, not Intune. We don't know of any circumstances in which this could occur unless your application contains an isolated process. This is why we'd need a sample app to continue investigating.

The fix in v9.7.0 was for another code path unrelated to the stack you've reported.