Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 850fd984 authored by Ioana Alexandru's avatar Ioana Alexandru
Browse files

Implement visitUris for RemoteViews ViewGroupActionAdd. 

This is to prevent a vulnerability where notifications can show
resources belonging to other users, since the URI in the nested views
was not being checked.

Bug: 277740082
Test: atest RemoteViewsTest NotificationVisitUrisTest
Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
parent 71e7d412

core/java/android/widget/RemoteViews.java

+5 −0
Original line number Diff line number Diff line
@@ -1672,6 +1672,11 @@ public class RemoteViews implements Parcelable, Filter { 
        public int getActionTag() {

            return VIEW_GROUP_ACTION_ADD_TAG;

        }



        @Override

        public final void visitUris(@NonNull Consumer<Uri> visitor) {

            mNestedViews.visitUris(visitor);

        }

    }



    /**

core/tests/coretests/src/android/widget/RemoteViewsTest.java

+24 −0
Original line number Diff line number Diff line
@@ -528,6 +528,30 @@ public class RemoteViewsTest { 
        verify(visitor, times(1)).accept(eq(icon4.getUri()));

    }



    @Test

    public void visitUris_nestedViews() {

        final RemoteViews outer = new RemoteViews(mPackage, R.layout.remote_views_test);



        final RemoteViews inner = new RemoteViews(mPackage, 33);

        final Uri imageUriI = Uri.parse("content://inner/image");

        final Icon icon1 = Icon.createWithContentUri("content://inner/icon1");

        final Icon icon2 = Icon.createWithContentUri("content://inner/icon2");

        final Icon icon3 = Icon.createWithContentUri("content://inner/icon3");

        final Icon icon4 = Icon.createWithContentUri("content://inner/icon4");

        inner.setImageViewUri(R.id.image, imageUriI);

        inner.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);



        outer.addView(R.id.layout, inner);



        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);

        outer.visitUris(visitor);

        verify(visitor, times(1)).accept(eq(imageUriI));

        verify(visitor, times(1)).accept(eq(icon1.getUri()));

        verify(visitor, times(1)).accept(eq(icon2.getUri()));

        verify(visitor, times(1)).accept(eq(icon3.getUri()));

        verify(visitor, times(1)).accept(eq(icon4.getUri()));

    }



    @Test

    public void visitUris_separateOrientation() {

        final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);