Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ba8abf51 authored by Aseem Kumar's avatar Aseem Kumar Committed by Automerger Merge Worker
Browse files

Add ComponentName explicitly to make sure arbitary intents aren't launched... 

Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings. am: 92c4a3cb

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/33194504



Change-Id: I1d4cd8cd149769174c19d4d897224fb601dc3cf8
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 219079c5 92c4a3cb

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+8 −1
Original line number Diff line number Diff line
@@ -264,7 +264,14 @@ public class AccountTypePreferenceLoader { 
        try {

            // Allows to launch only authenticator owned activities.

            ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0);

            return resolvedAppInfo.uid == authenticatorAppInf.uid;

            if (resolvedAppInfo.uid == authenticatorAppInf.uid) {

                // Explicitly set the component to be same as authenticator to

                // prevent launching arbitrary activities.

                intent.setComponent(resolvedActivityInfo.getComponentName());

                return true;

            } else {

                return false;

            }

        } catch (NameNotFoundException e) {

            Log.e(TAG,

                "Intent considered unsafe due to exception.",