Mark framework created intent as safe (c51fd76d) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyManager.java

+8 −2

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package android.app.admin;

		import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;
		import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;

		import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage;
		@@ -10802,14 +10803,19 @@ public class DevicePolicyManager {
		*/
		public Intent createAdminSupportIntent(@NonNull String restriction) {
		throwIfParentInstance("createAdminSupportIntent");
		Intent result = null;
		if (mService != null) {
		try {
		return mService.createAdminSupportIntent(restriction);
		result = mService.createAdminSupportIntent(restriction);
		if (result != null) {
		result.prepareToEnterProcess(LOCAL_FLAG_FROM_SYSTEM,
		mContext.getAttributionSource());
		}
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		return null;
		return result;
		}

		/**

core/java/android/content/Intent.java

+29 −9

Original line number	Diff line number	Diff line
		@@ -7124,6 +7124,12 @@ public class Intent implements Parcelable, Cloneable {
		*/
		private static final int LOCAL_FLAG_FROM_URI = 1 << 4;

		/**
		* Local flag indicating this instance was created by the system.
		*/
		/** @hide */
		public static final int LOCAL_FLAG_FROM_SYSTEM = 1 << 5;

		// ---------------------------------------------------------------------
		// ---------------------------------------------------------------------
		// toUri() and parseUri() options.
		@@ -10535,7 +10541,9 @@ public class Intent implements Parcelable, Cloneable {
		// delivered Intent then it would have been reported when that Intent left the sending
		// process.
		if ((src.mLocalFlags & LOCAL_FLAG_FROM_PARCEL) != 0
		&& (src.mLocalFlags & LOCAL_FLAG_FROM_PROTECTED_COMPONENT) == 0) {
		&& (src.mLocalFlags & (
		LOCAL_FLAG_FROM_PROTECTED_COMPONENT
		\| LOCAL_FLAG_FROM_SYSTEM)) == 0) {
		mLocalFlags \|= LOCAL_FLAG_UNFILTERED_EXTRAS;
		}
		return this;
		@@ -11878,7 +11886,8 @@ public class Intent implements Parcelable, Cloneable {
		// Detect cases where we're about to launch a potentially unsafe intent
		if (StrictMode.vmUnsafeIntentLaunchEnabled()) {
		if ((mLocalFlags & LOCAL_FLAG_FROM_PARCEL) != 0
		&& (mLocalFlags & LOCAL_FLAG_FROM_PROTECTED_COMPONENT) == 0) {
		&& (mLocalFlags
		& (LOCAL_FLAG_FROM_PROTECTED_COMPONENT \| LOCAL_FLAG_FROM_SYSTEM)) == 0) {
		StrictMode.onUnsafeIntentLaunch(this);
		} else if ((mLocalFlags & LOCAL_FLAG_UNFILTERED_EXTRAS) != 0) {
		StrictMode.onUnsafeIntentLaunch(this);
		@@ -11897,6 +11906,17 @@ public class Intent implements Parcelable, Cloneable {
		* @hide
		*/
		public void prepareToEnterProcess(boolean fromProtectedComponent, AttributionSource source) {
		if (fromProtectedComponent) {
		prepareToEnterProcess(LOCAL_FLAG_FROM_PROTECTED_COMPONENT, source);
		} else {
		prepareToEnterProcess(0, source);
		}
		}

		/**
		* @hide
		*/
		public void prepareToEnterProcess(int localFlags, AttributionSource source) {
		// We just entered destination process, so we should be able to read all
		// parcelables inside.
		setDefusable(true);
		@@ -11904,13 +11924,15 @@ public class Intent implements Parcelable, Cloneable {
		if (mSelector != null) {
		// We can't recursively claim that this data is from a protected
		// component, since it may have been filled in by a malicious app
		mSelector.prepareToEnterProcess(false, source);
		mSelector.prepareToEnterProcess(0, source);
		}
		if (mClipData != null) {
		mClipData.prepareToEnterProcess(source);
		}
		if (mOriginalIntent != null) {
		mOriginalIntent.prepareToEnterProcess(false, source);
		// We can't recursively claim that this data is from a protected
		// component, since it may have been filled in by a malicious app
		mOriginalIntent.prepareToEnterProcess(0, source);
		}

		if (mContentUserHint != UserHandle.USER_CURRENT) {
		@@ -11920,9 +11942,7 @@ public class Intent implements Parcelable, Cloneable {
		}
		}

		if (fromProtectedComponent) {
		mLocalFlags \|= LOCAL_FLAG_FROM_PROTECTED_COMPONENT;
		}
		mLocalFlags \|= localFlags;

		// Special attribution fix-up logic for any BluetoothDevice extras
		// passed via Bluetooth intents

core/java/android/content/RestrictionsManager.java

+9 −2

Original line number	Diff line number	Diff line
		@@ -16,6 +16,8 @@

		package android.content;

		import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;

		import android.annotation.SystemService;
		import android.app.Activity;
		import android.app.admin.DevicePolicyManager;
		@@ -487,14 +489,19 @@ public class RestrictionsManager {
		}

		public Intent createLocalApprovalIntent() {
		Intent result = null;
		try {
		if (mService != null) {
		return mService.createLocalApprovalIntent();
		result = mService.createLocalApprovalIntent();
		if (result != null) {
		result.prepareToEnterProcess(LOCAL_FLAG_FROM_SYSTEM,
		mContext.getAttributionSource());
		}
		}
		} catch (RemoteException re) {
		throw re.rethrowFromSystemServer();
		}
		return null;
		return result;
		}

		/**

core/java/android/content/pm/ShortcutManager.java

+8 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,8 @@
		*/
		package android.content.pm;

		import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;

		import android.Manifest;
		import android.annotation.IntDef;
		import android.annotation.NonNull;
		@@ -628,7 +630,12 @@ public class ShortcutManager {
		try {
		mService.createShortcutResultIntent(mContext.getPackageName(),
		shortcut, injectMyUserId(), ret);
		return getFutureOrThrow(ret);
		Intent result = getFutureOrThrow(ret);
		if (result != null) {
		result.prepareToEnterProcess(LOCAL_FLAG_FROM_SYSTEM,
		mContext.getAttributionSource());
		}
		return result;
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}

telecomm/java/android/telecom/TelecomManager.java

+11 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		package android.telecom;

		import static android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE;
		import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;

		import android.Manifest;
		import android.annotation.IntDef;
		@@ -2417,6 +2418,10 @@ public class TelecomManager {
		if (service != null) {
		try {
		result = service.createManageBlockedNumbersIntent(mContext.getPackageName());
		if (result != null) {
		result.prepareToEnterProcess(LOCAL_FLAG_FROM_SYSTEM,
		mContext.getAttributionSource());
		}
		} catch (RemoteException e) {
		Log.e(TAG, "Error calling ITelecomService#createManageBlockedNumbersIntent", e);
		}
		@@ -2438,7 +2443,12 @@ public class TelecomManager {
		ITelecomService service = getTelecomService();
		if (service != null) {
		try {
		return service.createLaunchEmergencyDialerIntent(number);
		Intent result = service.createLaunchEmergencyDialerIntent(number);
		if (result != null) {
		result.prepareToEnterProcess(LOCAL_FLAG_FROM_SYSTEM,
		mContext.getAttributionSource());
		}
		return result;
		} catch (RemoteException e) {
		Log.e(TAG, "Error createLaunchEmergencyDialerIntent", e);
		}