hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Documentation suggestion

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Edward Minnix III
2022-10-11 10:59:00 -04:00
committed by GitHub
parent b6270ebe52
commit 1f0a48de28
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp
View File

@@ -3,14 +3,12 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>In the Android manifest file, an application's <code>provider</code> elements
define the permissions necessary to access a resource using that provider.
Permissions are specified with
<p>The Android manifest file contains <code>provider</code> elements that you should use to specify the explicit permissions an application requires to access a resource using that provider.
You specify the permissions using
the <code>android:readPermission</code>, <code>android:writePermission</code>,
or <code>android:permission</code> attributes. If an application only
specifies the <code>android:readPermission</code>
or <code>android:writePermission</code> attribute, no permissions will be
required to do other operations.
or <code>android:permission</code> attributes.
If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation.
For example, if you specify only <code>android:readPermission</code>, the application must have explicit permission to read data, but requires no permission to write data.
</p>
</overview>