Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7183f0a6 authored by tiansiming's avatar tiansiming Committed by Fyodor Kupolov
Browse files

[DO NOT MERGE] Fix another AddAccountSettings memory leak 

The memory leak will always occur in AddAccoutSettings
when Bundle with an invalid intent returned in the addAccount we implement.

Bug:https://issuetracker.google.com/issues/66088681


Test:Install the app through the github offered in above link,
then press the "Test" item in ChooseAccountActivity (adb shell am start -n
'com.android.settings/.accounts.ChooseAccountActivity') serveal times.
Check the activity number by "adb shell dumpsys meminfo com.android.settings".

Change-Id: Id15fc73521d0ddc6ca891b6029ad04cd4427dbfe
Signed-off-by: default avatartiansiming <tiansiming@xiaomi.com>
parent c8ad4a82

services/core/java/com/android/server/accounts/AccountManagerService.java

+25 −11
Original line number Diff line number Diff line
@@ -2954,9 +2954,13 @@ public class AccountManagerService 
                             * have users launching arbitrary activities by tricking users to

                             * interact with malicious notifications.

                             */

                            checkKeyIntent(

                            if (!checkKeyIntent(

                                    Binder.getCallingUid(),

                                    intent);

                                    intent)) {

                                onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,

                                        "invalid intent in bundle returned");

                                return;

                            }

                            doNotification(

                                    mAccounts,

                                    account,
@@ -3351,9 +3355,13 @@ public class AccountManagerService 
            Intent intent = null;

            if (result != null

                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {

                checkKeyIntent(

                if (!checkKeyIntent(

                        Binder.getCallingUid(),

                        intent);

                        intent)) {

                    onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,

                            "invalid intent in bundle returned");

                    return;

                }

            }

            IAccountManagerResponse response;

            if (mExpectActivityLaunch && result != null
@@ -4700,13 +4708,14 @@ public class AccountManagerService 
         * into launching arbitrary intents on the device via by tricking to click authenticator

         * supplied entries in the system Settings app.

         */

        protected void checkKeyIntent(

                int authUid,

                Intent intent) throws SecurityException {

        protected boolean checkKeyIntent(int authUid, Intent intent) {

            long bid = Binder.clearCallingIdentity();

            try {

                PackageManager pm = mContext.getPackageManager();

                ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mAccounts.userId);

                if (resolveInfo == null) {

                    return false;

                }

                ActivityInfo targetActivityInfo = resolveInfo.activityInfo;

                int targetUid = targetActivityInfo.applicationInfo.uid;

                if (!isExportedSystemActivity(targetActivityInfo)
@@ -4716,9 +4725,10 @@ public class AccountManagerService 
                    String activityName = targetActivityInfo.name;

                    String tmpl = "KEY_INTENT resolved to an Activity (%s) in a package (%s) that "

                            + "does not share a signature with the supplying authenticator (%s).";

                    throw new SecurityException(

                            String.format(tmpl, activityName, pkgName, mAccountType));

                    Log.e(TAG, String.format(tmpl, activityName, pkgName, mAccountType));

                    return false;

                }

                return true;

            } finally {

                Binder.restoreCallingIdentity(bid);

            }
@@ -4868,9 +4878,13 @@ public class AccountManagerService 
            }

            if (result != null

                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {

                checkKeyIntent(

                if (!checkKeyIntent(

                        Binder.getCallingUid(),

                        intent);

                        intent)) {

                    onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,

                            "invalid intent in bundle returned");

                    return;

                }

            }

            if (result != null

                    && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {