From 56e07c25b3b150622f205902f90f248c8dda5076 Mon Sep 17 00:00:00 2001
From: Yanting Yang <yantingyang@google.com>
Date: Thu, 30 Mar 2023 18:51:31 +0800
Subject: [PATCH] Fix the potential DOS issue for the Settings Apps page

The usage access permission of Settings app could be turned off by
starting the activity with USAGE_ACCESS_SETTINGS. Once the Settings app
loses the usage access permission, it will crash the Apps page which
depends on the usage to show recent apps. And this symptom will persist
even with device reboot.

To fix this vulnerability, we can add a package check in onCreate() to
avoid someone trying to start USAGE_ACCESS_SETTINGS with the Settings
package from third party apps.

Bug: 264260808
Test: Manually verify solution with the repro steps and also test the
normal visiting behavior.
Change-Id: If7cb0880e706369504e432b1f1104d06b1fcfa26

Change-Id: I70871aed763d14a79e474547c77c20a9677af6ff
---
 .../android/settings/applications/UsageAccessDetails.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/com/android/settings/applications/UsageAccessDetails.java b/src/com/android/settings/applications/UsageAccessDetails.java
index 8085b691c5b..4adb6c17953 100644
--- a/src/com/android/settings/applications/UsageAccessDetails.java
+++ b/src/com/android/settings/applications/UsageAccessDetails.java
@@ -30,6 +30,8 @@ import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
 import android.os.Bundle;
 import android.provider.Settings;
+import android.text.TextUtils;
+import android.util.Log;
 
 import androidx.annotation.VisibleForTesting;
 import androidx.appcompat.app.AlertDialog;
@@ -46,6 +48,7 @@ import com.android.settingslib.core.instrumentation.MetricsFeatureProvider;
 public class UsageAccessDetails extends AppInfoWithHeader implements OnPreferenceChangeListener,
         OnPreferenceClickListener {
 
+    private static final String TAG = UsageAccessDetails.class.getSimpleName();
     private static final String KEY_APP_OPS_PREFERENCE_SCREEN = "app_ops_preference_screen";
     private static final String KEY_APP_OPS_SETTINGS_SWITCH = "app_ops_settings_switch";
     private static final String KEY_APP_OPS_SETTINGS_DESC = "app_ops_settings_description";
@@ -65,6 +68,11 @@ public class UsageAccessDetails extends AppInfoWithHeader implements OnPreferenc
         super.onCreate(savedInstanceState);
 
         Context context = getActivity();
+        if (TextUtils.equals(mPackageName, context.getPackageName())) {
+            Log.w(TAG, "Unsupported app package.");
+            finish();
+        }
+
         mUsageBridge = new AppStateUsageBridge(context, mState, null);
         mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
         mDpm = context.getSystemService(DevicePolicyManager.class);