Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08d94cba authored by Caitlin Cassidy's avatar Caitlin Cassidy
Browse files

[Ongoing Call] Don't call #getIntent to avoid a security vulnerability. 

Fixes: 212467440
Test: atest OngoingCallControllerTest
Test: verified clicking the chip can still open valid activities.
Change-Id: I7707d01be37582461227edcecf5d559f2019c8a5
parent e31ec794

packages/SystemUI/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallController.kt

+3 −4
Original line number Original line Diff line number Diff line
@@ -21,8 +21,8 @@ import android.app.IActivityManager 
import android.app.IUidObserver

import android.app.IUidObserver

import android.app.Notification

import android.app.Notification

import android.app.Notification.CallStyle.CALL_TYPE_ONGOING

import android.app.Notification.CallStyle.CALL_TYPE_ONGOING

import android.app.PendingIntent

import android.content.Context

import android.content.Context

import android.content.Intent

import android.util.Log

import android.util.Log

import android.view.View

import android.view.View

import androidx.annotation.VisibleForTesting

import androidx.annotation.VisibleForTesting
@@ -98,7 +98,7 @@ class OngoingCallController @Inject constructor( 
                val newOngoingCallInfo = CallNotificationInfo(

                val newOngoingCallInfo = CallNotificationInfo(

                        entry.sbn.key,

                        entry.sbn.key,

                        entry.sbn.notification.`when`,

                        entry.sbn.notification.`when`,

                        entry.sbn.notification.contentIntent?.intent,

                        entry.sbn.notification.contentIntent,

                        entry.sbn.uid,

                        entry.sbn.uid,

                        entry.sbn.notification.extras.getInt(

                        entry.sbn.notification.extras.getInt(

                                Notification.EXTRA_CALL_TYPE, -1) == CALL_TYPE_ONGOING,

                                Notification.EXTRA_CALL_TYPE, -1) == CALL_TYPE_ONGOING,
@@ -230,7 +230,6 @@ class OngoingCallController @Inject constructor( 
                    logger.logChipClicked()

                    logger.logChipClicked()

                    activityStarter.postStartActivityDismissingKeyguard(

                    activityStarter.postStartActivityDismissingKeyguard(

                        intent,

                        intent,

                        0,

                        ActivityLaunchAnimator.Controller.fromView(

                        ActivityLaunchAnimator.Controller.fromView(

                            backgroundView,

                            backgroundView,

                            InteractionJankMonitor.CUJ_STATUS_BAR_APP_LAUNCH_FROM_CALL_CHIP)

                            InteractionJankMonitor.CUJ_STATUS_BAR_APP_LAUNCH_FROM_CALL_CHIP)
@@ -364,7 +363,7 @@ class OngoingCallController @Inject constructor( 
    private data class CallNotificationInfo(

    private data class CallNotificationInfo(

        val key: String,

        val key: String,

        val callStartTime: Long,

        val callStartTime: Long,

        val intent: Intent?,

        val intent: PendingIntent?,

        val uid: Int,

        val uid: Int,

        /** True if the call is currently ongoing (as opposed to incoming, screening, etc.). */

        /** True if the call is currently ongoing (as opposed to incoming, screening, etc.). */

        val isOngoing: Boolean,

        val isOngoing: Boolean,

packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallControllerTest.kt

+13 −2
Original line number Original line Diff line number Diff line
@@ -22,7 +22,6 @@ import android.app.IUidObserver 
import android.app.Notification

import android.app.Notification

import android.app.PendingIntent

import android.app.PendingIntent

import android.app.Person

import android.app.Person

import android.content.Intent

import android.service.notification.NotificationListenerService.REASON_USER_STOPPED

import android.service.notification.NotificationListenerService.REASON_USER_STOPPED

import android.testing.AndroidTestingRunner

import android.testing.AndroidTestingRunner

import android.testing.TestableLooper

import android.testing.TestableLooper
@@ -462,6 +461,19 @@ class OngoingCallControllerTest : SysuiTestCase() { 
                .isEqualTo(OngoingCallLogger.OngoingCallEvents.ONGOING_CALL_CLICKED.id)

                .isEqualTo(OngoingCallLogger.OngoingCallEvents.ONGOING_CALL_CLICKED.id)

    }

    }





    /** Regression test for b/212467440. */

    @Test

    fun chipClicked_activityStarterTriggeredWithUnmodifiedIntent() {

        val notifEntry = createOngoingCallNotifEntry()

        val pendingIntent = notifEntry.sbn.notification.contentIntent

        notifCollectionListener.onEntryUpdated(notifEntry)



        chipView.performClick()



        // Ensure that the sysui didn't modify the notification's intent -- see b/212467440.

        verify(mockActivityStarter).postStartActivityDismissingKeyguard(eq(pendingIntent), any())

    }



    @Test

    @Test

    fun notifyChipVisibilityChanged_visibleEventLogged() {

    fun notifyChipVisibilityChanged_visibleEventLogged() {

        controller.notifyChipVisibilityChanged(true)

        controller.notifyChipVisibilityChanged(true)
@@ -603,7 +615,6 @@ class OngoingCallControllerTest : SysuiTestCase() { 
            notificationEntryBuilder.modifyNotification(context).setContentIntent(null)

            notificationEntryBuilder.modifyNotification(context).setContentIntent(null)

        } else {

        } else {

            val contentIntent = mock(PendingIntent::class.java)

            val contentIntent = mock(PendingIntent::class.java)

            `when`(contentIntent.intent).thenReturn(mock(Intent::class.java))

            notificationEntryBuilder.modifyNotification(context).setContentIntent(contentIntent)

            notificationEntryBuilder.modifyNotification(context).setContentIntent(contentIntent)

        }

        }