From 8274b6770219a469ab8a5254206d0d81bd5c96d3 Mon Sep 17 00:00:00 2001
From: Dianne Hackborn <hackbod@google.com>
Date: Wed, 22 May 2013 11:29:36 -0700
Subject: [PATCH] Fix issue #9074296: Device Admins can activate in a way...

...that makes it impossible to deactive/uninstall them

Don't allow device admins to directly launch the add UI if
they are malformed.

Change-Id: I0d3140222d8015f680e1f199bddae2221ee0e726
---
 src/com/android/settings/DeviceAdminAdd.java | 36 ++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/DeviceAdminAdd.java b/src/com/android/settings/DeviceAdminAdd.java
index b2145b04594..27e7a54c4e3 100644
--- a/src/com/android/settings/DeviceAdminAdd.java
+++ b/src/com/android/settings/DeviceAdminAdd.java
@@ -50,6 +50,8 @@ import android.widget.TextView;
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
 
 public class DeviceAdminAdd extends Activity {
     static final String TAG = "DeviceAdminAdd";
@@ -104,7 +106,7 @@ public class DeviceAdminAdd extends Activity {
             finish();
             return;
         }
-        
+
         ActivityInfo ai;
         try {
             ai = getPackageManager().getReceiverInfo(cn, PackageManager.GET_META_DATA);
@@ -113,7 +115,37 @@ public class DeviceAdminAdd extends Activity {
             finish();
             return;
         }
-        
+
+        // Make sure the given component name is actually a valid device admin.
+        List<ResolveInfo> avail = getPackageManager().queryBroadcastReceivers(
+                new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
+                PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS);
+        int count = avail == null ? 0 : avail.size();
+        boolean found = false;
+        for (int i=0; i<count; i++) {
+            ResolveInfo ri = avail.get(i);
+            if (ai.packageName.equals(ri.activityInfo.packageName)
+                    && ai.name.equals(ri.activityInfo.name)) {
+                try {
+                    // We didn't retrieve the meta data for all possible matches, so
+                    // need to use the activity info of this specific one that was retrieved.
+                    ri.activityInfo = ai;
+                    DeviceAdminInfo dpi = new DeviceAdminInfo(this, ri);
+                    found = true;
+                } catch (XmlPullParserException e) {
+                    Log.w(TAG, "Bad " + ri.activityInfo, e);
+                } catch (IOException e) {
+                    Log.w(TAG, "Bad " + ri.activityInfo, e);
+                }
+                break;
+            }
+        }
+        if (!found) {
+            Log.w(TAG, "Request to add invalid device admin: " + cn);
+            finish();
+            return;
+        }
+
         ResolveInfo ri = new ResolveInfo();
         ri.activityInfo = ai;
         try {