From 7606a412c5a7da2d8eff9bd9425c759f7028d888 Mon Sep 17 00:00:00 2001
From: Sunny Goyal <sunnygoyal@google.com>
Date: Mon, 7 Dec 2015 14:51:23 -0800
Subject: [PATCH] Verifying the install shortcut intent before casting the
 extras to various object types

Bug: 26043109
Change-Id: I95f127d62a6a508a850e11d6728afc7509fb07d1
---
 .../android/launcher3/InstallShortcutReceiver.java | 40 +++++++++++++++-------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/src/com/android/launcher3/InstallShortcutReceiver.java b/src/com/android/launcher3/InstallShortcutReceiver.java
index 571d99a23..7f15160bf 100644
--- a/src/com/android/launcher3/InstallShortcutReceiver.java
+++ b/src/com/android/launcher3/InstallShortcutReceiver.java
@@ -144,29 +144,45 @@ public class InstallShortcutReceiver extends BroadcastReceiver {
         if (!ACTION_INSTALL_SHORTCUT.equals(data.getAction())) {
             return;
         }
-
-        PendingInstallShortcutInfo info = new PendingInstallShortcutInfo(data, context);
-        if (info.launchIntent == null || info.label == null) {
-            if (DBG) Log.e(TAG, "Invalid install shortcut intent");
-            return;
+        PendingInstallShortcutInfo info = createPendingInfo(context, data);
+        if (info != null) {
+            queuePendingShortcutInfo(info, context);
         }
+    }
 
-        info = convertToLauncherActivityIfPossible(info);
-        queuePendingShortcutInfo(info, context);
+    /**
+     * @return true is the extra is either null or is of type {@param type}
+     */
+    private static boolean isValidExtraType(Intent intent, String key, Class type) {
+        Object extra = intent.getParcelableExtra(key);
+        return extra == null || type.isInstance(extra);
     }
 
-    public static ShortcutInfo fromShortcutIntent(Context context, Intent data) {
+    /**
+     * Verifies the intent and creates a {@link PendingInstallShortcutInfo}
+     */
+    private static PendingInstallShortcutInfo createPendingInfo(Context context, Intent data) {
+        if (!isValidExtraType(data, Intent.EXTRA_SHORTCUT_INTENT, Intent.class) ||
+                !(isValidExtraType(data, Intent.EXTRA_SHORTCUT_ICON_RESOURCE,
+                        Intent.ShortcutIconResource.class)) ||
+                !(isValidExtraType(data, Intent.EXTRA_SHORTCUT_ICON, Bitmap.class))) {
+
+            if (DBG) Log.e(TAG, "Invalid install shortcut intent");
+            return null;
+        }
+
         PendingInstallShortcutInfo info = new PendingInstallShortcutInfo(data, context);
         if (info.launchIntent == null || info.label == null) {
             if (DBG) Log.e(TAG, "Invalid install shortcut intent");
             return null;
         }
-        info = convertToLauncherActivityIfPossible(info);
-        return info.getShortcutInfo();
+
+        return convertToLauncherActivityIfPossible(info);
     }
 
-    static void queueInstallShortcut(LauncherActivityInfoCompat info, Context context) {
-        queuePendingShortcutInfo(new PendingInstallShortcutInfo(info, context), context);
+    public static ShortcutInfo fromShortcutIntent(Context context, Intent data) {
+        PendingInstallShortcutInfo info = createPendingInfo(context, data);
+        return info == null ? null : info.getShortcutInfo();
     }
 
     private static void queuePendingShortcutInfo(PendingInstallShortcutInfo info, Context context) {
-- 
2.11.0