From d1ce82ae8b5ff9c32480234ceab84f6679fe2885 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Mon, 8 Jun 2015 17:21:19 +0100 Subject: [PATCH] Defensively load untrusted icons from account authenticator Catch Resources.NotFoundException which should cover all parsing errors from loadDrawables(); also substitute a default icon if parsing returns null. Bug: 17760671 Change-Id: Ia0ec25e34974ed85b6ffe6882d5bce003d64e9d6 --- src/com/android/settings/MasterClear.java | 11 +++++++---- .../settings/accounts/AuthenticatorHelper.java | 3 ++- .../settings/accounts/ChooseAccountActivity.java | 11 +++++++---- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/com/android/settings/MasterClear.java b/src/com/android/settings/MasterClear.java index 23f6812289d..6ab36c1f3d5 100644 --- a/src/com/android/settings/MasterClear.java +++ b/src/com/android/settings/MasterClear.java @@ -234,15 +234,18 @@ public class MasterClear extends InstrumentedFragment { authContext.getDrawable(desc.iconId), userHandle); } } catch (PackageManager.NameNotFoundException e) { - Log.w(TAG, "No icon for account type " + desc.type); + Log.w(TAG, "Bad package name for account type " + desc.type); + } catch (Resources.NotFoundException e) { + Log.w(TAG, "Invalid icon id for account type " + desc.type, e); + } + if (icon == null) { + icon = context.getPackageManager().getDefaultActivityIcon(); } TextView child = (TextView)inflater.inflate(R.layout.master_clear_account, contents, false); child.setText(account.name); - if (icon != null) { - child.setCompoundDrawablesWithIntrinsicBounds(icon, null, null, null); - } + child.setCompoundDrawablesWithIntrinsicBounds(icon, null, null, null); contents.addView(child); } } diff --git a/src/com/android/settings/accounts/AuthenticatorHelper.java b/src/com/android/settings/accounts/AuthenticatorHelper.java index 86e0da5e804..56a689cc6b7 100644 --- a/src/com/android/settings/accounts/AuthenticatorHelper.java +++ b/src/com/android/settings/accounts/AuthenticatorHelper.java @@ -96,7 +96,8 @@ final public class AuthenticatorHelper extends BroadcastReceiver { /** * Gets an icon associated with a particular account type. If none found, return null. * @param accountType the type of account - * @return a drawable for the icon or null if one cannot be found. + * @return a drawable for the icon or a default icon returned by + * {@link PackageManager#getDefaultActivityIcon} if one cannot be found. */ public Drawable getDrawableForType(Context context, final String accountType) { Drawable icon = null; diff --git a/src/com/android/settings/accounts/ChooseAccountActivity.java b/src/com/android/settings/accounts/ChooseAccountActivity.java index c4dace8d1d1..12077af594f 100644 --- a/src/com/android/settings/accounts/ChooseAccountActivity.java +++ b/src/com/android/settings/accounts/ChooseAccountActivity.java @@ -214,7 +214,8 @@ public class ChooseAccountActivity extends InstrumentedPreferenceActivity { /** * Gets an icon associated with a particular account type. If none found, return null. * @param accountType the type of account - * @return a drawable for the icon or null if one cannot be found. + * @return a drawable for the icon or a default icon returned by + * {@link PackageManager#getDefaultActivityIcon} if one cannot be found. */ protected Drawable getDrawableForType(final String accountType) { Drawable icon = null; @@ -225,14 +226,16 @@ public class ChooseAccountActivity extends InstrumentedPreferenceActivity { icon = getPackageManager().getUserBadgedIcon( authContext.getDrawable(desc.iconId), mUserHandle); } catch (PackageManager.NameNotFoundException e) { - // TODO: place holder icon for missing account icons? Log.w(TAG, "No icon name for account type " + accountType); } catch (Resources.NotFoundException e) { - // TODO: place holder icon for missing account icons? Log.w(TAG, "No icon resource for account type " + accountType); } } - return icon; + if (icon != null) { + return icon; + } else { + return getPackageManager().getDefaultActivityIcon(); + } } /**