Don't put credentials in results from externally accessible activities

ConfirmLockPattern and ConfirmLockPassword return an intent that contains the password, and as such are dangerous. Create internal versions that are locked down, and don't put this info in the externally accessible versions. Bug: 13741939 Change-Id: I0df4d1e720b3c33d2c9ca086636dc54f17b19bf0
2014-07-07 13:10:16 -07:00
parent 74e7c3e360
commit 204440427a
6 changed files with 60 additions and 16 deletions
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -378,7 +378,8 @@ public final class CredentialStorage extends Activity {
        boolean launched = new ChooseLockSettingsHelper(this)
                .launchConfirmationActivity(CONFIRM_KEY_GUARD_REQUEST,
                                            res.getText(R.string.credentials_install_gesture_prompt),
-                                            res.getText(R.string.credentials_install_gesture_explanation));
+                                            res.getText(R.string.credentials_install_gesture_explanation),
+                                            true);
        return launched;
    }