diff options
| author | Paul Lawrence <paullawrence@google.com> | 2014-02-27 11:16:49 -0800 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2014-02-27 11:16:49 -0800 |
| commit | da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3 (patch) | |
| tree | 735d685e03ab1dfcf115966338a30f96a6ba0fb0 | |
| parent | bc39746ee9c5962538a96b3edff10e52eb00fc40 (diff) | |
| parent | b9ba0c6c43f0f7f0d5e347030e3c86a86ed74542 (diff) | |
| download | frameworks_base-da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3.zip frameworks_base-da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3.tar.gz frameworks_base-da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3.tar.bz2 | |
am b9ba0c6c: Prevent authenticators from using Settings to launch arbitrary activities.
* commit 'b9ba0c6c43f0f7f0d5e347030e3c86a86ed74542':
Prevent authenticators from using Settings to launch arbitrary activities.
| -rw-r--r-- | core/java/android/accounts/AccountManagerService.java | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java index 22e454f..7d7fbac 100644 --- a/core/java/android/accounts/AccountManagerService.java +++ b/core/java/android/accounts/AccountManagerService.java @@ -34,6 +34,7 @@ import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.RegisteredServicesCache; import android.content.pm.RegisteredServicesCacheListener; +import android.content.pm.ResolveInfo; import android.content.pm.UserInfo; import android.content.res.Resources; import android.database.Cursor; @@ -1750,9 +1751,31 @@ public class AccountManagerService } } + @Override public void onResult(Bundle result) { mNumResults++; - if (result != null && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) { + Intent intent = null; + if (result != null + && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) { + /* + * The Authenticator API allows third party authenticators to + * supply arbitrary intents to other apps that they can run, + * this can be very bad when those apps are in the system like + * the System Settings. + */ + PackageManager pm = mContext.getPackageManager(); + ResolveInfo resolveInfo = pm.resolveActivity(intent, 0); + int targetUid = resolveInfo.activityInfo.applicationInfo.uid; + int authenticatorUid = Binder.getCallingUid(); + if (PackageManager.SIGNATURE_MATCH != + pm.checkSignatures(authenticatorUid, targetUid)) { + throw new SecurityException( + "Activity to be started with KEY_INTENT must " + + "share Authenticator's signatures"); + } + } + if (result != null + && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) { String accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME); String accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE); if (!TextUtils.isEmpty(accountName) && !TextUtils.isEmpty(accountType)) { |