Don't put credentials in results from externally accessible activities

ConfirmLockPattern and ConfirmLockPassword return an intent that contains the password, and as such are dangerous. Create internal versions that are locked down, and don't put this info in the externally accessible versions. Bug: 13741939 Change-Id: I0df4d1e720b3c33d2c9ca086636dc54f17b19bf0
author: Paul Lawrence <paullawrence@google.com> 2014-07-07 13:10:16 -0700
committer: Paul Lawrence <paullawrence@google.com> 2014-07-10 10:23:12 -0700
commit: 204440427aa198a836d55418060759a1e964abcc (patch)
tree: 54bc5690a780dcd8e4321e63558cecb882547f83 /src/com/android/settings/ConfirmLockPattern.java
parent: 74e7c3e3601f4808854cf12bffe11ebf4c6ea8ab (diff)
download: packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.zip
packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.gz
packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.bz2
1 files changed, 9 insertions, 4 deletions
diff --git a/src/com/android/settings/ConfirmLockPattern.java b/src/com/android/settings/ConfirmLockPattern.java
index 9405f6d..caf691d 100644
--- a/src/com/android/settings/ConfirmLockPattern.java
+++ b/src/com/android/settings/ConfirmLockPattern.java
@@ -43,6 +43,9 @@ import java.util.List;
  */
 public class ConfirmLockPattern extends SettingsActivity {
 
+    public static class InternalActivity extends ConfirmLockPattern {
+    }
+
     /**
      * Names of {@link CharSequence} fields within the originating {@link Intent}
      * that are used to configure the keyguard confirmation view's labeling.
@@ -266,10 +269,12 @@ public class ConfirmLockPattern extends SettingsActivity {
                 if (mLockPatternUtils.checkPattern(pattern)) {
 
                     Intent intent = new Intent();
-                    intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
-                                    StorageManager.CRYPT_TYPE_PATTERN);
-                    intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
-                                    LockPatternUtils.patternToString(pattern));
+                    if (getActivity() instanceof ConfirmLockPattern.InternalActivity) {
+                        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
+                                        StorageManager.CRYPT_TYPE_PATTERN);
+                        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
+                                        LockPatternUtils.patternToString(pattern));
+                    }
 
                     getActivity().setResult(Activity.RESULT_OK, intent);
                     getActivity().finish();
author	Paul Lawrence <paullawrence@google.com>	2014-07-07 13:10:16 -0700
committer	Paul Lawrence <paullawrence@google.com>	2014-07-10 10:23:12 -0700
commit	204440427aa198a836d55418060759a1e964abcc (patch)
tree	54bc5690a780dcd8e4321e63558cecb882547f83 /src/com/android/settings/ConfirmLockPattern.java
parent	74e7c3e3601f4808854cf12bffe11ebf4c6ea8ab (diff)
download	packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.zip packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.gz packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.bz2