PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix the potential DOS issue for the Settings Apps page

Browse Source 
The usage access permission of Settings app could be turned off by
starting the activity with USAGE_ACCESS_SETTINGS. Once the Settings app
loses the usage access permission, it will crash the Apps page which
depends on the usage to show recent apps. And this symptom will persist
even with device reboot.

To fix this vulnerability, we can add a package check in onCreate() to
avoid someone trying to start USAGE_ACCESS_SETTINGS with the Settings
package from third party apps.

Bug: 264260808
Test: Manually verify solution with the repro steps and also test the
normal visiting behavior.
Change-Id: If7cb0880e706369504e432b1f1104d06b1fcfa26

Change-Id: I70871aed763d14a79e474547c77c20a9677af6ff
This commit is contained in:
Yanting Yang
2023-03-30 18:51:31 +08:00
parent 5c114b11bd
commit 56e07c25b3
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/com/android/settings/applications/UsageAccessDetails.java
View File

@@ -30,6 +30,8 @@ import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.os.Bundle;
import android.provider.Settings;
import android.text.TextUtils;
import android.util.Log;
import androidx.annotation.VisibleForTesting;
import androidx.appcompat.app.AlertDialog;
@@ -46,6 +48,7 @@ import com.android.settingslib.core.instrumentation.MetricsFeatureProvider;
public class UsageAccessDetails extends AppInfoWithHeader implements OnPreferenceChangeListener,
OnPreferenceClickListener {
private static final String TAG = UsageAccessDetails.class.getSimpleName();
private static final String KEY_APP_OPS_PREFERENCE_SCREEN = "app_ops_preference_screen";
private static final String KEY_APP_OPS_SETTINGS_SWITCH = "app_ops_settings_switch";
private static final String KEY_APP_OPS_SETTINGS_DESC = "app_ops_settings_description";
@@ -65,6 +68,11 @@ public class UsageAccessDetails extends AppInfoWithHeader implements OnPreferenc
super.onCreate(savedInstanceState);
Context context = getActivity();
if (TextUtils.equals(mPackageName, context.getPackageName())) {
Log.w(TAG, "Unsupported app package.");
finish();
}
mUsageBridge = new AppStateUsageBridge(context, mState, null);
mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
mDpm = context.getSystemService(DevicePolicyManager.class);