Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 707bd62c authored by Aseem Kumar's avatar Aseem Kumar Committed by Automerger Merge Worker
Browse files

Add ComponentName explicitly to make sure arbitary intents aren't launched... 

Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings. am: 702e2d1a

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/33193057



Change-Id: Iba2a5ea2b0c499450a6e9c4cf0b43ab683c17447
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents bde1a780 702e2d1a

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+8 −1
Original line number Diff line number Diff line
@@ -264,7 +264,14 @@ public class AccountTypePreferenceLoader { 
        try {

            // Allows to launch only authenticator owned activities.

            ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0);

            return resolvedAppInfo.uid == authenticatorAppInf.uid;

            if (resolvedAppInfo.uid == authenticatorAppInf.uid) {

                // Explicitly set the component to be same as authenticator to

                // prevent launching arbitrary activities.

                intent.setComponent(resolvedActivityInfo.getComponentName());

                return true;

            } else {

                return false;

            }

        } catch (NameNotFoundException e) {

            Log.e(TAG,

                "Intent considered unsafe due to exception.",