diff options
author | Fyodor Kupolov <fkupolov@google.com> | 2014-11-18 15:08:12 -0800 |
---|---|---|
committer | Jon Larimer <jlarimer@google.com> | 2015-01-28 05:23:07 -0500 |
commit | e8e7b9b3811b3295454298b02f136adf0527d1da (patch) | |
tree | b881746cb6d6a7b0472a2accf152f82440e96bc0 | |
parent | 37b58a420ff59254cbe9420c64685fdb7ea4e375 (diff) | |
download | packages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.zip packages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.tar.gz packages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.tar.bz2 |
Added a check if a custom activity can be started
AppRestrictionsFragment starts an activity using an intent provided by the
receiver. A check was added to prevent an app from starting an activity that
it does not own.
Bug: 14441412
Change-Id: Ia6820b1daf3783d605b92976c78cb522b17dc8f2
-rw-r--r-- | src/com/android/settings/users/AppRestrictionsFragment.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java index 95d3496..d6cfd75 100644 --- a/src/com/android/settings/users/AppRestrictionsFragment.java +++ b/src/com/android/settings/users/AppRestrictionsFragment.java @@ -28,6 +28,7 @@ import android.content.DialogInterface; import android.content.Intent; import android.content.IntentFilter; import android.content.RestrictionEntry; +import android.content.pm.ActivityInfo; import android.content.pm.ApplicationInfo; import android.content.pm.IPackageManager; import android.content.pm.PackageInfo; @@ -839,6 +840,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen p.setOnPreferenceClickListener(new OnPreferenceClickListener() { @Override public boolean onPreferenceClick(Preference preference) { + assertSafeToStartCustomActivity(customIntent); int requestCode = generateCustomActivityRequestCode( RestrictionsResultReceiver.this.preference); AppRestrictionsFragment.this.startActivityForResult( @@ -853,6 +855,25 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen preference.setRestrictions(restrictions); } } + + private void assertSafeToStartCustomActivity(Intent intent) { + // Activity can be started if it belongs to the same app + if (intent.getPackage() != null && intent.getPackage().equals(packageName)) { + return; + } + // Activity can be started if intent resolves to multiple activities + List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager + .queryIntentActivities(intent, 0 /* no flags */); + if (resolveInfos.size() != 1) { + return; + } + // Prevent potential privilege escalation + ActivityInfo activityInfo = resolveInfos.get(0).activityInfo; + if (!packageName.equals(activityInfo.packageName)) { + throw new SecurityException("Application " + packageName + + " is not allowed to start activity " + intent); + }; + } } private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName, |