PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment" into sc-v2-dev

Browse Source
This commit is contained in:
Edgar Wang
2022-01-13 05:27:16 +00:00
committed by Android (Google) Code Review
parent ca8073159b 4fb753d22e
commit 362000122e
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/com/android/settings/users/AppRestrictionsFragment.java
View File

@@ -18,6 +18,7 @@ package com.android.settings.users;
import android.app.Activity; import android.app.Activity;
import android.app.settings.SettingsEnums; import android.app.settings.SettingsEnums;
import android.content.ActivityNotFoundException;
import android.content.BroadcastReceiver; import android.content.BroadcastReceiver;
import android.content.Context; import android.content.Context;
import android.content.Intent; import android.content.Intent;
@@ -37,6 +38,7 @@ import android.os.RemoteException;
import android.os.ServiceManager; import android.os.ServiceManager;
import android.os.UserHandle; import android.os.UserHandle;
import android.os.UserManager; import android.os.UserManager;
import android.util.EventLog;
import android.util.Log; import android.util.Log;
import android.view.View; import android.view.View;
import android.view.View.OnClickListener; import android.view.View.OnClickListener;
@@ -641,7 +643,15 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
} else if (restrictionsIntent != null) { } else if (restrictionsIntent != null) {
preference.setRestrictions(restrictions); preference.setRestrictions(restrictions);
if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) { if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) {
try {
assertSafeToStartCustomActivity(restrictionsIntent); assertSafeToStartCustomActivity(restrictionsIntent);
} catch (ActivityNotFoundException | SecurityException e) {
// return without startActivity
Log.e(TAG, "Cannot start restrictionsIntent " + e);
EventLog.writeEvent(0x534e4554, "200688991", -1 /* UID */, "");
return;
}
int requestCode = generateCustomActivityRequestCode( int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference); RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult( AppRestrictionsFragment.this.startActivityForResult(
@@ -655,14 +665,14 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
if (intent.getPackage() != null && intent.getPackage().equals(packageName)) { if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
return; return;
} }
// Activity can be started if intent resolves to multiple activities ResolveInfo resolveInfo = mPackageManager.resolveActivity(
List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager intent, PackageManager.MATCH_DEFAULT_ONLY);
.queryIntentActivities(intent, 0 /* no flags */);
if (resolveInfos.size() != 1) { if (resolveInfo == null) {
return; throw new ActivityNotFoundException("No result for resolving " + intent);
} }
// Prevent potential privilege escalation // Prevent potential privilege escalation
ActivityInfo activityInfo = resolveInfos.get(0).activityInfo; ActivityInfo activityInfo = resolveInfo.activityInfo;
if (!packageName.equals(activityInfo.packageName)) { if (!packageName.equals(activityInfo.packageName)) {
throw new SecurityException("Application " + packageName throw new SecurityException("Application " + packageName
+ " is not allowed to start activity " + intent); + " is not allowed to start activity " + intent);