Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e2ee0f86 authored by Ioana Alexandru's avatar Ioana Alexandru Committed by Android Build Coastguard Worker
Browse files

Implement visitUris for RemoteViews ViewGroupActionAdd. 

This is to prevent a vulnerability where notifications can show
resources belonging to other users, since the URI in the nested views
was not being checked.

Bug: 277740082
Test: atest RemoteViewsTest NotificationVisitUrisTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:850fd984e5f346645b5a941ed7307387c7e4c4de)
Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
parent 40659fab

core/java/android/widget/RemoteViews.java

+5 −0
Original line number Diff line number Diff line
@@ -2583,6 +2583,11 @@ public class RemoteViews implements Parcelable, Filter { 
        public int getActionTag() {

            return VIEW_GROUP_ACTION_ADD_TAG;

        }



        @Override

        public final void visitUris(@NonNull Consumer<Uri> visitor) {

            mNestedViews.visitUris(visitor);

        }

    }



    /**

core/tests/coretests/src/android/widget/RemoteViewsTest.java

+24 −0
Original line number Diff line number Diff line
@@ -719,6 +719,30 @@ public class RemoteViewsTest { 
        verify(visitor, times(1)).accept(eq(icon4.getUri()));

    }



    @Test

    public void visitUris_nestedViews() {

        final RemoteViews outer = new RemoteViews(mPackage, R.layout.remote_views_test);



        final RemoteViews inner = new RemoteViews(mPackage, 33);

        final Uri imageUriI = Uri.parse("content://inner/image");

        final Icon icon1 = Icon.createWithContentUri("content://inner/icon1");

        final Icon icon2 = Icon.createWithContentUri("content://inner/icon2");

        final Icon icon3 = Icon.createWithContentUri("content://inner/icon3");

        final Icon icon4 = Icon.createWithContentUri("content://inner/icon4");

        inner.setImageViewUri(R.id.image, imageUriI);

        inner.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);



        outer.addView(R.id.layout, inner);



        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);

        outer.visitUris(visitor);

        verify(visitor, times(1)).accept(eq(imageUriI));

        verify(visitor, times(1)).accept(eq(icon1.getUri()));

        verify(visitor, times(1)).accept(eq(icon2.getUri()));

        verify(visitor, times(1)).accept(eq(icon3.getUri()));

        verify(visitor, times(1)).accept(eq(icon4.getUri()));

    }



    @Test

    public void visitUris_separateOrientation() {

        final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);