Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cec9f909 authored by Gary Mai's avatar Gary Mai
Browse files

Stop returning intent data in QuickContact in onActivityResult 

Contacts code does not use the data, only the result code, and it is a potential URI permission grant attack angle.
Clean up unused code in ImplicitIntentsUtil

Bug: 178825358
Test: Manual test with POC app. Observed crash instead of contacts data
read.

Change-Id: Ie8da7faef3611eacd14eda7c0067e2aa24805a10
parent 2aedd25d

src/com/android/contacts/quickcontact/QuickContactActivity.java

+1 −1
Original line number Diff line number Diff line
@@ -927,7 +927,7 @@ public class QuickContactActivity extends ContactsActivity { 
        final boolean deletedOrSplit = requestCode == REQUEST_CODE_CONTACT_EDITOR_ACTIVITY &&

                (resultCode == ContactDeletionInteraction.RESULT_CODE_DELETED ||

                resultCode == ContactEditorActivity.RESULT_CODE_SPLIT);

        setResult(resultCode, data);

        setResult(resultCode);

        if (deletedOrSplit) {

            finish();

        } else if (requestCode == REQUEST_CODE_CONTACT_SELECTION_ACTIVITY &&

src/com/android/contacts/util/ImplicitIntentsUtil.java

+1 −20
Original line number Diff line number Diff line
@@ -102,30 +102,11 @@ public class ImplicitIntentsUtil { 
     */

    public static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType) {

        startQuickContact(activity, contactLookupUri, previousScreenType, /* requestCode */ -1);

    }



    /**

     * Starts QuickContact for result with the default mode and specified previous screen type.

     */

    public static void startQuickContactForResult(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        startQuickContact(activity, contactLookupUri, previousScreenType, requestCode);

    }



    private static void startQuickContact(Activity activity, Uri contactLookupUri,

            int previousScreenType, int requestCode) {

        final Intent intent = ImplicitIntentsUtil.composeQuickContactIntent(

                activity, contactLookupUri, previousScreenType);



        // We only start "for result" if specifically requested.

        if (requestCode >= 0) {

            intent.setPackage(activity.getPackageName());

            activity.startActivityForResult(intent, requestCode);

        } else {

        startActivityInApp(activity, intent);

    }

    }



    /**

     * Returns an implicit intent for opening QuickContacts with the default mode and specified