Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 845ea13a authored by Gary Mai's avatar Gary Mai Committed by Anis Assi
Browse files

Stop returning intent data in QuickContact in onActivityResult 

Contacts code does not use the data, only the result code, and it is a potential URI permission grant attack angle.
Clean up unused code in ImplicitIntentsUtil

Bug: 178825358
Test: Manual test with POC app. Observed crash instead of contacts data
read.

Change-Id: Ie8da7faef3611eacd14eda7c0067e2aa24805a10
(cherry picked from commit cec9f909)
parent c55b4078

src/com/android/contacts/quickcontact/QuickContactActivity.java

+1 −1
Original line number Diff line number Diff line
@@ -928,7 +928,7 @@ public class QuickContactActivity extends ContactsActivity { 
        final boolean deletedOrSplit = requestCode == REQUEST_CODE_CONTACT_EDITOR_ACTIVITY &&

                (resultCode == ContactDeletionInteraction.RESULT_CODE_DELETED ||

                resultCode == ContactEditorActivity.RESULT_CODE_SPLIT);

        setResult(resultCode, data);

        setResult(resultCode);

        if (deletedOrSplit) {

            finish();

        } else if (requestCode == REQUEST_CODE_CONTACT_SELECTION_ACTIVITY &&

src/com/android/contacts/util/ImplicitIntentsUtil.java

+1 −20
Original line number Diff line number Diff line
@@ -102,30 +102,11 @@ public class ImplicitIntentsUtil { 
     */

    public static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType) {

        startQuickContact(activity, contactLookupUri, previousScreenType, /* requestCode */ -1);

    }



    /**

     * Starts QuickContact for result with the default mode and specified previous screen type.

     */

    public static void startQuickContactForResult(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        startQuickContact(activity, contactLookupUri, previousScreenType, requestCode);

    }



    private static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        final Intent intent = ImplicitIntentsUtil.composeQuickContactIntent(

                activity, contactLookupUri, previousScreenType);



        // We only start "for result" if specifically requested.

        if (requestCode >= 0) {

            intent.setPackage(activity.getPackageName());

            activity.startActivityForResult(intent, requestCode);

        } else {

        startActivityInApp(activity, intent);

    }

    }



    /**

     * Returns an implicit intent for opening QuickContacts with the default mode and specified