From f5062c2df86bc1f1034e780c7b19c29f8acecab5 Mon Sep 17 00:00:00 2001
From: Tsung-Mao Fang <tmfang@google.com>
Date: Fri, 30 Sep 2022 15:27:06 +0800
Subject: [PATCH] Guard FallbackHome activity behind permission

An attacker can launch FallbackHome of the Settings app
to reset unlock time. This would prevent the device from
sleeping because it runs the following code:
PowerManager#userActivity().

However, running PowerManager.userActivity() requires
android.permission.DEVICE_POWER or android.permission.USER_ACTIVITY.

So, let's add a permission to guard this activity.

Test: Rebuilt a rom and see no side effect.
Bug: 246543238
Change-Id: I23a1e352f76cbec3e8c07a1b58b94615f2779121
---
 AndroidManifest.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 0be2e2efbac..ebfbe6f5e41 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -3013,6 +3013,7 @@
                   android:taskAffinity="com.android.settings.FallbackHome"
                   android:exported="true"
                   android:theme="@style/FallbackHome"
+                  android:permission="android.permission.DEVICE_POWER"
                   android:configChanges="keyboardHidden">
             <intent-filter android:priority="-1000">
                 <action android:name="android.intent.action.MAIN" />