diff options
author | Amith Yamasani <yamasani@google.com> | 2013-09-25 14:05:33 -0700 |
---|---|---|
committer | Amith Yamasani <yamasani@google.com> | 2013-09-25 14:05:33 -0700 |
commit | 66026773bbf1d7631743a5b892a4f768c694f868 (patch) | |
tree | 09729d1c9ac54e66a86e09550a9b4aafbd2bb295 /src/com/android/settings/ChooseLockPassword.java | |
parent | 8243c9a722e815bdcb069163de48877478c28dfd (diff) | |
download | packages_apps_Settings-66026773bbf1d7631743a5b892a4f768c694f868.zip packages_apps_Settings-66026773bbf1d7631743a5b892a4f768c694f868.tar.gz packages_apps_Settings-66026773bbf1d7631743a5b892a4f768c694f868.tar.bz2 |
Make sure that external callers cannot pass in the confirm bypass extra
Security fix for vulnerability where an app could launch into the screen lock
change dialog without first confirming the existing password/pattern.
Also, make sure that the fragments are launched with the correct corresponding
activity.
Bug: 9858403
Change-Id: I0f2c00a44abeb624c6fba0497bf6036a6f1a4564
Diffstat (limited to 'src/com/android/settings/ChooseLockPassword.java')
-rw-r--r-- | src/com/android/settings/ChooseLockPassword.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/com/android/settings/ChooseLockPassword.java b/src/com/android/settings/ChooseLockPassword.java index c6f5212..f43738f 100644 --- a/src/com/android/settings/ChooseLockPassword.java +++ b/src/com/android/settings/ChooseLockPassword.java @@ -161,6 +161,9 @@ public class ChooseLockPassword extends PreferenceActivity { super.onCreate(savedInstanceState); mLockPatternUtils = new LockPatternUtils(getActivity()); Intent intent = getActivity().getIntent(); + if (!(getActivity() instanceof ChooseLockPassword)) { + throw new SecurityException("Fragment contained in wrong activity"); + } mRequestedQuality = Math.max(intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, mRequestedQuality), mLockPatternUtils.getRequestedPasswordQuality()); mPasswordMinLength = Math.max( |