From 2134744efd305a875b7baa5073358387c479e3e4 Mon Sep 17 00:00:00 2001 From: Christopher Tate Date: Fri, 26 Jun 2015 17:23:32 -0700 Subject: Properly scope the "only http/https schemes" intent filter semantics That restriction applies only to default-app linkage verification, and not to any general questions of "is this app effectively a web browser?" Bug 21688029 Change-Id: I9f6a7bc6dcac5e12ee07f8da6465ad51c1aeddfb --- core/java/android/content/IntentFilter.java | 41 ++++++++++++++++------ .../android/server/pm/PackageManagerService.java | 2 +- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/core/java/android/content/IntentFilter.java b/core/java/android/content/IntentFilter.java index e267b52..19329ce 100644 --- a/core/java/android/content/IntentFilter.java +++ b/core/java/android/content/IntentFilter.java @@ -518,7 +518,8 @@ public class IntentFilter implements Parcelable { } /** - * Return if this filter handle all HTTP or HTTPS data URI or not. + * Return if this filter handle all HTTP or HTTPS data URI or not. This is the + * core check for whether a given activity qualifies as a "browser". * * @return True if the filter handle all HTTP or HTTPS data URI. False otherwise. * @@ -533,23 +534,26 @@ public class IntentFilter implements Parcelable { */ public final boolean handleAllWebDataURI() { return hasCategory(Intent.CATEGORY_APP_BROWSER) || - (hasOnlyWebDataURI() && countDataAuthorities() == 0); + (handlesWebUris(false) && countDataAuthorities() == 0); } /** - * Return if this filter handles only HTTP or HTTPS data URIs. + * Return if this filter handles HTTP or HTTPS data URIs. * * @return True if the filter handles ACTION_VIEW/CATEGORY_BROWSABLE, - * has at least one HTTP or HTTPS data URI pattern defined, and does not - * define any non-http/https data URI patterns. + * has at least one HTTP or HTTPS data URI pattern defined, and optionally + * does not define any non-http/https data URI patterns. * * This will check if if the Intent action is {@link android.content.Intent#ACTION_VIEW} and * the Intent category is {@link android.content.Intent#CATEGORY_BROWSABLE} and the Intent * data scheme is "http" or "https". * + * @param onlyWebSchemes When true, requires that the intent filter declare + * that it handles *only* http: or https: schemes. This is a requirement for + * the intent filter's domain linkage being verifiable. * @hide */ - public final boolean hasOnlyWebDataURI() { + public final boolean handlesWebUris(boolean onlyWebSchemes) { // Require ACTION_VIEW, CATEGORY_BROWSEABLE, and at least one scheme if (!hasAction(Intent.ACTION_VIEW) || !hasCategory(Intent.CATEGORY_BROWSABLE) @@ -562,13 +566,28 @@ public class IntentFilter implements Parcelable { final int N = mDataSchemes.size(); for (int i = 0; i < N; i++) { final String scheme = mDataSchemes.get(i); - if (!SCHEME_HTTP.equals(scheme) && !SCHEME_HTTPS.equals(scheme)) { - return false; + final boolean isWebScheme = + SCHEME_HTTP.equals(scheme) || SCHEME_HTTPS.equals(scheme); + if (onlyWebSchemes) { + // If we're specifically trying to ensure that there are no non-web schemes + // declared in this filter, then if we ever see a non-http/https scheme then + // we know it's a failure. + if (!isWebScheme) { + return false; + } + } else { + // If we see any http/https scheme declaration in this case then the + // filter matches what we're looking for. + if (isWebScheme) { + return true; + } } } - // Everything passed, so it's an only-web-URIs filter - return true; + // We get here if: + // 1) onlyWebSchemes and no non-web schemes were found, i.e success; or + // 2) !onlyWebSchemes and no http/https schemes were found, i.e. failure. + return onlyWebSchemes; } /** @@ -585,7 +604,7 @@ public class IntentFilter implements Parcelable { * @hide */ public final boolean needsVerification() { - return getAutoVerify() && hasOnlyWebDataURI(); + return getAutoVerify() && handlesWebUris(true); } /** diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 52bf560..1700eed 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -12138,7 +12138,7 @@ public class PackageManagerService extends IPackageManager.Stub { final int verificationId = mIntentFilterVerificationToken++; for (PackageParser.Activity a : pkg.activities) { for (ActivityIntentInfo filter : a.intents) { - if (filter.hasOnlyWebDataURI() && needsNetworkVerificationLPr(filter)) { + if (filter.handlesWebUris(true) && needsNetworkVerificationLPr(filter)) { if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Verification needed for IntentFilter:" + filter.toString()); mIntentFilterVerifier.addOneIntentFilterVerification( -- cgit v1.1