Make sure that external callers cannot pass in the confirm bypass extra

Security fix for vulnerability where an app could launch into the screen lock
change dialog without first confirming the existing password/pattern.

Also, make sure that the fragments are launched with the correct corresponding
activity.

Bug: 9858403
Change-Id: I0f2c00a44abeb624c6fba0497bf6036a6f1a4564

1 files changed, 4 insertions, 1 deletions

diff --git a/src/com/android/settings/ChooseLockPattern.java b/src/com/android/settings/ChooseLockPattern.java
index c3045e2..328312c 100644
--- a/src/com/android/settings/ChooseLockPattern.java
+++ b/src/com/android/settings/ChooseLockPattern.java
@@ -308,6 +308,9 @@ public class ChooseLockPattern extends PreferenceActivity {
         public void onCreate(Bundle savedInstanceState) {
             super.onCreate(savedInstanceState);
             mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
+            if (!(getActivity() instanceof ChooseLockPattern)) {
+                throw new SecurityException("Fragment contained in wrong activity");
+            }
         }
 
         @Override
@@ -338,7 +341,7 @@ public class ChooseLockPattern extends PreferenceActivity {
             topLayout.setDefaultTouchRecepient(mLockPatternView);
 
             final boolean confirmCredentials = getActivity().getIntent()
-                    .getBooleanExtra("confirm_credentials", false);
+                    .getBooleanExtra("confirm_credentials", true);
 
             if (savedInstanceState == null) {
                 if (confirmCredentials) {