PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585

Change-Id: Icd26ee5a31e0cc7e11edaf6c542b045ab3a7ff01
This commit is contained in:
Edgar Wang
2022-01-13 06:50:30 +00:00
committed by Automerger Merge Worker
parent c96d9867c5 f57d75f127
commit c0d6987e06
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/com/android/settings/users/AppRestrictionsFragment.java
View File

@@ -18,6 +18,7 @@ package com.android.settings.users;
import android.app.Activity; import android.app.Activity;
import android.app.settings.SettingsEnums; import android.app.settings.SettingsEnums;
import android.content.ActivityNotFoundException;
import android.content.BroadcastReceiver; import android.content.BroadcastReceiver;
import android.content.Context; import android.content.Context;
import android.content.Intent; import android.content.Intent;
@@ -37,6 +38,7 @@ import android.os.RemoteException;
import android.os.ServiceManager; import android.os.ServiceManager;
import android.os.UserHandle; import android.os.UserHandle;
import android.os.UserManager; import android.os.UserManager;
import android.util.EventLog;
import android.util.Log; import android.util.Log;
import android.view.View; import android.view.View;
import android.view.View.OnClickListener; import android.view.View.OnClickListener;
@@ -635,7 +637,15 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
} else if (restrictionsIntent != null) { } else if (restrictionsIntent != null) {
preference.setRestrictions(restrictions); preference.setRestrictions(restrictions);
if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) { if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) {
try {
assertSafeToStartCustomActivity(restrictionsIntent); assertSafeToStartCustomActivity(restrictionsIntent);
} catch (ActivityNotFoundException | SecurityException e) {
// return without startActivity
Log.e(TAG, "Cannot start restrictionsIntent " + e);
EventLog.writeEvent(0x534e4554, "200688991", -1 /* UID */, "");
return;
}
int requestCode = generateCustomActivityRequestCode( int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference); RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult( AppRestrictionsFragment.this.startActivityForResult(
@@ -649,14 +659,14 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
if (intent.getPackage() != null && intent.getPackage().equals(packageName)) { if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
return; return;
} }
// Activity can be started if intent resolves to multiple activities ResolveInfo resolveInfo = mPackageManager.resolveActivity(
List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager intent, PackageManager.MATCH_DEFAULT_ONLY);
.queryIntentActivities(intent, 0 /* no flags */);
if (resolveInfos.size() != 1) { if (resolveInfo == null) {
return; throw new ActivityNotFoundException("No result for resolving " + intent);
} }
// Prevent potential privilege escalation // Prevent potential privilege escalation
ActivityInfo activityInfo = resolveInfos.get(0).activityInfo; ActivityInfo activityInfo = resolveInfo.activityInfo;
if (!packageName.equals(activityInfo.packageName)) { if (!packageName.equals(activityInfo.packageName)) {
throw new SecurityException("Application " + packageName throw new SecurityException("Application " + packageName
+ " is not allowed to start activity " + intent); + " is not allowed to start activity " + intent);