diff options
author | Carlos Valdivia <carlosvaldivia@google.com> | 2014-09-08 18:21:03 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-09-08 18:21:03 +0000 |
commit | 690ce1b32546c899fcf07f9d6552b04bb6fb7b2e (patch) | |
tree | 1a1852551cb87a6d8fc5122be4e24f2e766bf77a /src/com/android/settings/accounts | |
parent | 1f389c1996d754142c52c947105af4ec2db84f5c (diff) | |
parent | f5d3e74ecc2b973941d8adbe40c6b23094b5abb7 (diff) | |
download | packages_apps_Settings-690ce1b32546c899fcf07f9d6552b04bb6fb7b2e.zip packages_apps_Settings-690ce1b32546c899fcf07f9d6552b04bb6fb7b2e.tar.gz packages_apps_Settings-690ce1b32546c899fcf07f9d6552b04bb6fb7b2e.tar.bz2 |
Merge "SECURITY: Don't pass a usable Pending Intent to 3rd parties." into lmp-dev
Diffstat (limited to 'src/com/android/settings/accounts')
-rw-r--r-- | src/com/android/settings/accounts/AddAccountSettings.java | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/com/android/settings/accounts/AddAccountSettings.java b/src/com/android/settings/accounts/AddAccountSettings.java index 4e97c05..3af28b2 100644 --- a/src/com/android/settings/accounts/AddAccountSettings.java +++ b/src/com/android/settings/accounts/AddAccountSettings.java @@ -22,8 +22,8 @@ import android.accounts.AccountManagerFuture; import android.accounts.AuthenticatorException; import android.accounts.OperationCanceledException; import android.app.Activity; -import android.app.ActivityManagerNative; import android.app.PendingIntent; +import android.content.ComponentName; import android.content.Context; import android.content.Intent; import android.os.Bundle; @@ -69,6 +69,7 @@ public class AddAccountSettings extends Activity { * application. */ private static final String KEY_CALLER_IDENTITY = "pendingIntent"; + private static final String SHOULD_NOT_RESOLVE = "SHOULDN'T RESOLVE!"; private static final String TAG = "AccountSettings"; @@ -196,7 +197,21 @@ public class AddAccountSettings extends Activity { private void addAccount(String accountType) { Bundle addAccountOptions = new Bundle(); - mPendingIntent = PendingIntent.getBroadcast(this, 0, new Intent(), 0); + /* + * The identityIntent is for the purposes of establishing the identity + * of the caller and isn't intended for launching activities, services + * or broadcasts. + * + * Unfortunately for legacy reasons we still need to support this. But + * we can cripple the intent so that 3rd party authenticators can't + * fill in addressing information and launch arbitrary actions. + */ + Intent identityIntent = new Intent(); + identityIntent.setComponent(new ComponentName(SHOULD_NOT_RESOLVE, SHOULD_NOT_RESOLVE)); + identityIntent.setAction(SHOULD_NOT_RESOLVE); + identityIntent.addCategory(SHOULD_NOT_RESOLVE); + + mPendingIntent = PendingIntent.getBroadcast(this, 0, identityIntent, 0); addAccountOptions.putParcelable(KEY_CALLER_IDENTITY, mPendingIntent); addAccountOptions.putBoolean(EXTRA_HAS_MULTIPLE_USERS, Utils.hasMultipleUsers(this)); AccountManager.get(this).addAccountAsUser( |