Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ce1b7fd authored by Lucas Silva's avatar Lucas Silva
Browse files

Fix vulnerability that allowed attackers to start arbitary 

activities

Test: atest DreamServiceTest
Test: flashed device and verified dream settings works as expected
Fixes: 242845514
Change-Id: I6e90e3a0d513dceb7d7f5c59d6807ebe164c5716
parent b2f2546b

core/api/test-current.txt

+10 −0
Original line number Diff line number Diff line
@@ -2412,6 +2412,16 @@ package android.service.dreams { 
    method public final boolean shouldShowComplications();

  }



  public class DreamService extends android.app.Service implements android.view.Window.Callback {

    method @Nullable public static android.service.dreams.DreamService.DreamMetadata getDreamMetadata(@NonNull android.content.Context, @Nullable android.content.pm.ServiceInfo);

  }



  public static final class DreamService.DreamMetadata {

    field @Nullable public final android.graphics.drawable.Drawable previewImage;

    field @Nullable public final android.content.ComponentName settingsActivity;

    field @NonNull public final boolean showComplications;

  }



}



package android.service.notification {

core/java/android/service/dreams/DreamService.java

+17 −3
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.annotation.SdkConstant;

import android.annotation.SdkConstant.SdkConstantType;

import android.annotation.TestApi;

import android.app.Activity;

import android.app.ActivityTaskManager;

import android.app.AlarmManager;
@@ -1124,7 +1125,8 @@ public class DreamService extends Service implements Window.Callback { 
     * @hide

     */

    @Nullable

    public static DreamMetadata getDreamMetadata(Context context,

    @TestApi

    public static DreamMetadata getDreamMetadata(@NonNull Context context,

            @Nullable ServiceInfo serviceInfo) {

        if (serviceInfo == null) return null;
@@ -1183,7 +1185,8 @@ public class DreamService extends Service implements Window.Callback { 
        }

    }



    private static ComponentName convertToComponentName(String flattenedString,

    @Nullable

    private static ComponentName convertToComponentName(@Nullable String flattenedString,

            ServiceInfo serviceInfo) {

        if (flattenedString == null) {

            return null;
@@ -1193,7 +1196,17 @@ public class DreamService extends Service implements Window.Callback { 
            return new ComponentName(serviceInfo.packageName, flattenedString);

        }



        return ComponentName.unflattenFromString(flattenedString);

        // Ensure that the component is from the same package as the dream service. If not,

        // treat the component as invalid and return null instead.

        final ComponentName cn = ComponentName.unflattenFromString(flattenedString);

        if (cn == null) return null;

        if (!cn.getPackageName().equals(serviceInfo.packageName)) {

            Log.w(TAG,

                    "Inconsistent package name in component: " + cn.getPackageName()

                            + ", should be: " + serviceInfo.packageName);

            return null;

        }

        return cn;

    }



    /**
@@ -1489,6 +1502,7 @@ public class DreamService extends Service implements Window.Callback { 
     *

     * @hide

     */

    @TestApi

    public static final class DreamMetadata {

        @Nullable

        public final ComponentName settingsActivity;

services/tests/servicestests/AndroidManifest.xml

+13 −0
Original line number Diff line number Diff line
@@ -147,6 +147,19 @@ 
                android:resource="@xml/test_dream_metadata" />

        </service>



        <service

            android:name="com.android.server.dreams.TestDreamServiceWithInvalidSettings"

            android:exported="false"

            android:label="Test Dream" >

            <intent-filter>

                <action android:name="android.service.dreams.DreamService" />

                <category android:name="android.intent.category.DEFAULT" />

            </intent-filter>

            <meta-data

                android:name="android.service.dream"

                android:resource="@xml/test_dream_metadata_invalid" />

        </service>



        <receiver android:name="com.android.server.devicepolicy.ApplicationRestrictionsTest$AdminReceiver"

             android:permission="android.permission.BIND_DEVICE_ADMIN"

             android:exported="true">

services/tests/servicestests/res/xml/test_dream_metadata.xml

+1 −1
Original line number Diff line number Diff line
@@ -15,5 +15,5 @@ 
  -->



<dream xmlns:android="http://schemas.android.com/apk/res/android"

       android:settingsActivity="com.android.server.dreams/.TestDreamSettingsActivity"

       android:settingsActivity="com.android.frameworks.servicestests/.TestDreamSettingsActivity"

       android:showClockAndComplications="false" />

services/tests/servicestests/res/xml/test_dream_metadata_invalid.xml

0 → 100644
+20 −0
Original line number Diff line number Diff line 
<!--

  ~ Copyright (C) 2022 The Android Open Source Project

  ~

  ~ Licensed under the Apache License, Version 2.0 (the "License");

  ~ you may not use this file except in compliance with the License.

  ~ You may obtain a copy of the License at

  ~

  ~      http://www.apache.org/licenses/LICENSE-2.0

  ~

  ~ Unless required by applicable law or agreed to in writing, software

  ~ distributed under the License is distributed on an "AS IS" BASIS,

  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  ~ See the License for the specific language governing permissions and

  ~ limitations under the License.

  -->



<!-- The settings activity is in a different package, which is invalid -->

<dream xmlns:android="http://schemas.android.com/apk/res/android"

       android:settingsActivity="com.android.server.dreams/.TestDreamSettingsActivity"

       android:showClockAndComplications="false"/>