PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Prevent intent defined in AccountPreference from leaking access" into tm-qpr-dev am: effd45b308

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/19852695

Change-Id: I682ca9613cd67d56d1a6b8882b986abe15f140b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Binyi Wu
2022-09-21 22:20:43 +00:00
committed by Automerger Merge Worker
parent f50089ff29 effd45b308
commit b2aa91a331
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/android/settings/accounts/AccountTypePreferenceLoader.java
View File

@@ -19,6 +19,7 @@ package com.android.settings.accounts;
import android.accounts.Account;
import android.accounts.AuthenticatorDescription;
import android.content.ClipData;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ActivityInfo;
@@ -164,6 +165,9 @@ public class AccountTypePreferenceLoader {
* exploiting the fact that settings has system privileges.
*/
if (isSafeIntent(pm, prefIntent, acccountType)) {
// Explicitly set an empty ClipData to ensure that we don't offer to
// promote any Uris contained inside for granting purposes
prefIntent.setClipData(ClipData.newPlainText(null, null));
mFragment.getActivity().startActivityAsUser(
prefIntent, mUserHandle);
} else {