Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 015edf54 authored by Edgar Wang's avatar Edgar Wang Committed by Android Build Coastguard Worker
Browse files

Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment

In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.

We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.

Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd)
(cherry picked from commit f57d75f1)
Merged-In:Iaa2d3a9497c3266babe0789961befc9776a4db7a
parent f15e0e5c
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment