diff options
| author | Jessica Wagantall <jwagantall@cyngn.com> | 2016-07-07 14:19:06 -0700 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-07-07 14:19:21 -0700 |
| commit | b6bddad1b6a0dc4f26651a1c44d8bfb57bd33fb2 (patch) | |
| tree | 03bd38e3137ec8d21381bca069eda726a4f6c44b /core | |
| parent | 2ab71c1e6f60b0ab76208a1fd5963bac12f4aee8 (diff) | |
| parent | 9b8c6d2df35455ce9e67907edded1e4a2ecb9e28 (diff) | |
| download | frameworks_base-b6bddad1b6a0dc4f26651a1c44d8bfb57bd33fb2.zip frameworks_base-b6bddad1b6a0dc4f26651a1c44d8bfb57bd33fb2.tar.gz frameworks_base-b6bddad1b6a0dc4f26651a1c44d8bfb57bd33fb2.tar.bz2 | |
Merge remote-tracking branch 'remotes/android-6.0.1_r52' into HEAD
Ticket: CYNGNOS-3020
Change-Id: Ia14b6d0120de0b458c7c249a11041ff121389cfa
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/net/PacProxySelector.java | 9 | ||||
| -rw-r--r-- | core/java/com/android/internal/app/ChooserActivity.java | 14 |
2 files changed, 22 insertions, 1 deletions
diff --git a/core/java/android/net/PacProxySelector.java b/core/java/android/net/PacProxySelector.java index 9bdf4f6..85bf79a 100644 --- a/core/java/android/net/PacProxySelector.java +++ b/core/java/android/net/PacProxySelector.java @@ -30,6 +30,7 @@ import java.net.Proxy.Type; import java.net.ProxySelector; import java.net.SocketAddress; import java.net.URI; +import java.net.URISyntaxException; import java.util.List; /** @@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector { String response = null; String urlString; try { + // Strip path and username/password from URI so it's not visible to PAC script. The + // path often contains credentials the app does not want exposed to a potentially + // malicious PAC script. + if (!"http".equalsIgnoreCase(uri.getScheme())) { + uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null); + } urlString = uri.toURL().toString(); + } catch (URISyntaxException e) { + urlString = uri.getHost(); } catch (MalformedURLException e) { urlString = uri.getHost(); } diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java index 7699673..e137f94 100644 --- a/core/java/com/android/internal/app/ChooserActivity.java +++ b/core/java/com/android/internal/app/ChooserActivity.java @@ -656,7 +656,19 @@ public class ChooserActivity extends ResolverActivity { } intent.setComponent(mChooserTarget.getComponentName()); intent.putExtras(mChooserTarget.getIntentExtras()); - activity.startActivityAsCaller(intent, options, true, userId); + + // Important: we will ignore the target security checks in ActivityManager + // if and only if the ChooserTarget's target package is the same package + // where we got the ChooserTargetService that provided it. This lets a + // ChooserTargetService provide a non-exported or permission-guarded target + // to the chooser for the user to pick. + // + // If mSourceInfo is null, we got this ChooserTarget from the caller or elsewhere + // so we'll obey the caller's normal security checks. + final boolean ignoreTargetSecurity = mSourceInfo != null + && mSourceInfo.getResolvedComponentName().getPackageName() + .equals(mChooserTarget.getComponentName().getPackageName()); + activity.startActivityAsCaller(intent, options, ignoreTargetSecurity, userId); return true; } |