Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b342c8a authored by Nan Wu's avatar Nan Wu
Browse files

Do not unparcel LazyValue in collectExtraIntentKeys method 

collectExtraIntentKeys should only care about intents created in
this process, which would not be parceled when put in the extra
bundle. Unpparcel a LazyValue may cause issues when an app later
sets class loader to something else and prefer to unparcel it with
this new class loader.

Bug: 382633789
Test: manual test
Flag: EXEMPT bug fix
Change-Id: I4e14b255e8356a94816c38e8d0e9fa69ac38e6fb
parent 2928afc4

core/java/android/content/Intent.java

+13 −9
Original line number Diff line number Diff line
@@ -12401,19 +12401,23 @@ public class Intent implements Parcelable, Cloneable { 














    private void collectNestedIntentKeysRecur(Set<Intent> visited) {















        addExtendedFlags(EXTENDED_FLAG_NESTED_INTENT_KEYS_COLLECTED);













        if (mExtras != null && !mExtras.isEmpty()) {













        if (mExtras != null && !mExtras.isParcelled() && !mExtras.isEmpty()) {















            for (String key : mExtras.keySet()) {















                Object value;















                try {













                    // Do not unparcel any Parcelable objects. It may cause issues for app who would













                    // change class loader before it reads a parceled value. b/382633789.













                    // It is okay to not collect a parceled intent since it would have been













                    // coming from another process and collected by its containing intent already













                    // in that process.













                    if (!mExtras.isValueParceled(key)) {















                        value = mExtras.get(key);













                    } else {













                        value = null;













                    }















                } catch (BadParcelableException e) {













                    // This could happen when the key points to a LazyValue whose class cannot be













                    // found by the classLoader - A nested object more than 1 level deeper who is













                    // of type of a custom class could trigger this situation. In such case, we













                    // ignore it since it is not an intent. However, it could be a custom type that













                    // extends from Intent. If such an object is retrieved later in another













                    // component, then trying to launch such a custom class object will fail unless













                    // removeLaunchSecurityProtection() is called before it is launched.













                    // This probably would never happen. But just in case, simply ignore it since













                    // it is not an intent anyway.















                    value = null;















                }















                if (value instanceof Intent intent) {

























core/java/android/os/BaseBundle.java



+9
−0




























Original line number
Diff line number
Diff line








@@ -385,6 +385,15 @@ public class BaseBundle implements Parcel.ClassLoaderProvider {













        return (i >= 0) ? getValueAt(i, clazz, itemTypes) : null;















    }





























    /**













     * return true if the value corresponding to this key is still parceled.













     * @hide













     */













    public boolean isValueParceled(String key) {













        if (mMap == null) return true;













        int i = mMap.indexOfKey(key);













        return (mMap.valueAt(i) instanceof BiFunction<?, ?, ?>);













    }















    /**















     * Returns the value for a certain position in the array map for expected return type {@code















     * clazz} (or pass {@code null} for no type check).