From 2c1b1aa81346c68179a88bad31f23ed976517954 Mon Sep 17 00:00:00 2001
From: Binyi Wu <binyiwu@google.com>
Date: Tue, 6 Sep 2022 17:58:53 +0800
Subject: [PATCH] Prevent intent defined in AccountPreference from leaking
 access

Intent defined in AccountPreferences can grant Settings protected ContentProviders' access to authenticator app. We'll explicitly set an empty ClipData to avoid being used for unexpected access grant.

Test: manual, refer to #comment5 in bug for repro steps
Bug: 220733496
Change-Id: I85c22c9a7d72b8a55472d366d8adb6a75ac5c8a5
---
 .../settings/accounts/AccountTypePreferenceLoader.java        | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
index 42bb34a0ee4..f1b5be109d2 100644
--- a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
+++ b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
@@ -19,6 +19,7 @@ package com.android.settings.accounts;
 
 import android.accounts.Account;
 import android.accounts.AuthenticatorDescription;
+import android.content.ClipData;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.ActivityInfo;
@@ -164,6 +165,9 @@ public class AccountTypePreferenceLoader {
                                  * exploiting the fact that settings has system privileges.
                                  */
                             if (isSafeIntent(pm, prefIntent, acccountType)) {
+                                // Explicitly set an empty ClipData to ensure that we don't offer to
+                                // promote any Uris contained inside for granting purposes
+                                prefIntent.setClipData(ClipData.newPlainText(null, null));
                                 mFragment.getActivity().startActivityAsUser(
                                     prefIntent, mUserHandle);
                             } else {