am da37ed8b: am b9ba0c6c: Prevent authenticators from using Settings to launch arbitrary activities.

* commit 'da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3': Prevent authenticators from using Settings to launch arbitrary activities.
author: Paul Lawrence <paullawrence@google.com> 2014-02-27 11:20:24 -0800
committer: Android Git Automerger <android-git-automerger@android.com> 2014-02-27 11:20:24 -0800
commit: 5677513b7c46ca08a7fa34b9d227d7a448db6757 (patch)
tree: 397910707497cdb0cea8ffa25cfeb0d0a60b85bd /core/java
parent: a87bdc1f8ff308f90ec7a3234c4848c79d4c3988 (diff)
parent: da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3 (diff)
download: frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.zip
frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.tar.gz
frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.tar.bz2
1 files changed, 24 insertions, 1 deletions
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 2b1a2b2..0490d8e 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -35,6 +35,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.content.pm.RegisteredServicesCache;
 import android.content.pm.RegisteredServicesCacheListener;
+import android.content.pm.ResolveInfo;
 import android.content.pm.UserInfo;
 import android.database.Cursor;
 import android.database.DatabaseUtils;
@@ -1799,9 +1800,31 @@ public class AccountManagerService
             }
         }
 
+        @Override
         public void onResult(Bundle result) {
             mNumResults++;
-            if (result != null && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {
+            Intent intent = null;
+            if (result != null
+                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
+                /*
+                 * The Authenticator API allows third party authenticators to
+                 * supply arbitrary intents to other apps that they can run,
+                 * this can be very bad when those apps are in the system like
+                 * the System Settings.
+                 */
+                PackageManager pm = mContext.getPackageManager();
+                ResolveInfo resolveInfo = pm.resolveActivity(intent, 0);
+                int targetUid = resolveInfo.activityInfo.applicationInfo.uid;
+                int authenticatorUid = Binder.getCallingUid();
+                if (PackageManager.SIGNATURE_MATCH !=
+                        pm.checkSignatures(authenticatorUid, targetUid)) {
+                    throw new SecurityException(
+                            "Activity to be started with KEY_INTENT must " +
+                            "share Authenticator's signatures");
+                }
+            }
+            if (result != null
+                    && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {
                 String accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME);
                 String accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
                 if (!TextUtils.isEmpty(accountName) && !TextUtils.isEmpty(accountType)) {
author	Paul Lawrence <paullawrence@google.com>	2014-02-27 11:20:24 -0800
committer	Android Git Automerger <android-git-automerger@android.com>	2014-02-27 11:20:24 -0800
commit	5677513b7c46ca08a7fa34b9d227d7a448db6757 (patch)
tree	397910707497cdb0cea8ffa25cfeb0d0a60b85bd /core/java
parent	a87bdc1f8ff308f90ec7a3234c4848c79d4c3988 (diff)
parent	da37ed8b0aebdf885a32cbe28e8fd5a2240d38c3 (diff)
download	frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.zip frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.tar.gz frameworks_base-5677513b7c46ca08a7fa34b9d227d7a448db6757.tar.bz2