diff options
author | Paul Lawrence <paullawrence@google.com> | 2014-07-07 13:10:16 -0700 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2014-07-10 10:23:12 -0700 |
commit | 204440427aa198a836d55418060759a1e964abcc (patch) | |
tree | 54bc5690a780dcd8e4321e63558cecb882547f83 /src/com/android/settings/ConfirmLockPattern.java | |
parent | 74e7c3e3601f4808854cf12bffe11ebf4c6ea8ab (diff) | |
download | packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.zip packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.gz packages_apps_Settings-204440427aa198a836d55418060759a1e964abcc.tar.bz2 |
Don't put credentials in results from externally accessible activities
ConfirmLockPattern and ConfirmLockPassword return an intent that contains the
password, and as such are dangerous. Create internal versions that are locked
down, and don't put this info in the externally accessible versions.
Bug: 13741939
Change-Id: I0df4d1e720b3c33d2c9ca086636dc54f17b19bf0
Diffstat (limited to 'src/com/android/settings/ConfirmLockPattern.java')
-rw-r--r-- | src/com/android/settings/ConfirmLockPattern.java | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/com/android/settings/ConfirmLockPattern.java b/src/com/android/settings/ConfirmLockPattern.java index 9405f6d..caf691d 100644 --- a/src/com/android/settings/ConfirmLockPattern.java +++ b/src/com/android/settings/ConfirmLockPattern.java @@ -43,6 +43,9 @@ import java.util.List; */ public class ConfirmLockPattern extends SettingsActivity { + public static class InternalActivity extends ConfirmLockPattern { + } + /** * Names of {@link CharSequence} fields within the originating {@link Intent} * that are used to configure the keyguard confirmation view's labeling. @@ -266,10 +269,12 @@ public class ConfirmLockPattern extends SettingsActivity { if (mLockPatternUtils.checkPattern(pattern)) { Intent intent = new Intent(); - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE, - StorageManager.CRYPT_TYPE_PATTERN); - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, - LockPatternUtils.patternToString(pattern)); + if (getActivity() instanceof ConfirmLockPattern.InternalActivity) { + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE, + StorageManager.CRYPT_TYPE_PATTERN); + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, + LockPatternUtils.patternToString(pattern)); + } getActivity().setResult(Activity.RESULT_OK, intent); getActivity().finish(); |