Switch to TaintPreservingCallable and add test cases

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

@@ -305,15 +305,29 @@ class ReverseDNSMethod extends Method {
   }
 }
 
-/** Exported Android `Intent` that may have come from a hostile application. */
-class AndroidIntentInput extends RemoteFlowSource {
+/** Android `Intent` that may have come from a hostile application. */
+class AndroidIntentInput extends DataFlow::Node {
   AndroidIntentInput() {
-    exists(AndroidComponent exportedType |
-      exportedType.isExported() |
+    exists(MethodAccess ma, AndroidGetIntentMethod m |
+      ma.getMethod().overrides*(m) and
+      this.asExpr() = ma
+    )
+    or
+    exists(Method m, AndroidReceiveIntentMethod rI |
+      m.overrides*(rI) and
+      this.asParameter() = m.getParameter(1)
+    )
+  }
+}
+
+/** Exported Android `Intent` that may have come from a hostile application. */
+class ExportedAndroidIntentInput extends RemoteFlowSource {
+  ExportedAndroidIntentInput() {
+    exists(ExportableAndroidComponent exportedType | exportedType.isExported() |
       exists(MethodAccess ma, AndroidGetIntentMethod m |
         ma.getMethod().overrides*(m) and
         this.asExpr() = ma and
-        exportedType = ma.getReceiverType()
+        exportedType = ma.getEnclosingCallable().getDeclaringType()
       )
       or
       exists(Method m, AndroidReceiveIntentMethod rI |

java/ql/src/semmle/code/java/frameworks/android/Android.qll

@@ -30,10 +30,10 @@ class AndroidComponent extends Class {
   predicate hasIntentFilter() { exists(getAndroidComponentXmlElement().getAnIntentFilterElement()) }
 }
 
-/** An Android activity. */
-class AndroidActivity extends AndroidComponent {
-  AndroidActivity() { this.getASupertype*().hasQualifiedName("android.app", "Activity") }
-
+/**
+ * An Android component that is explicitly or implicitly exported.
+ */
+class ExportableAndroidComponent extends AndroidComponent {
   /** Holds if this Android component is configured as `exported` or has intent filters configured without `exported` explicitly disabled in an `AndroidManifest.xml` file. */
   override predicate isExported() {
     getAndroidComponentXmlElement().isExported()
@@ -42,34 +42,25 @@ class AndroidActivity extends AndroidComponent {
   }
 }
 
+/** An Android activity. */
+class AndroidActivity extends ExportableAndroidComponent {
+  AndroidActivity() { this.getASupertype*().hasQualifiedName("android.app", "Activity") }
+}
+
 /** An Android service. */
-class AndroidService extends AndroidComponent {
+class AndroidService extends ExportableAndroidComponent {
   AndroidService() { this.getASupertype*().hasQualifiedName("android.app", "Service") }
-
-  /** Holds if this Android component is configured as `exported` or has intent filters configured without `exported` explicitly disabled in an `AndroidManifest.xml` file. */
-  override predicate isExported() {
-    getAndroidComponentXmlElement().isExported()
-    or
-    not getAndroidComponentXmlElement().isNotExported() and hasIntentFilter()
-  }
 }
 
 /** An Android broadcast receiver. */
-class AndroidBroadcastReceiver extends AndroidComponent {
+class AndroidBroadcastReceiver extends ExportableAndroidComponent {
   AndroidBroadcastReceiver() {
     this.getASupertype*().hasQualifiedName("android.content", "BroadcastReceiver")
   }
-
-  /** Holds if this Android component is configured as `exported` or has intent filters configured without `exported` explicitly disabled in an `AndroidManifest.xml` file. */
-  override predicate isExported() {
-    getAndroidComponentXmlElement().isExported()
-    or
-    not getAndroidComponentXmlElement().isNotExported() and hasIntentFilter()
-  }
 }
 
 /** An Android content provider. */
-class AndroidContentProvider extends AndroidComponent {
+class AndroidContentProvider extends ExportableAndroidComponent {
   AndroidContentProvider() {
     this.getASupertype*().hasQualifiedName("android.content", "ContentProvider")
   }