Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 37b58a42 authored by Carlos Valdivia's avatar Carlos Valdivia Committed by Jon Larimer
Browse files

SECURITY: Don't pass a usable Pending Intent to 3rd parties. 

Unfortunately the Settings app has super powers. We shouldn't let
untrusted 3rd party authenticators re-purpose those powers to their own
nefarious ends.  This means that we shouldn't pass along PendingIntents
that can have addressing information (component, action, category)
filled in by third parties.

Bug: 17356824
Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507
(cherry picked from commit f5d3e74e)
parent 90630f6a

src/com/android/settings/accounts/AddAccountSettings.java

+17 −1
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ import android.accounts.AuthenticatorException; 
import android.accounts.OperationCanceledException;

import android.app.Activity;

import android.app.PendingIntent;

import android.content.ComponentName;

import android.content.Context;

import android.content.Intent;

import android.os.Bundle;
@@ -62,6 +63,7 @@ public class AddAccountSettings extends Activity { 
     * application.

     */

    private static final String KEY_CALLER_IDENTITY = "pendingIntent";

    private static final String SHOULD_NOT_RESOLVE = "SHOULDN'T RESOLVE!";



    private static final String TAG = "AccountSettings";
@@ -184,7 +186,21 @@ public class AddAccountSettings extends Activity { 


    private void addAccount(String accountType) {

        Bundle addAccountOptions = new Bundle();

        mPendingIntent = PendingIntent.getBroadcast(this, 0, new Intent(), 0);

        /*

         * The identityIntent is for the purposes of establishing the identity

         * of the caller and isn't intended for launching activities, services

         * or broadcasts.

         *

         * Unfortunately for legacy reasons we still need to support this. But

         * we can cripple the intent so that 3rd party authenticators can't

         * fill in addressing information and launch arbitrary actions.

         */

        Intent identityIntent = new Intent();

        identityIntent.setComponent(new ComponentName(SHOULD_NOT_RESOLVE, SHOULD_NOT_RESOLVE));

        identityIntent.setAction(SHOULD_NOT_RESOLVE);

        identityIntent.addCategory(SHOULD_NOT_RESOLVE);



        mPendingIntent = PendingIntent.getBroadcast(this, 0, identityIntent, 0);

        addAccountOptions.putParcelable(KEY_CALLER_IDENTITY, mPendingIntent);

        addAccountOptions.putBoolean(EXTRA_HAS_MULTIPLE_USERS, Utils.hasMultipleUsers(this));

        AccountManager.get(this).addAccount(