Merge cherrypicks of ['googleplex-android-review.googlesource.com/29105389',... (505938d9) · Commits · e / os / android_frameworks_base

packages/SettingsLib/res/values/config.xml

+10 −0

Original line number	Diff line number	Diff line
		@@ -31,4 +31,14 @@
		<!-- Control whether status bar should distinguish HSPA data icon form UMTS
		data icon on devices -->
		<bool name="config_hspa_data_distinguishable">false</bool>

		<!-- Edit User avatar explicit package name -->
		<string name="config_avatar_picker_package" translatable="false">
		com.android.avatarpicker
		</string>

		<!-- Edit User avatar explicit activity class -->
		<string name="config_avatar_picker_class" translatable="false">
		com.android.avatarpicker.ui.AvatarPickerActivity
		</string>
		</resources>
		No newline at end of file

packages/SettingsLib/src/com/android/settingslib/users/EditUserPhotoController.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@ import androidx.annotation.Nullable;

		import com.android.internal.util.UserIcons;
		import com.android.settingslib.drawable.CircleFramedDrawable;
		import com.android.settingslib.R;
		import com.android.settingslib.utils.ThreadUtils;

		import com.google.common.util.concurrent.FutureCallback;
		@@ -132,6 +133,11 @@ public class EditUserPhotoController {
		intent.addCategory(Intent.CATEGORY_DEFAULT);
		if (Flags.avatarSync()) {
		intent.putExtra(EXTRA_IS_USER_NEW, isUserNew);
		// Fix vulnerability b/341688848 by explicitly set the class name of avatar picker.
		final String packageName =
		mActivity.getString(R.string.config_avatar_picker_package);
		final String className = mActivity.getString(R.string.config_avatar_picker_class);
		intent.setClassName(packageName, className);
		} else {
		// SettingsLib is used by multiple apps therefore we need to know out of all apps
		// using settingsLib which one is the one we return value to.

packages/SystemUI/src/com/android/systemui/mediaprojection/permission/MediaProjectionPermissionActivity.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -120,12 +120,11 @@ public class MediaProjectionPermissionActivity extends Activity
		final Intent launchingIntent = getIntent();
		mReviewGrantedConsentRequired = launchingIntent.getBooleanExtra(
		EXTRA_USER_REVIEW_GRANTED_CONSENT, false);

		mPackageName = getCallingPackage();
		mPackageName = getLaunchedFromPackage();

		// This activity is launched directly by an app, or system server. System server provides
		// the package name through the intent if so.
		if (mPackageName == null) {
		if (getCallingPackage() == null) {
		if (launchingIntent.hasExtra(EXTRA_PACKAGE_REUSING_GRANTED_CONSENT)) {
		mPackageName = launchingIntent.getStringExtra(
		EXTRA_PACKAGE_REUSING_GRANTED_CONSENT);

services/autofill/java/com/android/server/autofill/Helper.java

+46 −2

Original line number	Diff line number	Diff line
		@@ -25,8 +25,11 @@ import android.app.ActivityManager;
		import android.app.assist.AssistStructure;
		import android.app.assist.AssistStructure.ViewNode;
		import android.app.assist.AssistStructure.WindowNode;
		import android.app.slice.Slice;
		import android.app.slice.SliceItem;
		import android.content.ComponentName;
		import android.content.Context;
		import android.graphics.drawable.Icon;
		import android.hardware.display.DisplayManager;
		import android.metrics.LogMaker;
		import android.os.UserManager;
		@@ -55,7 +58,6 @@ import java.util.ArrayList;
		import java.util.Arrays;
		import java.util.concurrent.atomic.AtomicBoolean;


		public final class Helper {

		private static final String TAG = "AutofillHelper";
		@@ -93,7 +95,7 @@ public final class Helper {
		final AtomicBoolean permissionsOk = new AtomicBoolean(true);

		rView.visitUris(uri -> {
		int uriOwnerId = android.content.ContentProvider.getUserIdFromUri(uri);
		int uriOwnerId = android.content.ContentProvider.getUserIdFromUri(uri, userId);
		boolean allowed = uriOwnerId == userId;
		permissionsOk.set(allowed & permissionsOk.get());
		});
		@@ -125,6 +127,48 @@ public final class Helper {
		return (ok ? rView : null);
		}

		/**
		* Checks the URI permissions of the icon in the slice, to see if the current userId is able to
		* access it.
		*
		* <p>Returns null if slice contains user inaccessible icons
		*
		* <p>TODO: instead of returning a null Slice when the current userId cannot access an icon,
		* return a reconstructed Slice without the icons. This is currently non-trivial since there are
		* no public methods to generically add SliceItems to Slices
		*/
		public static @Nullable Slice sanitizeSlice(Slice slice) {
		if (slice == null) {
		return null;
		}

		int userId = ActivityManager.getCurrentUser();

		// Recontruct the Slice, filtering out bad icons
		for (SliceItem sliceItem : slice.getItems()) {
		if (!sliceItem.getFormat().equals(SliceItem.FORMAT_IMAGE)) {
		// Not an image slice
		continue;
		}

		Icon icon = sliceItem.getIcon();
		if (icon.getType() != Icon.TYPE_URI
		&& icon.getType() != Icon.TYPE_URI_ADAPTIVE_BITMAP) {
		// No URIs to sanitize
		continue;
		}

		int iconUriId = android.content.ContentProvider.getUserIdFromUri(icon.getUri(), userId);

		if (iconUriId != userId) {
		Slog.w(TAG, "sanitizeSlice() user: " + userId + " cannot access icons in Slice");
		return null;
		}
		}

		return slice;
		}


		@Nullable
		static AutofillId[] toArray(@Nullable ArraySet<AutofillId> set) {

services/autofill/java/com/android/server/autofill/ui/RemoteInlineSuggestionViewConnector.java

+14 −16

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@ import android.service.autofill.InlinePresentation;
		import android.util.Slog;

		import com.android.server.LocalServices;
		import com.android.server.autofill.Helper;
		import com.android.server.autofill.RemoteInlineSuggestionRenderService;
		import com.android.server.inputmethod.InputMethodManagerInternal;

		@@ -39,24 +40,17 @@ import java.util.function.Consumer;
		final class RemoteInlineSuggestionViewConnector {
		private static final String TAG = RemoteInlineSuggestionViewConnector.class.getSimpleName();

		@Nullable
		private final RemoteInlineSuggestionRenderService mRemoteRenderService;
		@NonNull
		private final InlinePresentation mInlinePresentation;
		@Nullable
		private final IBinder mHostInputToken;
		@Nullable private final RemoteInlineSuggestionRenderService mRemoteRenderService;
		@NonNull private final InlinePresentation mInlinePresentation;
		@Nullable private final IBinder mHostInputToken;
		private final int mDisplayId;
		private final int mUserId;
		private final int mSessionId;

		@NonNull
		private final Runnable mOnAutofillCallback;
		@NonNull
		private final Runnable mOnErrorCallback;
		@NonNull
		private final Runnable mOnInflateCallback;
		@NonNull
		private final Consumer<IntentSender> mStartIntentSenderFromClientApp;
		@NonNull private final Runnable mOnAutofillCallback;
		@NonNull private final Runnable mOnErrorCallback;
		@NonNull private final Runnable mOnInflateCallback;
		@NonNull private final Consumer<IntentSender> mStartIntentSenderFromClientApp;

		RemoteInlineSuggestionViewConnector(
		@NonNull InlineFillUi.InlineFillUiInfo inlineFillUiInfo,
		@@ -81,8 +75,12 @@ final class RemoteInlineSuggestionViewConnector {
		*
		* @return true if the call is made to the remote renderer service, false otherwise.
		*/
		public boolean renderSuggestion(int width, int height,
		@NonNull IInlineSuggestionUiCallback callback) {
		public boolean renderSuggestion(
		int width, int height, @NonNull IInlineSuggestionUiCallback callback) {
		if (Helper.sanitizeSlice(mInlinePresentation.getSlice()) == null) {
		if (sDebug) Slog.d(TAG, "Skipped rendering inline suggestion.");
		return false;
		}
		if (mRemoteRenderService != null) {
		if (sDebug) Slog.d(TAG, "Request to recreate the UI");
		mRemoteRenderService.renderSuggestion(callback, mInlinePresentation, width, height,