- Add SafetyNet log if the calling package is no the permission for
result
Test: checked eventlog in the bugreport
Bug: 185126813
Merged-In: I1535f6f2ded2445702df0d723518b773cd094164
Change-Id: I1535f6f2ded2445702df0d723518b773cd094164
(cherry picked from commit 199528d460)
- Use getCallingPackage() to get calling package.
- Check if the calling package has ACCESS_COARSE_LOCATION or
ACCESS_COARSE_LOCATION permission.
- Only set result data to permission granted callers
Bug: 185126813
Test: manual test
make RunSettingsRoboTests ROBOTEST_FILTER=WifiDialogActivityTest
Merged-In: If7ca069c842ed2bd1aed23f9d4041473c68a4dad
Change-Id: If7ca069c842ed2bd1aed23f9d4041473c68a4dad
(cherry picked from commit 71e728e934)
- Wi-Fi result data will only be returned from WifiDialogActivity if the
calling package has location permission.
Test: add comment only, no test required.
Bug: 185126813
Merged-In: I81c4d801c4ee211f43a1688a62daaff3b47eae1a
Change-Id: I81c4d801c4ee211f43a1688a62daaff3b47eae1a
(cherry picked from commit 56a88885cc)
Bluetooth app will indicate BluetoothOppReceiver to receive
device picker intent. But for fix the security issue we
removed the setClassName() method in ag/14111132 to avoid attack.
It causes BluetoothOppReceiver cannot receive the intent.
This CL will compare to calling package name with launch package name.
If they are not equal, the setClassName() will not invoke.
Bug: 186490534
Bug: 179386960
Bug: 179386068
Test: make RunSettingsRoboTests -j56
Change-Id: Ia51528f2a44ab73edbc86899ca0846d3262fe1f0
(cherry picked from commit bb5be240c0)
Bluetooth app will indicate BluetoothOppReceiver to receive
device picker intent. But for fix the security issue we
removed the setClassName() method in ag/14111132 to avoid attack.
It causes BluetoothOppReceiver cannot receive the intent.
This CL will compare to calling package name with launch package name.
If they are not equal, the setClassName() will not invoke.
Bug: 186490534
Bug: 179386960
Bug: 179386068
Test: make RunSettingsRoboTests -j56
Change-Id: Ia51528f2a44ab73edbc86899ca0846d3262fe1f0
(cherry picked from commit bb5be240c0)
Bluetooth app will indicate BluetoothOppReceiver to receive
device picker intent. But for fix the security issue we
removed the setClassName() method in ag/14111132 to avoid attack.
It causes BluetoothOppReceiver cannot receive the intent.
This CL will compare to calling package name with launch package name.
If they are not equal, the setClassName() will not invoke.
Bug: 186490534
Bug: 179386960
Bug: 179386068
Test: make RunSettingsRoboTests -j56
Change-Id: Ia51528f2a44ab73edbc86899ca0846d3262fe1f0
(cherry picked from commit bb5be240c0)
- Show restricted text in guest mode
- Screenshot:
https://screenshot.googleplex.com/6nYcmazMM46TxaB
Bug: 177573895
Test: manual test
make RunSettingsRoboTests \
ROBOTEST_FILTER=WifiNetworkDetailsFragmentTest
Change-Id: I5f857b2079e0f550e4be601d27dd54dac56b2f57
Merged-In: I5f857b2079e0f550e4be601d27dd54dac56b2f57
BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.
The solution is enforce to use String type which won't include
any HTML function.
Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.
The solution is enforce to use String type which won't include
any HTML function.
Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
(cherry picked from commit 0bf3c98b2f)
