PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ActivityPicker shouldn't grant permissions.

Browse Source 
This picker has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.

Test: builds, boots
Bug: 32879772
Change-Id: I91c48c73287a271bd6c99e60e216dead22e68764
This commit is contained in:
Jeff Sharkey
2017-06-12 17:33:58 -06:00
parent b272d673dc
commit 3f218e8431
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/android/settings/ActivityPicker.java
View File

@@ -78,6 +78,10 @@ public class ActivityPicker extends AlertActivity implements
Parcelable parcel = intent.getParcelableExtra(Intent.EXTRA_INTENT);
if (parcel instanceof Intent) {
mBaseIntent = (Intent) parcel;
mBaseIntent.setFlags(mBaseIntent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
} else {
mBaseIntent = new Intent(Intent.ACTION_MAIN, null);
mBaseIntent.addCategory(Intent.CATEGORY_DEFAULT);