BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
To improve security.
Bug: 181962311
Test: manual
Show an AlertDialog and observe if it will hide after below command.
adb shell am start -a android.intent.action.PICK_ACTIVITY -n com.android.settings/.ActivityPicker
Change-Id: I6e2845cc19dc012cba2933318a067bbb8db90a23
Merged-In: I6e2845cc19dc012cba2933318a067bbb8db90a23
(cherry picked from commit 3b4853e109)
Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.
This CL add more prompts presented for users to avoid phishing attacks.
Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.
Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
Limit the component that may resolve this intent to the
bluetooth package.
Bug: 158219161
Test: Security Fix
Tag: #security
Change-Id: If732f940a7aa256f5975349118e8eb6cf5584676
Prevent non-system overlays from showing over notification listener consent dialog
Bug: 170731783
Test: use a visible overlay, ensure it's gone when notification consent is open
Change-Id: I58e017982f385ffc0d0ba2174512490b1d83dd36
- Enable the filterTouchesWhenObscured attribute on all toggle
switches in all pages of the special app access
Bug: 155288585
Test: make RunSettingsRoboTests
Merged-In: I011cfe4b7e4e624a8338332ac47a353f7f3ab661
Change-Id: I85842db3faa558ea61bc878ca76ff6d8ce1a4b03
- Enable the filterTouchesWhenObscured attribute on all toggle
switches in all pages of the special app access
Bug: 155288585
Test: make RunSettingsRoboTests
Merged-In: I011cfe4b7e4e624a8338332ac47a353f7f3ab661
Merged-In: I85842db3faa558ea61bc878ca76ff6d8ce1a4b03
Change-Id: Id873bab7312226a9ea642a6241249c6754059a0b
- 3rd party developers can define himself-authenticator
and use the accountPreferences attribute to load the
predefined preference UI.
- If a developer defines an action intent to launch the
other activity in xml and it would return true due
to the true exported attribute and no permission.
- To avoid launching arbitrary activity. Here allows
to launch only authenticator owned activities.
Bug: 150946634
Test: make RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.accounts
Test: PoC app
Change-Id: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
Merged-In: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
(cherry picked from commit d6d8f98844)
- 3rd party developers can define himself-authenticator
and use the accountPreferences attribute to load the
predefined preference UI.
- If a developer defines an action intent to launch the
other activity in xml and it would return true due
to the true exported attribute and no permission.
- To avoid launching arbitrary activity. Here allows
to launch only authenticator owned activities.
Bug: 150946634
Test: make RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.accounts
Test: PoC app
Change-Id: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
Merged-In: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
(cherry picked from commit d6d8f98844)
Allow LockScreenPattern to be launched in the pinning screen
If work profile lock is enabled and work app is pinned, users will get a
black/white screen on the phone. That's because Settings is prevented
from other apps launch any pages of Settings in the pinning mode.
In order to launch some pages of Settings from other apps, we add a
condition to the preventive mechanism and allow the activity inherited
from SettingsBaseActivity to override the condition to have the activity
to be launched from other apps in the pinning mode.
Bug: 137015265
Bug: 135604684
Test: manual test
Change-Id: I8070de79a83350d1658efcb19e983669dad0e673
Merged-In: I8070de79a83350d1658efcb19e983669dad0e673
Allow LockScreenPattern to be launched in the pinning screen
If work profile lock is enabled and work app is pinned, users will get a
black/white screen on the phone. That's because Settings is prevented
from other apps launch any pages of Settings in the pinning mode.
In order to launch some pages of Settings from other apps, we add a
condition to the preventive mechanism and allow the activity inherited
from SettingsBaseActivity to override the condition to have the activity
to be launched from other apps in the pinning mode.
Bug: 137015265
Bug: 135604684
Test: manual test
Change-Id: I8070de79a83350d1658efcb19e983669dad0e673
Merged-In: I8070de79a83350d1658efcb19e983669dad0e673
In Settings there is no auth mechanism to prevent accounts page being
opened in screen pinning mode. This CL makes it so that when users are
trying to navigate to any pages in Settings from other apps in screen
pinning mode, Settings app will directly close its page.
Bug: 137015265
Bug: 135604684
Test: manual
Change-Id: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
Merged-In: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
(cherry picked from commit f3242dab35)
In Settings there is no auth mechanism to prevent accounts page being
opened in screen pinning mode. This CL makes it so that when users are
trying to navigate to any pages in Settings from other apps in screen
pinning mode, Settings app will directly close its page.
Bug: 137015265
Bug: 135604684
Test: manual
Change-Id: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
Merged-In: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
(cherry picked from commit f3242dab35)
am: 14302b3ac6 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 5d9328571e is in history
Change-Id: Ic1ddb22a97d9058d5e40b8fddfb3f6f4ef40e150
am: 80fea5de92 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 5d9328571e is in history
Change-Id: Ic06c39295c0b1e82701cf1747606afff1e27fd68
am: c808f15cbe -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: Ia806284e60b86d6d942de73a98d8ef3b48cd6847
am: 530fa8b25b -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: Iaa5411ff17dddbda7b6584afff8f0a7527609c23
am: 59348982d3 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: I50749ba4c4a8478acbd70a729fb6e4f1e722254d
am: 09e255676b -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 5d9328571e is in history
Change-Id: I9ffa1beaa1f10e45dfb29edd2ea1bfd7b4422407
am: 8c612b1334 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 5d9328571e is in history
Change-Id: I252ffcb3e7c5f1be519c9e809d6b43a296bcbe9d
am: 65294e6ee5 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: I02047207e9ed30afb0afb003f0c93f2cfb59addd
am: bfe5b37bc8 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: I68b5c6aebfd69660c51613b6a96ef0c354d800ae
am: 6dbb3108a7 -s ours
am skip reason: change_id Ib7b878a23b4a99171c58b5de992fb87feca8a28a with SHA1 c968eacbbf is in history
Change-Id: I171e67f778cd8e8f67cb8d685ecfe09316619cf5
* changes:
[automerger skipped] Do not allow draw on top for App notification settings skipped: 50ec2c218e skipped: ed126b5d96 skipped: 0b52ca4693
[automerger skipped] Do not allow draw on top for App notification settings skipped: 50ec2c218e skipped: ed126b5d96
[automerger skipped] Do not allow draw on top for App notification settings skipped: 50ec2c218e
Do not allow draw on top for App notification settings
* changes:
[automerger skipped] Do not allow draw on top for App notification settings skipped: 5d9328571e skipped: e537ffece8 skipped: 8f70c24f2d skipped: 188904e631 skipped: ceb1ed0a09
[automerger skipped] Do not allow draw on top for App notification settings skipped: 5d9328571e skipped: e537ffece8 skipped: 8f70c24f2d skipped: 188904e631
[automerger skipped] Do not allow draw on top for App notification settings skipped: 5d9328571e skipped: e537ffece8 skipped: 8f70c24f2d
[automerger skipped] Do not allow draw on top for App notification settings skipped: 5d9328571e skipped: e537ffece8
[automerger skipped] Do not allow draw on top for App notification settings skipped: 5d9328571e
Do not allow draw on top for App notification settings
