Prevent intent defined in AccountPreference from leaking access

Intent defined in AccountPreferences can grant Settings protected ContentProviders' access to authenticator app. We'll explicitly set an empty ClipData to avoid being used for unexpected access grant. Test: manual, refer to #comment5 in bug for repro steps Bug: 220733496 Change-Id: I85c22c9a7d72b8a55472d366d8adb6a75ac5c8a5
2022-09-06 17:58:53 +08:00
parent 17122f9617
commit 2c1b1aa813
1 changed files with 4 additions and 0 deletions
--- a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
+++ b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
@@ -19,6 +19,7 @@ package com.android.settings.accounts;

 import android.accounts.Account;
 import android.accounts.AuthenticatorDescription;
+import android.content.ClipData;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.ActivityInfo;
@@ -164,6 +165,9 @@ public class AccountTypePreferenceLoader {
                                 * exploiting the fact that settings has system privileges.
                                 */
                            if (isSafeIntent(pm, prefIntent, acccountType)) {
+                                // Explicitly set an empty ClipData to ensure that we don't offer to
+                                // promote any Uris contained inside for granting purposes
+                                prefIntent.setClipData(ClipData.newPlainText(null, null));
                                mFragment.getActivity().startActivityAsUser(
                                    prefIntent, mUserHandle);
                            } else {