From 09a6899fc2271d260ec2979b1afc8eef1847b34a Mon Sep 17 00:00:00 2001 From: changbetty Date: Wed, 21 Dec 2022 10:16:10 +0000 Subject: [PATCH 1/9] Change the intent flag to immutable Bug: 256590210 Test: make RunSettingsRoboTests ROBOTEST_FILTER=MediaVolumePreferenceControllerTest Change-Id: I68132f863027fab19351b4fdbc363e5c274e3327 --- .../notification/MediaVolumePreferenceController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/com/android/settings/notification/MediaVolumePreferenceController.java b/src/com/android/settings/notification/MediaVolumePreferenceController.java index 0ddba089b7c..443f748f7d9 100644 --- a/src/com/android/settings/notification/MediaVolumePreferenceController.java +++ b/src/com/android/settings/notification/MediaVolumePreferenceController.java @@ -124,7 +124,7 @@ public class MediaVolumePreferenceController extends VolumeSeekBarPreferenceCont getWorker().getActiveLocalMediaController().getPackageName()); pi = PendingIntent.getBroadcast(context, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } else { final CachedBluetoothDevice bluetoothDevice = ((BluetoothMediaDevice) mMediaDevice).getCachedDevice(); @@ -141,7 +141,7 @@ public class MediaVolumePreferenceController extends VolumeSeekBarPreferenceCont && getWorker().getActiveLocalMediaController() != null); pi = PendingIntent.getActivity(context, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } final IconCompat icon = getBroadcastIcon(context); From 0dcd6a5492fae67e0d7f1fb83f6d4db7eaa15b55 Mon Sep 17 00:00:00 2001 From: changbetty Date: Wed, 21 Dec 2022 10:16:10 +0000 Subject: [PATCH 2/9] [RESTRICT AUTOMERGE] Change the intent flag to immutable Bug: 256590210 Test: make RunSettingsRoboTests ROBOTEST_FILTER=MediaVolumePreferenceControllerTest Change-Id: I68132f863027fab19351b4fdbc363e5c274e3327 Merged-In: I68132f863027fab19351b4fdbc363e5c274e3327 --- .../notification/MediaVolumePreferenceController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/com/android/settings/notification/MediaVolumePreferenceController.java b/src/com/android/settings/notification/MediaVolumePreferenceController.java index 05c8e033930..ccde9370580 100644 --- a/src/com/android/settings/notification/MediaVolumePreferenceController.java +++ b/src/com/android/settings/notification/MediaVolumePreferenceController.java @@ -120,7 +120,7 @@ public class MediaVolumePreferenceController extends VolumeSeekBarPreferenceCont getWorker().getActiveLocalMediaController().getPackageName()); pi = PendingIntent.getBroadcast(context, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } else { final CachedBluetoothDevice bluetoothDevice = ((BluetoothMediaDevice) mMediaDevice).getCachedDevice(); @@ -135,7 +135,7 @@ public class MediaVolumePreferenceController extends VolumeSeekBarPreferenceCont bluetoothDevice.getAddress()); pi = PendingIntent.getActivity(context, 0 /* requestCode */, intent, - PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE); + PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE); } final IconCompat icon = getBroadcastIcon(context); From f3b323e378ee5d98875711216cbd92f4fa795fc0 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 3/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java index 18cb4b3b80b..54455d4f110 100755 --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -408,7 +408,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } menu.findItem(ACCESS_RESTRICTED_SETTINGS).setVisible(shouldShowAccessRestrictedSettings()); mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); From 22e4eebafe1bb646618fa4b64e5038a9dc00ac14 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 4/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java index 18cb4b3b80b..54455d4f110 100755 --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -408,7 +408,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } menu.findItem(ACCESS_RESTRICTED_SETTINGS).setVisible(shouldShowAccessRestrictedSettings()); mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); From 9191ec13e25e28fa9d6afbbb0573557c7b891520 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 5/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java old mode 100755 new mode 100644 index dbe03d9b2f8..2a705e220c0 --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -385,7 +385,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean( From 0616b484e963a649bcc465143c46eaaf6a078b3b Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 6/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java old mode 100755 new mode 100644 index dbe03d9b2f8..2a705e220c0 --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -385,7 +385,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean( From 16500a7ada6b0730bec2787055667c4394fa3468 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 7/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java old mode 100755 new mode 100644 index dbe03d9b2f8..2a705e220c0 --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -385,7 +385,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean( From 1a43a98334d7222b4ab1713721652c0ad7bbe8c2 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 8/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java old mode 100755 new mode 100644 index 69ddd58ae40..784908f27dd --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -373,7 +373,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean( From 86914bedc84474c152e4536fb3cfa2fb488030b8 Mon Sep 17 00:00:00 2001 From: Yanting Yang Date: Wed, 4 Jan 2023 09:40:38 +0000 Subject: [PATCH 9/9] Add DISALLOW_APPS_CONTROL check into uninstall app for all users Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 --- .../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java old mode 100755 new mode 100644 index 69ddd58ae40..784908f27dd --- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java +++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java @@ -373,7 +373,13 @@ public class AppInfoDashboardFragment extends DashboardFragment return; } super.onPrepareOptionsMenu(menu); - menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry)); + final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU); + uninstallAllUsersItem.setVisible( + shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem); + if (uninstallAllUsersItem.isVisible()) { + RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(), + uninstallAllUsersItem, mAppsControlDisallowedAdmin); + } mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES); final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean(