In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
- If WiFi configuration is not allowed, the WiFi QR code intent is
ignored.
- Add SafetyNet Logging to b/202017876.
Bug: 202017876
Test: manual test
make RunSettingsRoboTests ROBOTEST_FILTER=WifiDppEnrolleeActivityTest
Change-Id: I147d2f4f4fabe2e24d5d3eaaad701b81059e8eee
button style.
The operation of the Switch is not suitable for previewing the
screen saver and will make the user confused. So we change the
style of the screen saver widget back to the button style.
Fix: 189505023
Test: manually test the screen saver
Change-Id: I4a97d91cc0b76111d4cb7b6aa202f2207ee0ca5d
Bug: 180518134
Test: make RunSettingsRoboTests \
ROBOTEST_FILTER=WifiDppUtilsTest\|WifiDialogActivityTest
Test: Manually verified b/180518134 attack is no longer possible
Change-Id: I8c4e1e17117582c78671d0e4658bd87715a9a046
(cherry picked from commit 59c0a7bc63)
WiFi calling toggle in search need to pass the toggle request to
receiver to make it work.
Bug: 206871758
Test: local
Change-Id: If23d1ae1eaeb5d505e584dec94e1980f6e329c65
(cherry picked from commit a6a35b8409)
* USB tether option will be grayed out before
USB cable is plugged in.
Bug: 192225597
Test: manual testing
Change-Id: Ibc87416b9aecb03f1ddd3df0d9f11a935f3a290e
Merged-In: Ibc87416b9aecb03f1ddd3df0d9f11a935f3a290e
(cherry picked from commit 685cacb540)
Unfolding a device generates mutiple lifecycle events and resets the
highlight key.
Check if there's only one activity in the task and then perform the
reset.
Fix: 209016927
Test: manual
Change-Id: I49988fa913270d35a04436777433b7669afb72df
Support phone number talkback in about phone UI pages.
Bug: 182923869
Test: local, junit
Change-Id: I159827070a954dee13230ff7cf6de81dbbaa7545
(cherry picked from commit d051e65d3c)
If a deep link intent is not specified a package name, the intent action
will be resolved to ForwardIntentToParent in some cases.
Fix: 209928944
Test: manual
Change-Id: I502be6be550ba817b4337f2d0793a7b3678fc8d2
When the AccountManager's confirm remove dialog is canceled, a redundant
ConfirmRemoveAccountDialog showed up.
- Only show the dialog when a real error reported from AccountManager
- Also change RemoveAccountFailureDialog's title to remove the redundant
question mark
Fix: 204948166
Test: manual
Change-Id: If712e120938e80e1bf4593fa78a1a2a70684fc2a
