am e8e7b9b3: Added a check if a custom activity can be started

* commit 'e8e7b9b3811b3295454298b02f136adf0527d1da': Added a check if a custom activity can be started
2015-01-29 18:01:00 +00:00
parent 663b4e9733 e8e7b9b381
commit e3904c4f09
1 changed files with 21 additions and 0 deletions
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -28,6 +28,7 @@ import android.content.DialogInterface;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.content.RestrictionEntry;
+import android.content.pm.ActivityInfo;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.IPackageManager;
 import android.content.pm.PackageInfo;
@@ -839,6 +840,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
                p.setOnPreferenceClickListener(new OnPreferenceClickListener() {
                    @Override
                    public boolean onPreferenceClick(Preference preference) {
+                        assertSafeToStartCustomActivity(customIntent);
                        int requestCode = generateCustomActivityRequestCode(
                                RestrictionsResultReceiver.this.preference);
                        AppRestrictionsFragment.this.startActivityForResult(
@@ -853,6 +855,25 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
                preference.setRestrictions(restrictions);
            }
        }
+
+        private void assertSafeToStartCustomActivity(Intent intent) {
+            // Activity can be started if it belongs to the same app
+            if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
+                return;
+            }
+            // Activity can be started if intent resolves to multiple activities
+            List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager
+                    .queryIntentActivities(intent, 0 /* no flags */);
+            if (resolveInfos.size() != 1) {
+                return;
+            }
+            // Prevent potential privilege escalation
+            ActivityInfo activityInfo = resolveInfos.get(0).activityInfo;
+            if (!packageName.equals(activityInfo.packageName)) {
+                throw new SecurityException("Application " + packageName
+                        + " is not allowed to start activity " + intent);
+            };
+        }
    }

    private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName,