PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a check if a custom activity can be started

Browse Source 
AppRestrictionsFragment starts an activity using an intent provided by the
receiver. A check was added to prevent an app from starting an activity that
it does not own.

Bug: 14441412
Change-Id: Ia6820b1daf3783d605b92976c78cb522b17dc8f2
(cherry picked from commit 07ab95c43e)
This commit is contained in:
Fyodor Kupolov
2014-11-18 15:08:12 -08:00
committed by Jon Larimer
parent 61ced6d427
commit f11f9f47d3
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/com/android/settings/users/AppRestrictionsFragment.java
View File

@@ -24,6 +24,7 @@ import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.IntentFilter; import android.content.IntentFilter;
import android.content.RestrictionEntry; import android.content.RestrictionEntry;
import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo; import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager; import android.content.pm.IPackageManager;
import android.content.pm.PackageInfo; import android.content.pm.PackageInfo;
@@ -924,6 +925,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
} else if (restrictionsIntent != null) { } else if (restrictionsIntent != null) {
preference.setRestrictions(restrictions); preference.setRestrictions(restrictions);
if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) { if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) {
assertSafeToStartCustomActivity(restrictionsIntent);
int requestCode = generateCustomActivityRequestCode( int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference); RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult( AppRestrictionsFragment.this.startActivityForResult(
@@ -931,6 +933,25 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
} }
} }
} }
private void assertSafeToStartCustomActivity(Intent intent) {
// Activity can be started if it belongs to the same app
if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
return;
}
// Activity can be started if intent resolves to multiple activities
List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager
.queryIntentActivities(intent, 0 /* no flags */);
if (resolveInfos.size() != 1) {
return;
}
// Prevent potential privilege escalation
ActivityInfo activityInfo = resolveInfos.get(0).activityInfo;
if (!packageName.equals(activityInfo.packageName)) {
throw new SecurityException("Application " + packageName
+ " is not allowed to start activity " + intent);
};
}
} }
private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName, private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName,