PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix LaunchAnyWhere in AppRestrictionsFragment

Browse Source 
If the intent's package equals to the app's package, this intent
will be allowed to startActivityForResult.
But this check is unsafe, because if the component of this intent
is set, the package field will just be ignored. So if we set the
component to any activity we like and set package to the app's
package, it will pass the assertSafeToStartCustomActivity check
and now we can launch anywhere.

Bug: 223578534
Test: robotest and manual verify
Change-Id: I40496105bae313fe5cff2a36dfe329c1e2b5bbe4
(cherry picked from commit 90e095dbe3)
This commit is contained in:
Edgar Wang
2022-04-06 17:30:27 +08:00
parent 3fc5b81efe
commit 1b9da55a31
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/com/android/settings/users/AppRestrictionsFragment.java
View File

@@ -661,10 +661,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
}
private void assertSafeToStartCustomActivity(Intent intent) {
// Activity can be started if it belongs to the same app
if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
return;
}
EventLog.writeEvent(0x534e4554, "223578534", -1 /* UID */, "");
ResolveInfo resolveInfo = mPackageManager.resolveActivity(
intent, PackageManager.MATCH_DEFAULT_ONLY);