Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dbf48762 authored by Aseem Kumar's avatar Aseem Kumar Committed by Evelyn Torres
Browse files

Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings. 

Bug: 378902342
Flag: EXEMPT security fix
(cherry picked from commit 6a896b6b)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:947f4571bcd7aef74fd70d533fa26e06e088dab3)
Merged-In: I0e67f1258cb427c5b998e40a8a0c104af3ead042
Change-Id: I0e67f1258cb427c5b998e40a8a0c104af3ead042
parent e859a0c2

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+8 −1
Original line number Diff line number Diff line
@@ -264,7 +264,14 @@ public class AccountTypePreferenceLoader { 
        try {

            // Allows to launch only authenticator owned activities.

            ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0);

            return resolvedAppInfo.uid == authenticatorAppInf.uid;

            if (resolvedAppInfo.uid == authenticatorAppInf.uid) {

                // Explicitly set the component to be same as authenticator to

                // prevent launching arbitrary activities.

                intent.setComponent(resolvedActivityInfo.getComponentName());

                return true;

            } else {

                return false;

            }

        } catch (NameNotFoundException e) {

            Log.e(TAG,

                "Intent considered unsafe due to exception.",