Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2c1b1aa8 authored by Binyi Wu's avatar Binyi Wu
Browse files

Prevent intent defined in AccountPreference from leaking access 

Intent defined in AccountPreferences can grant Settings protected ContentProviders' access to authenticator app. We'll explicitly set an empty ClipData to avoid being used for unexpected access grant.

Test: manual, refer to #comment5 in bug for repro steps
Bug: 220733496
Change-Id: I85c22c9a7d72b8a55472d366d8adb6a75ac5c8a5
parent 17122f96

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+4 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.settings.accounts; 


import android.accounts.Account;

import android.accounts.AuthenticatorDescription;

import android.content.ClipData;

import android.content.Context;

import android.content.Intent;

import android.content.pm.ActivityInfo;
@@ -164,6 +165,9 @@ public class AccountTypePreferenceLoader { 
                                 * exploiting the fact that settings has system privileges.

                                 */

                            if (isSafeIntent(pm, prefIntent, acccountType)) {

                                // Explicitly set an empty ClipData to ensure that we don't offer to

                                // promote any Uris contained inside for granting purposes

                                prefIntent.setClipData(ClipData.newPlainText(null, null));

                                mFragment.getActivity().startActivityAsUser(

                                    prefIntent, mUserHandle);

                            } else {