Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b4b3c73f authored by Aseem Kumar's avatar Aseem Kumar
Browse files

Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings. 

Bug: 378902342
Flag: EXEMPT security fix
Change-Id: I0e67f1258cb427c5b998e40a8a0c104af3ead042
(cherry picked from commit 6a896b6b)
parent ccce5d5d

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+8 −1
Original line number Diff line number Diff line
@@ -264,7 +264,14 @@ public class AccountTypePreferenceLoader { 
        try {

            // Allows to launch only authenticator owned activities.

            ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0);

            return resolvedAppInfo.uid == authenticatorAppInf.uid;

            if (resolvedAppInfo.uid == authenticatorAppInf.uid) {

                // Explicitly set the component to be same as authenticator to

                // prevent launching arbitrary activities.

                intent.setComponent(resolvedActivityInfo.getComponentName());

                return true;

            } else {

                return false;

            }

        } catch (NameNotFoundException e) {

            Log.e(TAG,

                "Intent considered unsafe due to exception.",