Don't put credentials in results from externally accessible activities

ConfirmLockPattern and ConfirmLockPassword return an intent that contains the
password, and as such are dangerous. Create internal versions that are locked
down, and don't put this info in the externally accessible versions.

Bug: 13741939
Change-Id: I0df4d1e720b3c33d2c9ca086636dc54f17b19bf0

src/com/android/settings/ConfirmLockPattern.java

@@ -43,6 +43,9 @@ import java.util.List;
  */
 public class ConfirmLockPattern extends SettingsActivity {
 
+    public static class InternalActivity extends ConfirmLockPattern {
+    }
+
     /**
      * Names of {@link CharSequence} fields within the originating {@link Intent}
      * that are used to configure the keyguard confirmation view's labeling.
@@ -266,10 +269,12 @@ public class ConfirmLockPattern extends SettingsActivity {
                 if (mLockPatternUtils.checkPattern(pattern)) {
 
                     Intent intent = new Intent();
-                    intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
-                                    StorageManager.CRYPT_TYPE_PATTERN);
-                    intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
-                                    LockPatternUtils.patternToString(pattern));
+                    if (getActivity() instanceof ConfirmLockPattern.InternalActivity) {
+                        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
+                                        StorageManager.CRYPT_TYPE_PATTERN);
+                        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
+                                        LockPatternUtils.patternToString(pattern));
+                    }
 
                     getActivity().setResult(Activity.RESULT_OK, intent);
                     getActivity().finish();