From d6d8f988449617d757a5d7439314198d10d6ee78 Mon Sep 17 00:00:00 2001 From: Sunny Shao Date: Mon, 11 May 2020 22:55:05 +0800 Subject: [PATCH] Allows to launch only authenticator owned activities - 3rd party developers can define himself-authenticator and use the accountPreferences attribute to load the predefined preference UI. - If a developer defines an action intent to launch the other activity in xml and it would return true due to the true exported attribute and no permission. - To avoid launching arbitrary activity. Here allows to launch only authenticator owned activities. Bug: 150946634 Test: make RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.accounts Test: PoC app Change-Id: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb --- .../android/settings/accounts/AccountTypePreferenceLoader.java | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java index d32b63013f..c639d1df2e 100644 --- a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java +++ b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java @@ -197,14 +197,7 @@ public class AccountTypePreferenceLoader { ActivityInfo resolvedActivityInfo = resolveInfo.activityInfo; ApplicationInfo resolvedAppInfo = resolvedActivityInfo.applicationInfo; try { - if (resolvedActivityInfo.exported) { - if (resolvedActivityInfo.permission == null) { - return true; // exported activity without permission. - } else if (pm.checkPermission(resolvedActivityInfo.permission, - authDesc.packageName) == PackageManager.PERMISSION_GRANTED) { - return true; - } - } + // Allows to launch only authenticator owned activities. ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0); return resolvedAppInfo.uid == authenticatorAppInf.uid; } catch (NameNotFoundException e) { -- 2.11.0