OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d79675)
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
authorJeff Sharkey <jsharkey@android.com>
Mon, 12 Jun 2017 23:33:07 +0000 (17:33 -0600)
committerJeff Sharkey <jsharkey@google.com>
Tue, 3 Oct 2017 21:46:42 +0000 (21:46 +0000)
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.

Test: builds, boots
Bug: 3299034132879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42

services/core/java/com/android/server/accounts/AccountManagerService.java patch | blob | history

diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index d5e9a32..384e6c9 100644 (file)
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -2000,6 +2000,11 @@ public class AccountManagerService
 
                         Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
                         if (intent != null && notifyOnAuthFailure && !customTokens) {
+                            intent.setFlags(
+                                    intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
                             doNotification(mAccounts,
                                     account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),
                                     intent, accounts.userId);
@@ -3087,6 +3092,11 @@ public class AccountManagerService
             }
             if (result != null
                     && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
+                intent.setFlags(
+                        intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                                | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                                | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                                | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
                 /*
                  * The Authenticator API allows third party authenticators to
                  * supply arbitrary intents to other apps that they can run,
frameworks/base
About OSDN
Find Software
Develop Software
Help