am 5677513b: am da37ed8b: am b9ba0c6c: Prevent authenticators from using Settings to launch arbitrary activities.

* commit '5677513b7c46ca08a7fa34b9d227d7a448db6757': Prevent authenticators from using Settings to launch arbitrary activities.
author: Paul Lawrence <paullawrence@google.com> 2014-02-27 11:24:05 -0800
committer: Android Git Automerger <android-git-automerger@android.com> 2014-02-27 11:24:05 -0800
commit: 4be7c61a339f8200527f6df5a7b2215c96f81b4b (patch)
tree: d1b98f7f5e15c5e1fdef1dc196bd751a2e112a48 /core/java
parent: a1b89310d58df14570f7f6f5abb677c976c63a7a (diff)
parent: 5677513b7c46ca08a7fa34b9d227d7a448db6757 (diff)
download: frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.zip
frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.tar.gz
frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.tar.bz2
1 files changed, 24 insertions, 1 deletions
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 2b1a2b2..0490d8e 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -35,6 +35,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.content.pm.RegisteredServicesCache;
 import android.content.pm.RegisteredServicesCacheListener;
+import android.content.pm.ResolveInfo;
 import android.content.pm.UserInfo;
 import android.database.Cursor;
 import android.database.DatabaseUtils;
@@ -1799,9 +1800,31 @@ public class AccountManagerService
             }
         }
 
+        @Override
         public void onResult(Bundle result) {
             mNumResults++;
-            if (result != null && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {
+            Intent intent = null;
+            if (result != null
+                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
+                /*
+                 * The Authenticator API allows third party authenticators to
+                 * supply arbitrary intents to other apps that they can run,
+                 * this can be very bad when those apps are in the system like
+                 * the System Settings.
+                 */
+                PackageManager pm = mContext.getPackageManager();
+                ResolveInfo resolveInfo = pm.resolveActivity(intent, 0);
+                int targetUid = resolveInfo.activityInfo.applicationInfo.uid;
+                int authenticatorUid = Binder.getCallingUid();
+                if (PackageManager.SIGNATURE_MATCH !=
+                        pm.checkSignatures(authenticatorUid, targetUid)) {
+                    throw new SecurityException(
+                            "Activity to be started with KEY_INTENT must " +
+                            "share Authenticator's signatures");
+                }
+            }
+            if (result != null
+                    && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {
                 String accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME);
                 String accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
                 if (!TextUtils.isEmpty(accountName) && !TextUtils.isEmpty(accountType)) {
author	Paul Lawrence <paullawrence@google.com>	2014-02-27 11:24:05 -0800
committer	Android Git Automerger <android-git-automerger@android.com>	2014-02-27 11:24:05 -0800
commit	4be7c61a339f8200527f6df5a7b2215c96f81b4b (patch)
tree	d1b98f7f5e15c5e1fdef1dc196bd751a2e112a48 /core/java
parent	a1b89310d58df14570f7f6f5abb677c976c63a7a (diff)
parent	5677513b7c46ca08a7fa34b9d227d7a448db6757 (diff)
download	frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.zip frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.tar.gz frameworks_base-4be7c61a339f8200527f6df5a7b2215c96f81b4b.tar.bz2