Add check to prevent privilege escalation from trampoline added in change... (83447688) · Commits · e / os / android_packages_apps_Settings

src/com/android/settings/biometrics/BiometricEnrollBase.java

+6 −1

Original line number	Diff line number	Diff line
		@@ -182,7 +182,12 @@ public abstract class BiometricEnrollBase extends InstrumentedActivity {
		EXTRA_LAUNCHED_POSTURE_GUIDANCE);
		mNextLaunched = savedInstanceState.getBoolean(EXTRA_KEY_NEXT_LAUNCHED);
		}
		final String callingPackage = getLaunchedFromPackage();
		if (callingPackage == null \|\| !getPackageName().equals(callingPackage)) {
		mUserId = UserHandle.myUserId();
		} else {
		mUserId = getIntent().getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
		}
		mPostureGuidanceIntent = FeatureFactory.getFeatureFactory()
		.getFaceFeatureProvider().getPostureGuidanceIntent(getApplicationContext());

+9 −0

Original line number	Diff line number	Diff line
		@@ -20,6 +20,7 @@ import android.app.ComponentCaller
		import android.content.Intent
		import android.os.Bundle
		import android.util.Log
		import androidx.annotation.VisibleForTesting
		import androidx.appcompat.app.AppCompatActivity
		import com.android.settings.biometrics.BiometricEnrollBase.RESULT_FINISHED
		import com.android.settings.biometrics.combination.CombinedBiometricStatusUtils
		@@ -38,6 +39,9 @@ class FaceEnroll: AppCompatActivity() {
		private val enrollActivityProvider: FaceEnrollActivityClassProvider
		get() = featureFactory.faceFeatureProvider.enrollActivityClassProvider

		@VisibleForTesting
		var launchedFromProvider: () -> String? = { launchedFromPackage }

		private var isLaunched = false

		override fun onCreate(savedInstanceState: Bundle?) {
		@@ -56,6 +60,11 @@ class FaceEnroll: AppCompatActivity() {
		Log.d("FaceEnroll", "forward to $nextActivityClass")
		val nextIntent = Intent(this, nextActivityClass)
		nextIntent.putExtras(intent)

		// drop extras that are not allowed from external packages before launching
		if (launchedFromProvider() != packageName) {
		nextIntent.removeExtra(Intent.EXTRA_USER_ID)
		}
		startActivityForResult(nextIntent, 0)

		isLaunched = true

+2 −3

Original line number	Diff line number	Diff line
		@@ -239,9 +239,8 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction {
		if (token != null) {
		intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, token);
		}
		final int userId = getIntent().getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
		if (userId != UserHandle.USER_NULL) {
		intent.putExtra(Intent.EXTRA_USER_ID, userId);
		if (mUserId != UserHandle.USER_NULL) {
		intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
		}
		BiometricUtils.copyMultiBiometricExtras(getIntent(), intent);
		intent.putExtra(EXTRA_FROM_SETTINGS_SUMMARY, true);

+8 −1

Original line number	Diff line number	Diff line
		@@ -140,9 +140,16 @@ public class MultiBiometricEnrollHelperTest {
		final ShadowPackageManager shadowPackageManager = shadowOf(mContext.getPackageManager());
		shadowPackageManager.setSystemFeature(PackageManager.FEATURE_FACE, true);
		ShadowUtils.setFaceManager(mFaceManager);
		ActivityController.of(new FaceEnrollIntroduction(), mFaceIntent)
		ActivityController.of(new TestFaceEnrollIntroduction(), mFaceIntent)
		.create(mFaceIntent.getExtras()).get();

		verify(mFaceManager).generateChallenge(eq(mUserId), any());
		}

		private static class TestFaceEnrollIntroduction extends FaceEnrollIntroduction {
		@Override
		public String getLaunchedFromPackage() {
		return getPackageName();
		}
		}
		}

+5 −0

Original line number	Diff line number	Diff line
		@@ -182,6 +182,11 @@ public class FaceEnrollIntroductionTest {
		public boolean isInMultiWindowMode() {
		return mIsMultiWindowMode;
		}

		@Override
		public String getLaunchedFromPackage() {
		return getPackageName();
		}
		}

		@Before