Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d029091b authored by oli's avatar oli Committed by mse1969
Browse files

Add resolveActivityAsUserForExplicitType api to pm 

allow checking for resolved activity for an intent with a specific type

allowing the intent to declare its own type can lead to a security
vulnerability if the intent changes its type after the
IntentForwarder#canForward check.

Use the new API in IntentForwarderActivity to prevent checking the
intent's type twice.

Update other call sites of IntentForwarder#canForward to extract the
resolved type from the intent and pass in to to the method call

Check the launch package rather than calling package

sanitize intent selector as well as received intent

Bug: 403565650 407763772 397216638
Flag: EXEMPT bugfix
Test: manually tested
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:57233409d9bb5aef50373760a9b6551aa618c808)
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:e80fafa79999bdcd623e4393d528cf0ac8db02fd
Merged-In: I8453f25ed5ddd938718f4d2be4983c881778f281
Change-Id: I8453f25ed5ddd938718f4d2be4983c881778f281
parent 42eecf88
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment