summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFyodor Kupolov <fkupolov@google.com>2014-11-18 15:08:12 -0800
committerJon Larimer <jlarimer@google.com>2015-01-28 05:23:07 -0500
commite8e7b9b3811b3295454298b02f136adf0527d1da (patch)
treeb881746cb6d6a7b0472a2accf152f82440e96bc0
parent37b58a420ff59254cbe9420c64685fdb7ea4e375 (diff)
downloadpackages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.zip
packages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.tar.gz
packages_apps_Settings-e8e7b9b3811b3295454298b02f136adf0527d1da.tar.bz2
Added a check if a custom activity can be started
AppRestrictionsFragment starts an activity using an intent provided by the receiver. A check was added to prevent an app from starting an activity that it does not own. Bug: 14441412 Change-Id: Ia6820b1daf3783d605b92976c78cb522b17dc8f2
-rw-r--r--src/com/android/settings/users/AppRestrictionsFragment.java21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java
index 95d3496..d6cfd75 100644
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -28,6 +28,7 @@ import android.content.DialogInterface;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.RestrictionEntry;
+import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
import android.content.pm.PackageInfo;
@@ -839,6 +840,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
p.setOnPreferenceClickListener(new OnPreferenceClickListener() {
@Override
public boolean onPreferenceClick(Preference preference) {
+ assertSafeToStartCustomActivity(customIntent);
int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult(
@@ -853,6 +855,25 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
preference.setRestrictions(restrictions);
}
}
+
+ private void assertSafeToStartCustomActivity(Intent intent) {
+ // Activity can be started if it belongs to the same app
+ if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
+ return;
+ }
+ // Activity can be started if intent resolves to multiple activities
+ List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager
+ .queryIntentActivities(intent, 0 /* no flags */);
+ if (resolveInfos.size() != 1) {
+ return;
+ }
+ // Prevent potential privilege escalation
+ ActivityInfo activityInfo = resolveInfos.get(0).activityInfo;
+ if (!packageName.equals(activityInfo.packageName)) {
+ throw new SecurityException("Application " + packageName
+ + " is not allowed to start activity " + intent);
+ };
+ }
}
private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName,