Merge tag 'android-security-11.0.0_r53' into staging/lineage-18.1_merge-android-security-11.0.0_r53 (2ade216c) · Commits · e / os / android_packages_apps_Settings

src/com/android/settings/security/CredentialStorage.java

+14 −1

Original line number	Diff line number	Diff line
		@@ -87,7 +87,7 @@ public final class CredentialStorage extends FragmentActivity {
		final String action = intent.getAction();
		final UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
		if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
		if (ACTION_RESET.equals(action)) {
		if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
		new ResetDialog();
		} else {
		if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
		@@ -319,6 +319,19 @@ public final class CredentialStorage extends FragmentActivity {
		finish();
		}

		/**
		* Check that the caller is Settings.
		*/
		private boolean checkCallerIsSelf() {
		try {
		return Process.myUid() == android.app.ActivityManager.getService()
		.getLaunchedFromUid(getActivityToken());
		} catch (RemoteException re) {
		// Error talking to ActivityManager, just give up
		return false;
		}
		}

		/**
		* Check that the caller is either certinstaller or Settings running in a profile of this user.
		*/

src/com/android/settings/users/AppRestrictionsFragment.java

+17 −7

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package com.android.settings.users;

		import android.app.Activity;
		import android.app.settings.SettingsEnums;
		import android.content.ActivityNotFoundException;
		import android.content.BroadcastReceiver;
		import android.content.Context;
		import android.content.Intent;
		@@ -37,6 +38,7 @@ import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.UserHandle;
		import android.os.UserManager;
		import android.util.EventLog;
		import android.util.Log;
		import android.view.View;
		import android.view.View.OnClickListener;
		@@ -641,7 +643,15 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
		} else if (restrictionsIntent != null) {
		preference.setRestrictions(restrictions);
		if (invokeIfCustom && AppRestrictionsFragment.this.isResumed()) {
		try {
		assertSafeToStartCustomActivity(restrictionsIntent);
		} catch (ActivityNotFoundException \| SecurityException e) {
		// return without startActivity
		Log.e(TAG, "Cannot start restrictionsIntent " + e);
		EventLog.writeEvent(0x534e4554, "200688991", -1 /* UID */, "");
		return;
		}

		int requestCode = generateCustomActivityRequestCode(
		RestrictionsResultReceiver.this.preference);
		AppRestrictionsFragment.this.startActivityForResult(
		@@ -655,14 +665,14 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
		if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
		return;
		}
		// Activity can be started if intent resolves to multiple activities
		List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager
		.queryIntentActivities(intent, 0 /* no flags */);
		if (resolveInfos.size() != 1) {
		return;
		ResolveInfo resolveInfo = mPackageManager.resolveActivity(
		intent, PackageManager.MATCH_DEFAULT_ONLY);

		if (resolveInfo == null) {
		throw new ActivityNotFoundException("No result for resolving " + intent);
		}
		// Prevent potential privilege escalation
		ActivityInfo activityInfo = resolveInfos.get(0).activityInfo;
		ActivityInfo activityInfo = resolveInfo.activityInfo;
		if (!packageName.equals(activityInfo.packageName)) {
		throw new SecurityException("Application " + packageName
		+ " is not allowed to start activity " + intent);