Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6771d737 authored by Makoto Onuki's avatar Makoto Onuki
Browse files

Don't accept resource references in string fields 

Detect it when a developer accidentally uses @string/... in string fields
and log an error rather than publishing shortcuts with wrong values.

Bug 30140672

Change-Id: I98a60afd7f52282019a94a7a8c30a85ea4c7806b
parent f90128c6

services/core/java/com/android/server/pm/ShortcutParser.java

+14 −4
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ import android.util.ArraySet; 
import android.util.AttributeSet;

import android.util.Log;

import android.util.Slog;

import android.util.TypedValue;

import android.util.Xml;



import com.android.internal.R;
@@ -260,7 +261,12 @@ public class ShortcutParser { 
        final TypedArray sa = service.mContext.getResources().obtainAttributes(attrs,

                R.styleable.ShortcutCategories);

        try {

            return sa.getString(R.styleable.ShortcutCategories_name);

            if (sa.getType(R.styleable.ShortcutCategories_name) == TypedValue.TYPE_STRING) {

                return sa.getNonResourceString(R.styleable.ShortcutCategories_name);

            } else {

                Log.w(TAG, "android:name for shortcut category must be string literal.");

                return null;

            }

        } finally {

            sa.recycle();

        }
@@ -272,7 +278,11 @@ public class ShortcutParser { 
        final TypedArray sa = service.mContext.getResources().obtainAttributes(attrs,

                R.styleable.Shortcut);

        try {

            final String id = sa.getString(R.styleable.Shortcut_shortcutId);

            if (sa.getType(R.styleable.Shortcut_shortcutId) != TypedValue.TYPE_STRING) {

                Log.w(TAG, "android:shortcutId must be string literal. activity=" + activity);

                return null;

            }

            final String id = sa.getNonResourceString(R.styleable.Shortcut_shortcutId);

            final boolean enabled = sa.getBoolean(R.styleable.Shortcut_enabled, true);

            final int iconResId = sa.getResourceId(R.styleable.Shortcut_icon, 0);

            final int titleResId = sa.getResourceId(R.styleable.Shortcut_shortcutShortLabel, 0);
@@ -281,11 +291,11 @@ public class ShortcutParser { 
                    R.styleable.Shortcut_shortcutDisabledMessage, 0);



            if (TextUtils.isEmpty(id)) {

                Slog.w(TAG, "Shortcut ID must be provided. activity=" + activity);

                Log.w(TAG, "android:shortcutId must be provided. activity=" + activity);

                return null;

            }

            if (titleResId == 0) {

                Slog.w(TAG, "Shortcut title must be provided. activity=" + activity);

                Log.w(TAG, "android:shortcutShortLabel must be provided. activity=" + activity);

                return null;

            }

services/tests/servicestests/res/xml/shortcut_error_3.xml

+6 −0
Original line number Diff line number Diff line
@@ -18,6 +18,10 @@ 
        android:shortcutId="manifest-shortcut-3"

        android:shortcutShortLabel="@string/shortcut_title1"

    />

    <shortcut

        android:shortcutId="@string/shortcut_title1"

        android:shortcutShortLabel="@string/shortcut_title1"

    />

    <shortcut

        android:shortcutId="x3"

        android:shortcutShortLabel="@string/shortcut_title1"
@@ -26,5 +30,7 @@ 
            android:action="android.intent.action.VIEW"

            >

        </intent>

        <categories android:name="@string/shortcut_title1" />

        <categories android:name="cat2" />

    </shortcut>

</shortcuts>

services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest1.java

+18 −9
Original line number Diff line number Diff line
@@ -5856,9 +5856,11 @@ public class ShortcutManagerTest1 extends BaseShortcutManagerTest { 


        // Only the valid one is published.

        runWithCaller(CALLING_PACKAGE_1, USER_0, () -> {

            assertShortcutIds(assertAllManifest(assertAllImmutable(assertAllEnabled(

                    mManager.getManifestShortcuts()))),

                    "x1");

            assertWith(getCallerShortcuts())

                    .areAllManifest()

                    .areAllImmutable()

                    .areAllEnabled()

                    .haveIds("x1");

        });



        // Package 1 updated, which has one valid manifest shortcut and one invalid.
@@ -5871,9 +5873,11 @@ public class ShortcutManagerTest1 extends BaseShortcutManagerTest { 


        // Only the valid one is published.

        runWithCaller(CALLING_PACKAGE_1, USER_0, () -> {

            assertShortcutIds(assertAllManifest(assertAllImmutable(assertAllEnabled(

                    mManager.getManifestShortcuts()))),

                    "x2");

            assertWith(getCallerShortcuts())

                    .areAllManifest()

                    .areAllImmutable()

                    .areAllEnabled()

                    .haveIds("x2");

        });



        // Package 1 updated, which has one valid manifest shortcut and one invalid.
@@ -5886,9 +5890,14 @@ public class ShortcutManagerTest1 extends BaseShortcutManagerTest { 


        // Only the valid one is published.

        runWithCaller(CALLING_PACKAGE_1, USER_0, () -> {

            assertShortcutIds(assertAllManifest(assertAllImmutable(assertAllEnabled(

                    mManager.getManifestShortcuts()))),

                    "x3");

            assertWith(getCallerShortcuts())

                    .areAllManifest()

                    .areAllImmutable()

                    .areAllEnabled()

                    .haveIds("x3")

                    .forShortcutWithId("x3", si -> {

                        assertEquals(set("cat2"), si.getCategories());

                     });

        });

    }