Block the content scheme intent in AccountTypePreferenceLoader am: 8fa1dcb034 am: b5bf33ab76 am: 26e1224ea6

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/30469374

Change-Id: I5bc99dfe4750532359151f4fadda26567828ad90
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

@@ -20,6 +20,7 @@ package com.android.settings.accounts;
 import android.accounts.Account;
 import android.accounts.AuthenticatorDescription;
 import android.content.ClipData;
+import android.content.ContentResolver;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.ActivityInfo;
@@ -185,7 +186,7 @@ public class AccountTypePreferenceLoader {
                                     prefIntent, mUserHandle);
                             } else {
                                 Log.e(TAG,
-                                    "Refusing to launch authenticator intent because"
+                                        "Refusing to launch authenticator intent because "
                                                 + "it exploits Settings permissions: "
                                                 + prefIntent);
                             }
@@ -241,13 +242,19 @@ public class AccountTypePreferenceLoader {
     }
 
     /**
-     * Determines if the supplied Intent is safe. A safe intent is one that is
+     * Determines if the supplied Intent is safe. A safe intent is one that
-     * will launch a exported=true activity or owned by the same uid as the
+     * will launch an exported=true activity or owned by the same uid as the
      * authenticator supplying the intent.
      */
-    private boolean isSafeIntent(PackageManager pm, Intent intent, String acccountType) {
+    @VisibleForTesting
+    boolean isSafeIntent(PackageManager pm, Intent intent, String accountType) {
+        if (TextUtils.equals(intent.getScheme(), ContentResolver.SCHEME_CONTENT)) {
+            Log.e(TAG, "Intent with a content scheme is unsafe.");
+            return false;
+        }
+
         AuthenticatorDescription authDesc =
-            mAuthenticatorHelper.getAccountTypeDescription(acccountType);
+                mAuthenticatorHelper.getAccountTypeDescription(accountType);
         ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mUserHandle.getIdentifier());
         if (resolveInfo == null) {
             return false;

tests/robotests/src/com/android/settings/accounts/AccountTypePreferenceLoaderTest.java

@@ -16,6 +16,8 @@
 
 package com.android.settings.accounts;
 
+import static com.google.common.truth.Truth.assertThat;
+
 import static org.mockito.Answers.RETURNS_DEEP_STUBS;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.mock;
@@ -26,8 +28,11 @@ import static org.mockito.Mockito.when;
 import android.accounts.Account;
 import android.accounts.AccountManager;
 import android.accounts.AuthenticatorDescription;
+import android.content.ClipData;
 import android.content.Context;
+import android.content.Intent;
 import android.content.pm.PackageManager;
+import android.net.Uri;
 import android.os.UserHandle;
 
 import androidx.preference.Preference;
@@ -129,4 +134,13 @@ public class AccountTypePreferenceLoaderTest {
         verify(mPrefLoader).updatePreferenceIntents(prefGroup4, acctType, mAccount);
         verify(mPrefLoader).updatePreferenceIntents(prefGroup41, acctType, mAccount);
     }
+
+    @Test
+    public void isSafeIntent_hasContextScheme_returnFalse() {
+        Intent intent = new Intent();
+        intent.setClipData(ClipData.newRawUri(null,
+                Uri.parse("content://com.android.settings.files/my_cache/NOTICE.html")));
+
+        assertThat(mPrefLoader.isSafeIntent(mPackageManager, intent, mAccount.type)).isFalse();
+    }
 }