PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix pendingIntent in SettingsSliceProvider could be Hijacked" into qt-qpr1-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2020-03-20 02:51:54 +00:00
committed by Android (Google) Code Review
parent bd8bbca27c 91399607fe
commit 3c137d807d
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/android/settings/slices/SettingsSliceProvider.java
View File

@@ -42,6 +42,7 @@ import androidx.slice.Slice;
import androidx.slice.SliceProvider; import androidx.slice.SliceProvider;
import com.android.settings.R; import com.android.settings.R;
import com.android.settings.Utils;
import com.android.settings.bluetooth.BluetoothSliceBuilder; import com.android.settings.bluetooth.BluetoothSliceBuilder;
import com.android.settings.core.BasePreferenceController; import com.android.settings.core.BasePreferenceController;
import com.android.settings.notification.ZenModeSliceBuilder; import com.android.settings.notification.ZenModeSliceBuilder;
@@ -303,7 +304,8 @@ public class SettingsSliceProvider extends SliceProvider {
@Override @Override
public PendingIntent onCreatePermissionRequest(@NonNull Uri sliceUri, public PendingIntent onCreatePermissionRequest(@NonNull Uri sliceUri,
@NonNull String callingPackage) { @NonNull String callingPackage) {
final Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS); final Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS)
.setPackage(Utils.SETTINGS_PACKAGE_NAME);
final PendingIntent noOpIntent = PendingIntent.getActivity(getContext(), final PendingIntent noOpIntent = PendingIntent.getActivity(getContext(),
0 /* requestCode */, settingsIntent, 0 /* flags */); 0 /* requestCode */, settingsIntent, 0 /* flags */);
return noOpIntent; return noOpIntent;

5
tests/robotests/src/com/android/settings/slices/SettingsSliceProviderTest.java
View File

@@ -50,6 +50,7 @@ import androidx.slice.SliceProvider;
import androidx.slice.widget.SliceLiveData; import androidx.slice.widget.SliceLiveData;
import com.android.settings.R; import com.android.settings.R;
import com.android.settings.Utils;
import com.android.settings.testutils.DatabaseTestUtils; import com.android.settings.testutils.DatabaseTestUtils;
import com.android.settings.testutils.FakeToggleController; import com.android.settings.testutils.FakeToggleController;
import com.android.settings.testutils.shadow.ShadowBluetoothAdapter; import com.android.settings.testutils.shadow.ShadowBluetoothAdapter;
@@ -450,8 +451,10 @@ public class SettingsSliceProviderTest {
public void onCreatePermissionRequest_returnsSettingIntent() { public void onCreatePermissionRequest_returnsSettingIntent() {
final PendingIntent pendingIntent = mProvider.onCreatePermissionRequest( final PendingIntent pendingIntent = mProvider.onCreatePermissionRequest(
CustomSliceRegistry.FLASHLIGHT_SLICE_URI, "com.android.whaaaat"); CustomSliceRegistry.FLASHLIGHT_SLICE_URI, "com.android.whaaaat");
final Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS)
.setPackage(Utils.SETTINGS_PACKAGE_NAME);
PendingIntent settingsPendingIntent = PendingIntent settingsPendingIntent =
PendingIntent.getActivity(mContext, 0, new Intent(Settings.ACTION_SETTINGS), 0); PendingIntent.getActivity(mContext, 0, settingsIntent, 0);
assertThat(pendingIntent).isEqualTo(settingsPendingIntent); assertThat(pendingIntent).isEqualTo(settingsPendingIntent);
} }