Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 93c93923 authored by Gary Mai's avatar Gary Mai Committed by android-build-team Robot
Browse files

Stop returning intent data in QuickContact in onActivityResult 

Contacts code does not use the data, only the result code, and it is a potential URI permission grant attack angle.
Clean up unused code in ImplicitIntentsUtil

Bug: 178825358
Test: Manual test with POC app. Observed crash instead of contacts data
read.

Change-Id: Ie8da7faef3611eacd14eda7c0067e2aa24805a10
(cherry picked from commit cec9f909)
parent 448e2f1b

src/com/android/contacts/quickcontact/QuickContactActivity.java

+1 −1
Original line number Diff line number Diff line
@@ -768,7 +768,7 @@ public class QuickContactActivity extends ContactsActivity { 
        final boolean deletedOrSplit = requestCode == REQUEST_CODE_CONTACT_EDITOR_ACTIVITY &&

                (resultCode == ContactDeletionInteraction.RESULT_CODE_DELETED ||

                resultCode == ContactEditorActivity.RESULT_CODE_SPLIT);

        setResult(resultCode, data);

        setResult(resultCode);

        if (deletedOrSplit) {

            finish();

        } else if (requestCode == REQUEST_CODE_CONTACT_SELECTION_ACTIVITY &&

src/com/android/contacts/util/ImplicitIntentsUtil.java

+1 −20
Original line number Diff line number Diff line
@@ -102,30 +102,11 @@ public class ImplicitIntentsUtil { 
     */

    public static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType) {

        startQuickContact(activity, contactLookupUri, previousScreenType, /* requestCode */ -1);

    }



    /**

     * Starts QuickContact for result with the default mode and specified previous screen type.

     */

    public static void startQuickContactForResult(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        startQuickContact(activity, contactLookupUri, previousScreenType, requestCode);

    }



    private static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        final Intent intent = ImplicitIntentsUtil.composeQuickContactIntent(

                activity, contactLookupUri, previousScreenType);



        // We only start "for result" if specifically requested.

        if (requestCode >= 0) {

            intent.setPackage(activity.getPackageName());

            activity.startActivityForResult(intent, requestCode);

        } else {

        startActivityInApp(activity, intent);

    }

    }



    /**

     * Returns an implicit intent for opening QuickContacts with the default mode and specified