Make sure that external callers cannot pass in the confirm bypass extra
Security fix for vulnerability where an app could launch into the screen lock change dialog without first confirming the existing password/pattern. Also, make sure that the fragments are launched with the correct corresponding activity. Bug: 9858403 Change-Id: I0f2c00a44abeb624c6fba0497bf6036a6f1a4564
This commit is contained in:
Amith Yamasani
@@ -959,7 +959,6 @@
|
|||||||
|
|
||||||
<!-- Second and third-level settings -->
|
<!-- Second and third-level settings -->
|
||||||
|
|
||||||
|
|
||||||
<!-- Lock screen settings -->
|
<!-- Lock screen settings -->
|
||||||
<activity android:name="ConfirmLockPattern"/>
|
<activity android:name="ConfirmLockPattern"/>
|
||||||
|
|
||||||
@@ -975,6 +974,11 @@
|
|||||||
</intent-filter>
|
</intent-filter>
|
||||||
</activity>
|
</activity>
|
||||||
|
|
||||||
|
<activity android:name="ChooseLockGeneric$InternalActivity" android:exported="false"
|
||||||
|
android:label="@string/lockpassword_choose_lock_generic_header"
|
||||||
|
android:excludeFromRecents="true"
|
||||||
|
/>
|
||||||
|
|
||||||
<activity android:name="ChooseLockPattern" android:exported="false"/>
|
<activity android:name="ChooseLockPattern" android:exported="false"/>
|
||||||
|
|
||||||
<activity android:name="ChooseLockPassword" android:exported="false"
|
<activity android:name="ChooseLockPassword" android:exported="false"
|
||||||
|
|||||||
@@ -45,6 +45,9 @@ public class ChooseLockGeneric extends PreferenceActivity {
|
|||||||
return modIntent;
|
return modIntent;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class InternalActivity extends ChooseLockGeneric {
|
||||||
|
}
|
||||||
|
|
||||||
public static class ChooseLockGenericFragment extends SettingsPreferenceFragment {
|
public static class ChooseLockGenericFragment extends SettingsPreferenceFragment {
|
||||||
private static final int MIN_PASSWORD_LENGTH = 4;
|
private static final int MIN_PASSWORD_LENGTH = 4;
|
||||||
private static final String KEY_UNLOCK_BACKUP_INFO = "unlock_backup_info";
|
private static final String KEY_UNLOCK_BACKUP_INFO = "unlock_backup_info";
|
||||||
@@ -80,7 +83,9 @@ public class ChooseLockGeneric extends PreferenceActivity {
|
|||||||
// Defaults to needing to confirm credentials
|
// Defaults to needing to confirm credentials
|
||||||
final boolean confirmCredentials = getActivity().getIntent()
|
final boolean confirmCredentials = getActivity().getIntent()
|
||||||
.getBooleanExtra(CONFIRM_CREDENTIALS, true);
|
.getBooleanExtra(CONFIRM_CREDENTIALS, true);
|
||||||
mPasswordConfirmed = !confirmCredentials;
|
if (getActivity() instanceof ChooseLockGeneric.InternalActivity) {
|
||||||
|
mPasswordConfirmed = !confirmCredentials;
|
||||||
|
}
|
||||||
|
|
||||||
if (savedInstanceState != null) {
|
if (savedInstanceState != null) {
|
||||||
mPasswordConfirmed = savedInstanceState.getBoolean(PASSWORD_CONFIRMED);
|
mPasswordConfirmed = savedInstanceState.getBoolean(PASSWORD_CONFIRMED);
|
||||||
@@ -303,7 +308,8 @@ public class ChooseLockGeneric extends PreferenceActivity {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private Intent getBiometricSensorIntent() {
|
private Intent getBiometricSensorIntent() {
|
||||||
Intent fallBackIntent = new Intent().setClass(getActivity(), ChooseLockGeneric.class);
|
Intent fallBackIntent = new Intent().setClass(getActivity(),
|
||||||
|
ChooseLockGeneric.InternalActivity.class);
|
||||||
fallBackIntent.putExtra(LockPatternUtils.LOCKSCREEN_BIOMETRIC_WEAK_FALLBACK, true);
|
fallBackIntent.putExtra(LockPatternUtils.LOCKSCREEN_BIOMETRIC_WEAK_FALLBACK, true);
|
||||||
fallBackIntent.putExtra(CONFIRM_CREDENTIALS, false);
|
fallBackIntent.putExtra(CONFIRM_CREDENTIALS, false);
|
||||||
fallBackIntent.putExtra(EXTRA_SHOW_FRAGMENT_TITLE,
|
fallBackIntent.putExtra(EXTRA_SHOW_FRAGMENT_TITLE,
|
||||||
|
|||||||
@@ -153,6 +153,9 @@ public class ChooseLockPassword extends PreferenceActivity {
|
|||||||
super.onCreate(savedInstanceState);
|
super.onCreate(savedInstanceState);
|
||||||
mLockPatternUtils = new LockPatternUtils(getActivity());
|
mLockPatternUtils = new LockPatternUtils(getActivity());
|
||||||
Intent intent = getActivity().getIntent();
|
Intent intent = getActivity().getIntent();
|
||||||
|
if (!(getActivity() instanceof ChooseLockPassword)) {
|
||||||
|
throw new SecurityException("Fragment contained in wrong activity");
|
||||||
|
}
|
||||||
mRequestedQuality = Math.max(intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY,
|
mRequestedQuality = Math.max(intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY,
|
||||||
mRequestedQuality), mLockPatternUtils.getRequestedPasswordQuality());
|
mRequestedQuality), mLockPatternUtils.getRequestedPasswordQuality());
|
||||||
mPasswordMinLength = Math.max(
|
mPasswordMinLength = Math.max(
|
||||||
|
|||||||
@@ -301,6 +301,9 @@ public class ChooseLockPattern extends PreferenceActivity {
|
|||||||
public void onCreate(Bundle savedInstanceState) {
|
public void onCreate(Bundle savedInstanceState) {
|
||||||
super.onCreate(savedInstanceState);
|
super.onCreate(savedInstanceState);
|
||||||
mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
|
mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
|
||||||
|
if (!(getActivity() instanceof ChooseLockPattern)) {
|
||||||
|
throw new SecurityException("Fragment contained in wrong activity");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -331,7 +334,7 @@ public class ChooseLockPattern extends PreferenceActivity {
|
|||||||
topLayout.setDefaultTouchRecepient(mLockPatternView);
|
topLayout.setDefaultTouchRecepient(mLockPatternView);
|
||||||
|
|
||||||
final boolean confirmCredentials = getActivity().getIntent()
|
final boolean confirmCredentials = getActivity().getIntent()
|
||||||
.getBooleanExtra("confirm_credentials", false);
|
.getBooleanExtra("confirm_credentials", true);
|
||||||
|
|
||||||
if (savedInstanceState == null) {
|
if (savedInstanceState == null) {
|
||||||
if (confirmCredentials) {
|
if (confirmCredentials) {
|
||||||
|
|||||||
Reference in New Issue
Block a user