Loading src/com/android/settings/accounts/AccountTypePreferenceLoader.java +14 −7 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ package com.android.settings.accounts; import android.accounts.Account; import android.accounts.AuthenticatorDescription; import android.content.ClipData; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; import android.content.pm.ActivityInfo; Loading Loading @@ -241,13 +242,19 @@ public class AccountTypePreferenceLoader { } /** * Determines if the supplied Intent is safe. A safe intent is one that is * will launch a exported=true activity or owned by the same uid as the * Determines if the supplied Intent is safe. A safe intent is one that * will launch an exported=true activity or owned by the same uid as the * authenticator supplying the intent. */ private boolean isSafeIntent(PackageManager pm, Intent intent, String acccountType) { @VisibleForTesting boolean isSafeIntent(PackageManager pm, Intent intent, String accountType) { if (TextUtils.equals(intent.getScheme(), ContentResolver.SCHEME_CONTENT)) { Log.e(TAG, "Intent with a content scheme is unsafe."); return false; } AuthenticatorDescription authDesc = mAuthenticatorHelper.getAccountTypeDescription(acccountType); mAuthenticatorHelper.getAccountTypeDescription(accountType); ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mUserHandle.getIdentifier()); if (resolveInfo == null) { return false; Loading src/com/android/settings/users/UserSettings.java +2 −2 Original line number Diff line number Diff line Loading @@ -431,8 +431,8 @@ public class UserSettings extends SettingsPreferenceFragment int pos = 0; // TODO(b/191509236): The menu item does not need to be accessible for guest users, // regardless of mGuestUserAutoCreated if (!mUserCaps.mIsAdmin && canSwitchUserNow() && !(isCurrentUserGuest() && mGuestUserAutoCreated)) { if (!mUserCaps.mIsAdmin && canSwitchUserNow() && !mUserManager.isProfile() && !(isCurrentUserGuest() && mGuestUserAutoCreated)) { String nickname = mUserManager.getUserName(); MenuItem removeThisUser = menu.add(0, MENU_REMOVE_USER, pos++, getResources().getString(R.string.user_remove_user_menu, nickname)); Loading tests/robotests/src/com/android/settings/accounts/AccountTypePreferenceLoaderTest.java +14 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.settings.accounts; import static com.google.common.truth.Truth.assertThat; import static org.mockito.Answers.RETURNS_DEEP_STUBS; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.Mockito.mock; Loading @@ -26,8 +28,11 @@ import static org.mockito.Mockito.when; import android.accounts.Account; import android.accounts.AccountManager; import android.accounts.AuthenticatorDescription; import android.content.ClipData; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; import android.net.Uri; import android.os.UserHandle; import androidx.preference.Preference; Loading Loading @@ -129,4 +134,13 @@ public class AccountTypePreferenceLoaderTest { verify(mPrefLoader).updatePreferenceIntents(prefGroup4, acctType, mAccount); verify(mPrefLoader).updatePreferenceIntents(prefGroup41, acctType, mAccount); } @Test public void isSafeIntent_hasContextScheme_returnFalse() { Intent intent = new Intent(); intent.setClipData(ClipData.newRawUri(null, Uri.parse("content://com.android.settings.files/my_cache/NOTICE.html"))); assertThat(mPrefLoader.isSafeIntent(mPackageManager, intent, mAccount.type)).isFalse(); } } Loading
src/com/android/settings/accounts/AccountTypePreferenceLoader.java +14 −7 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ package com.android.settings.accounts; import android.accounts.Account; import android.accounts.AuthenticatorDescription; import android.content.ClipData; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; import android.content.pm.ActivityInfo; Loading Loading @@ -241,13 +242,19 @@ public class AccountTypePreferenceLoader { } /** * Determines if the supplied Intent is safe. A safe intent is one that is * will launch a exported=true activity or owned by the same uid as the * Determines if the supplied Intent is safe. A safe intent is one that * will launch an exported=true activity or owned by the same uid as the * authenticator supplying the intent. */ private boolean isSafeIntent(PackageManager pm, Intent intent, String acccountType) { @VisibleForTesting boolean isSafeIntent(PackageManager pm, Intent intent, String accountType) { if (TextUtils.equals(intent.getScheme(), ContentResolver.SCHEME_CONTENT)) { Log.e(TAG, "Intent with a content scheme is unsafe."); return false; } AuthenticatorDescription authDesc = mAuthenticatorHelper.getAccountTypeDescription(acccountType); mAuthenticatorHelper.getAccountTypeDescription(accountType); ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mUserHandle.getIdentifier()); if (resolveInfo == null) { return false; Loading
src/com/android/settings/users/UserSettings.java +2 −2 Original line number Diff line number Diff line Loading @@ -431,8 +431,8 @@ public class UserSettings extends SettingsPreferenceFragment int pos = 0; // TODO(b/191509236): The menu item does not need to be accessible for guest users, // regardless of mGuestUserAutoCreated if (!mUserCaps.mIsAdmin && canSwitchUserNow() && !(isCurrentUserGuest() && mGuestUserAutoCreated)) { if (!mUserCaps.mIsAdmin && canSwitchUserNow() && !mUserManager.isProfile() && !(isCurrentUserGuest() && mGuestUserAutoCreated)) { String nickname = mUserManager.getUserName(); MenuItem removeThisUser = menu.add(0, MENU_REMOVE_USER, pos++, getResources().getString(R.string.user_remove_user_menu, nickname)); Loading
tests/robotests/src/com/android/settings/accounts/AccountTypePreferenceLoaderTest.java +14 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.settings.accounts; import static com.google.common.truth.Truth.assertThat; import static org.mockito.Answers.RETURNS_DEEP_STUBS; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.Mockito.mock; Loading @@ -26,8 +28,11 @@ import static org.mockito.Mockito.when; import android.accounts.Account; import android.accounts.AccountManager; import android.accounts.AuthenticatorDescription; import android.content.ClipData; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; import android.net.Uri; import android.os.UserHandle; import androidx.preference.Preference; Loading Loading @@ -129,4 +134,13 @@ public class AccountTypePreferenceLoaderTest { verify(mPrefLoader).updatePreferenceIntents(prefGroup4, acctType, mAccount); verify(mPrefLoader).updatePreferenceIntents(prefGroup41, acctType, mAccount); } @Test public void isSafeIntent_hasContextScheme_returnFalse() { Intent intent = new Intent(); intent.setClipData(ClipData.newRawUri(null, Uri.parse("content://com.android.settings.files/my_cache/NOTICE.html"))); assertThat(mPrefLoader.isSafeIntent(mPackageManager, intent, mAccount.type)).isFalse(); } }
