Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4923b58a authored by Nan Wu's avatar Nan Wu
Browse files

Generate CreatorToken 

Collect extra intent keys on the client side and generated CreatorToken
on the system server side

Bug: 363016571
Test: ActivityManagerService#testAddCreatorToken
Flag: android.security.prevent_intent_redirect
Change-Id: Ibc6d461e74d96b12a9af990d8653f66fcfa26c14
parent 6b09d0b0

core/java/android/app/ActivityManagerInternal.java

+8 −0
Original line number Diff line number Diff line
@@ -1323,4 +1323,12 @@ public abstract class ActivityManagerInternal { 
     */

    public abstract void killApplicationSync(String pkgName, int appId, int userId,

            String reason, int exitInfoReason);



    /**

     * Add a creator token for all embedded intents (stored as extra) of the given intent.

     *

     * @param intent The given intent

     * @hide

     */

    public abstract void addCreatorToken(Intent intent);

}

core/java/android/app/PendingIntent.java

+3 −0
Original line number Diff line number Diff line
@@ -1094,6 +1094,9 @@ public final class PendingIntent implements Parcelable { 
            @Nullable String requiredPermission, @Nullable Bundle options)

            throws CanceledException {

        try {

            if (intent != null) {

                intent.collectExtraIntentKeys();

            }

            String resolvedType = intent != null ?

                    intent.resolveTypeIfNeeded(context.getContentResolver())

                    : null;

core/java/android/content/ClipData.java

+1 −1
Original line number Diff line number Diff line
@@ -1149,7 +1149,7 @@ public class ClipData implements Parcelable { 
        for (int i = 0; i < size; i++) {

            final Item item = mItems.get(i);

            if (item.mIntent != null) {

                item.mIntent.prepareToLeaveProcess(leavingPackage);

                item.mIntent.prepareToLeaveProcess(leavingPackage, false);

            }

            if (item.mUri != null && leavingPackage) {

                if (StrictMode.vmFileUriExposureEnabled()) {

core/java/android/content/Intent.java

+16 −3
Original line number Diff line number Diff line
@@ -12227,6 +12227,8 @@ public class Intent implements Parcelable, Cloneable { 














    /**















     * Collects keys in the extra bundle whose value are intents.













     * With these keys collected on the client side, the system server would only unparcel values













     * of these keys and create IntentCreatorToken for them.















     * @hide















     */















    public void collectExtraIntentKeys() {










@@ -12589,22 +12591,29 @@ public class Intent implements Parcelable, Cloneable {













     */















    @android.ravenwood.annotation.RavenwoodThrow















    public void prepareToLeaveProcess(boolean leavingPackage) {













        prepareToLeaveProcess(leavingPackage, true);













    }

























    /**













     * @hide













     */













    void prepareToLeaveProcess(boolean leavingPackage, boolean isTopLevel) {















        setAllowFds(false);





























        if (mSelector != null) {













            mSelector.prepareToLeaveProcess(leavingPackage);













            mSelector.prepareToLeaveProcess(leavingPackage, false);















        }















        if (mClipData != null) {















            mClipData.prepareToLeaveProcess(leavingPackage, getFlags());















        }















        if (mOriginalIntent != null) {













            mOriginalIntent.prepareToLeaveProcess(leavingPackage);













            mOriginalIntent.prepareToLeaveProcess(leavingPackage, false);















        }





























        if (mExtras != null && !mExtras.isParcelled()) {















            final Object intent = mExtras.get(Intent.EXTRA_INTENT);















            if (intent instanceof Intent) {













                ((Intent) intent).prepareToLeaveProcess(leavingPackage);













                ((Intent) intent).prepareToLeaveProcess(leavingPackage, false);















            }















        }
























@@ -12678,6 +12687,10 @@ public class Intent implements Parcelable, Cloneable {













                StrictMode.onUnsafeIntentLaunch(this);















            }















        }

























        if (isTopLevel) {













            collectExtraIntentKeys();













        }















    }





























    /**

























core/java/android/content/IntentSender.java



+3
−0




























Original line number
Diff line number
Diff line








@@ -288,6 +288,9 @@ public class IntentSender implements Parcelable {













            @Nullable Executor executor, @Nullable OnFinished onFinished)















            throws SendIntentException {















        try {













            if (intent != null) {













                intent.collectExtraIntentKeys();













            }















            String resolvedType = intent != null ?















                    intent.resolveTypeIfNeeded(context.getContentResolver())















                    : null;