PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PendingIntent in MediaOutputIndicatorSlice could be Hijacked

Browse Source 
-Add setPackage() to prevent local information disclosure

Bug: 151645695
Test: make -j42 RunSettingsRoboTests
Change-Id: I74c058a381fceb85695dd76d354fb49f878f9142
This commit is contained in:
Tim Peng
2020-03-30 10:51:57 +08:00
committed by tim peng
parent ddd8a8fa92
commit e4ccbbec67
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/com/android/settings/media/MediaOutputIndicatorSlice.java
View File

@@ -106,6 +106,7 @@ public class MediaOutputIndicatorSlice implements CustomSliceable {
public void onNotifyChange(Intent i) { public void onNotifyChange(Intent i) {
final MediaController mediaController = getWorker().getActiveLocalMediaController(); final MediaController mediaController = getWorker().getActiveLocalMediaController();
final Intent intent = new Intent() final Intent intent = new Intent()
.setPackage(Utils.SETTINGS_PACKAGE_NAME)
.setAction(MediaOutputSliceConstants.ACTION_MEDIA_OUTPUT) .setAction(MediaOutputSliceConstants.ACTION_MEDIA_OUTPUT)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
if (mediaController != null) { if (mediaController != null) {

5
tests/robotests/src/com/android/settings/media/MediaOutputIndicatorSliceTest.java
View File

@@ -42,6 +42,7 @@ import androidx.slice.SliceProvider;
import androidx.slice.widget.SliceLiveData; import androidx.slice.widget.SliceLiveData;
import com.android.settings.R; import com.android.settings.R;
import com.android.settings.Utils;
import com.android.settings.slices.SliceBackgroundWorker; import com.android.settings.slices.SliceBackgroundWorker;
import com.android.settings.testutils.shadow.ShadowBluetoothUtils; import com.android.settings.testutils.shadow.ShadowBluetoothUtils;
import com.android.settingslib.bluetooth.LocalBluetoothManager; import com.android.settingslib.bluetooth.LocalBluetoothManager;
@@ -202,6 +203,8 @@ public class MediaOutputIndicatorSliceTest {
assertThat(TextUtils.equals(TEST_PACKAGE_NAME, intentCaptor.getValue().getStringExtra( assertThat(TextUtils.equals(TEST_PACKAGE_NAME, intentCaptor.getValue().getStringExtra(
MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue(); MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue();
assertThat(TextUtils.equals(Utils.SETTINGS_PACKAGE_NAME, intentCaptor.getValue()
.getPackage())).isTrue();
assertThat(mToken == intentCaptor.getValue().getExtras().getParcelable( assertThat(mToken == intentCaptor.getValue().getExtras().getParcelable(
MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN)).isTrue(); MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN)).isTrue();
} }
@@ -217,6 +220,8 @@ public class MediaOutputIndicatorSliceTest {
assertThat(TextUtils.isEmpty(intentCaptor.getValue().getStringExtra( assertThat(TextUtils.isEmpty(intentCaptor.getValue().getStringExtra(
MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue(); MediaOutputSliceConstants.EXTRA_PACKAGE_NAME))).isTrue();
assertThat(TextUtils.equals(Utils.SETTINGS_PACKAGE_NAME, intentCaptor.getValue()
.getPackage())).isTrue();
assertThat(intentCaptor.getValue().getExtras().getParcelable( assertThat(intentCaptor.getValue().getExtras().getParcelable(
MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN) == null).isTrue(); MediaOutputSliceConstants.KEY_MEDIA_SESSION_TOKEN) == null).isTrue();
} }