Oli Lan
8950a90024
Prevent exfiltration of system files via user image settings.
...
This is a backport of ag/17005706.
This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.
The mitigations are:
1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.
2) Only allow a system handler to respond to the CROP intent.
Bug: 187702830
Test: build and check functionality
Change-Id: Ia6314b6810afb5efa0329f3eeaee9ccfff791966
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
2022-03-03 13:18:16 +00:00
Bill Yi
2ba7f57217
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: If35ec49c403221a9c6079cf4b4e60ffddbfd5f2e
2022-03-02 16:24:43 +00:00
Bill Yi
b07f4eca84
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: Icf0bc906bc6e41539af9fa4200ec6fe24d559b0f
2022-02-23 08:20:54 +00:00
Bill Yi
bfb1c0090c
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: I3127e1d696f00a9d496edaa5ed672ac1820da936
2022-02-18 03:13:28 +00:00
Jack Yu
5163fd7aea
[automerger skipped] Do not let guest user disable secure nfc am: 4e543a38f6 am: 46bd9ba5a5 -s ours am: cd6ce52ea4 -s ours am: 7093dea7f7 -s ours
...
am skip reason: Merged-In I7253f7f08fde04e30400a30d9a0d24f1ceff04b0 with SHA-1 a579ca7554https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691813
Change-Id: Ie7899cd8137c524e3fd39a0b50016fbae5d37120
2022-02-08 02:59:06 +00:00
Jack Yu
7093dea7f7
[automerger skipped] Do not let guest user disable secure nfc am: 4e543a38f6 am: 46bd9ba5a5 -s ours am: cd6ce52ea4 -s ours
...
am skip reason: Merged-In I7253f7f08fde04e30400a30d9a0d24f1ceff04b0 with SHA-1 a579ca7554https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691813
Change-Id: I186c750238d8f159b2d33e309c2aa9badf60ff64
2022-02-08 02:43:45 +00:00
Jack Yu
cd6ce52ea4
[automerger skipped] Do not let guest user disable secure nfc am: 4e543a38f6 am: 46bd9ba5a5 -s ours
...
am skip reason: Merged-In I7253f7f08fde04e30400a30d9a0d24f1ceff04b0 with SHA-1 a579ca7554https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691813
Change-Id: Ief5899b4af766d3d1c9283e4a5a4500ff66b9009
2022-02-08 02:30:37 +00:00
Jack Yu
46bd9ba5a5
Do not let guest user disable secure nfc am: 4e543a38f6
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691813
Change-Id: Iffe578c58bf2dcebda45b0b71dd901bd3e08be41
2022-02-08 02:15:55 +00:00
Jack Yu
4e543a38f6
Do not let guest user disable secure nfc
...
Bug: 209446496
Test: manual
Merged-In: I7253f7f08fde04e30400a30d9a0d24f1ceff04b0
Change-Id: I7253f7f08fde04e30400a30d9a0d24f1ceff04b0
(cherry picked from commit d9e3e6e4b1
2022-02-02 17:44:55 +00:00
Jack Yu
b85416796d
Do not let guest user disable secure nfc am: a579ca7554 am: 1009054124
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691815
Change-Id: I9879ba034ae2b8d7a964a4d6c9d700bad55b636e
2022-01-28 22:31:38 +00:00
Jack Yu
1009054124
Do not let guest user disable secure nfc am: a579ca7554
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16691815
Change-Id: Ic68c6849bb65875aea6286d415c66ae8a9f57dfa
2022-01-28 22:19:10 +00:00
Bill Yi
e4ca28a0d0
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: I09e6df9ed565dcd098d1b1a98c51786fe5d87785
2022-01-25 06:25:43 +00:00
Jack Yu
a579ca7554
Do not let guest user disable secure nfc
...
Bug: 209446496
Test: manual
Merged-In: I7253f7f08fde04e30400a30d9a0d24f1ceff04b0
Change-Id: I7253f7f08fde04e30400a30d9a0d24f1ceff04b0
(cherry picked from commit d9e3e6e4b1
2022-01-22 07:56:25 +00:00
TreeHugger Robot
572b59c465
Merge "Import translations. DO NOT MERGE ANYWHERE" into sc-dev
2022-01-14 18:09:51 +00:00
Bill Yi
a6f38c19f8
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: Ib7868c5698aef46813818165545a388552033564
2022-01-14 09:18:54 +00:00
Bill Yi
3bf676d7ce
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: Ic57de1e9085d2e5ebc2a4eaaa38bdcbc1af70090
2022-01-14 09:09:42 +00:00
TreeHugger Robot
8a91ea7add
[automerger skipped] Merge "Add caller check to com.android.credentials.RESET" into rvc-dev am: 3f6a48a552 -s ours am: 97729a9e16 -s ours
...
am skip reason: Merged-In I9dfde586616d004befbee529f2ae842d22795065 with SHA-1 35e3d0c1b0https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577204
Change-Id: If02ad441dd23232075e4fbe9b1927e795aed175e
2022-01-13 21:43:35 +00:00
TreeHugger Robot
616aecf1ec
[automerger skipped] Merge "Add caller check to com.android.credentials.RESET" into rvc-dev am: 3f6a48a552 -s ours am: 02a19ec59d -s ours
...
am skip reason: Merged-In I9dfde586616d004befbee529f2ae842d22795065 with SHA-1 35e3d0c1b0https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577204
Change-Id: Iacff1f7f942431bba6f09a9f500a8e60ea394824
2022-01-13 21:25:16 +00:00
TreeHugger Robot
97729a9e16
[automerger skipped] Merge "Add caller check to com.android.credentials.RESET" into rvc-dev am: 3f6a48a552 -s ours
...
am skip reason: Merged-In I9dfde586616d004befbee529f2ae842d22795065 with SHA-1 35e3d0c1b0https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577204
Change-Id: I0c4662c0cda74c28d2385ade52a345e84086bbc9
2022-01-13 21:06:55 +00:00
TreeHugger Robot
02a19ec59d
[automerger skipped] Merge "Add caller check to com.android.credentials.RESET" into rvc-dev am: 3f6a48a552 -s ours
...
am skip reason: Merged-In I9dfde586616d004befbee529f2ae842d22795065 with SHA-1 35e3d0c1b0https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577204
Change-Id: I34d7fec987c297fbb846888d9cf187d0a0f7321c
2022-01-13 21:06:50 +00:00
TreeHugger Robot
3f6a48a552
Merge "Add caller check to com.android.credentials.RESET" into rvc-dev
2022-01-13 20:43:35 +00:00
TreeHugger Robot
b04e0ab405
Merge "Add caller check to com.android.credentials.RESET" into sc-dev
2022-01-13 20:19:00 +00:00
TreeHugger Robot
01739e127c
[automerger skipped] Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 am: f43f129dc0 am: 67f53e247a -s ours
...
am skip reason: Merged-In I9dfde586616d004befbee529f2ae842d22795065 with SHA-1 35e3d0c1b0https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: Iff74bcb5c45d9bd9e2a7766fb00c38d289150d1e
2022-01-13 19:48:23 +00:00
TreeHugger Robot
ea3d0361c8
Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 am: f43f129dc0 am: d902f8c7d6
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: I490a23c20a60933dff04251cdf8ba4f24c361e97
2022-01-13 19:47:30 +00:00
TreeHugger Robot
67f53e247a
Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 am: f43f129dc0
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: I6593507b33223cf79fbf0e134651b78b93464a01
2022-01-13 19:35:55 +00:00
TreeHugger Robot
d902f8c7d6
Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 am: f43f129dc0
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: I7080ca5b236b6dd34cfe66789ef1a141d3b735cb
2022-01-13 19:35:50 +00:00
TreeHugger Robot
f43f129dc0
Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: Ibc94e102fc69e4e2052526e1ee000684c5d7724f
2022-01-13 19:18:08 +00:00
TreeHugger Robot
1ef5f42b54
Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205
Change-Id: I8dae6a8a3fd0ed7cde335ead1e4b760bb5a8d195
2022-01-13 19:04:05 +00:00
TreeHugger Robot
50b65a168a
Merge "Add caller check to com.android.credentials.RESET" into qt-dev
2022-01-13 18:50:36 +00:00
Edgar Wang
9d1b730058
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127 am: c0d6987e06 -s ours am: 7f848f44b6 -s ours am: 4002e2c124 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: I38dd848bc2c0f47649ee53a4c1815363a3e4ac57
2022-01-13 07:32:27 +00:00
Edgar Wang
4154382e01
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127 am: c0d6987e06 -s ours am: 7f848f44b6 -s ours am: 9624c50ac3 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: I3964ad2a91446210b9db2b549b13bacace3c44f0
2022-01-13 07:31:53 +00:00
Edgar Wang
4002e2c124
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127 am: c0d6987e06 -s ours am: 7f848f44b6 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: I587522a9692116826e16409f40c7fe3bebf4b362
2022-01-13 07:21:15 +00:00
Edgar Wang
9624c50ac3
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127 am: c0d6987e06 -s ours am: 7f848f44b6 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: I1f38d39b1da9d41bc9fbe5b9824bda7a3bcff77a
2022-01-13 07:21:11 +00:00
Edgar Wang
7f848f44b6
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127 am: c0d6987e06 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: I72f294f9e8817aa2a5d694dd870115322f1525ec
2022-01-13 07:09:00 +00:00
Edgar Wang
c0d6987e06
Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: f57d75f127
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579585
Change-Id: Icd26ee5a31e0cc7e11edaf6c542b045ab3a7ff01
2022-01-13 06:50:30 +00:00
Edgar Wang
c46233f2c6
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: dc44d01a16 am: e95b2c6c53 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 dc44d01a16https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579586
Change-Id: I07509ceb33acd71e7166e1b6b21fe314143720c1
2022-01-13 06:20:38 +00:00
Edgar Wang
0a298b167d
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: dc44d01a16 -s ours am: 463624d522 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 8e7cc8fa4dhttps://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579586
Change-Id: Ie5a778da092bf3055ec6ccc8641b684d7f54ad46
2022-01-13 05:45:13 +00:00
Edgar Wang
e95b2c6c53
Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: dc44d01a16
...
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579586
Change-Id: I3311a1514d0edeca1011642e2a368b7aa6eeb170
2022-01-13 05:40:08 +00:00
Edgar Wang
463624d522
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: dc44d01a16 -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 8e7cc8fa4dhttps://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579586
Change-Id: I5e42a5a8939af57523b1691c5f525df746e94ac1
2022-01-13 05:39:53 +00:00
Edgar Wang
edcb9c9b0e
[automerger skipped] Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment am: 8e7cc8fa4d -s ours
...
am skip reason: Merged-In Iaa2d3a9497c3266babe0789961befc9776a4db7a with SHA-1 9926187972https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16579587
Change-Id: I6bf44b9e56ac21a73b7ea20b756a4d93a438e485
2022-01-13 05:39:03 +00:00
Edgar Wang
2df76f6062
Merge "Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment" into sc-dev
2022-01-13 05:27:40 +00:00
Alex Johnston
ff07f8c34d
Merge "Add non system overlay flag to RequestManageCredentials" into sc-dev
2022-01-11 20:47:35 +00:00
Alex Johnston
6407b20ab3
Add caller check to com.android.credentials.RESET
...
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921
2022-01-10 17:45:00 +00:00
Alex Johnston
f8a1a563c7
Add caller check to com.android.credentials.RESET
...
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921
2022-01-10 17:39:47 +00:00
TreeHugger Robot
fad8ac95a4
Merge "Import translations. DO NOT MERGE ANYWHERE" into sc-dev
2022-01-09 05:14:26 +00:00
Bill Yi
9fed0efc79
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: I089bd7964eff40566f6e0e5f29419ffffd0e8525
2022-01-07 10:25:35 +00:00
Bill Yi
ac0bd999f1
Import translations. DO NOT MERGE ANYWHERE
...
Auto-generated-cl: translation import
Change-Id: If79c3e0fd0ebe9847befbf0f32184782cbc5f7e2
2022-01-07 10:14:50 +00:00
Edgar Wang
9926187972
Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment
...
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95
2022-01-07 04:24:53 +00:00
Edgar Wang
8e7cc8fa4d
Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment
...
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95
2022-01-07 04:24:28 +00:00
Edgar Wang
dc44d01a16
Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment
...
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95
2022-01-07 04:24:11 +00:00
