Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e8e7b9b3 authored by Fyodor Kupolov's avatar Fyodor Kupolov Committed by Jon Larimer
Browse files

Added a check if a custom activity can be started 

AppRestrictionsFragment starts an activity using an intent provided by the
receiver. A check was added to prevent an app from starting an activity that
it does not own.

Bug: 14441412
Change-Id: Ia6820b1daf3783d605b92976c78cb522b17dc8f2
parent 37b58a42

src/com/android/settings/users/AppRestrictionsFragment.java

+21 −0
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ import android.content.DialogInterface; 
import android.content.Intent;

import android.content.IntentFilter;

import android.content.RestrictionEntry;

import android.content.pm.ActivityInfo;

import android.content.pm.ApplicationInfo;

import android.content.pm.IPackageManager;

import android.content.pm.PackageInfo;
@@ -839,6 +840,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen 
                p.setOnPreferenceClickListener(new OnPreferenceClickListener() {

                    @Override

                    public boolean onPreferenceClick(Preference preference) {

                        assertSafeToStartCustomActivity(customIntent);

                        int requestCode = generateCustomActivityRequestCode(

                                RestrictionsResultReceiver.this.preference);

                        AppRestrictionsFragment.this.startActivityForResult(
@@ -853,6 +855,25 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen 
                preference.setRestrictions(restrictions);

            }

        }



        private void assertSafeToStartCustomActivity(Intent intent) {

            // Activity can be started if it belongs to the same app

            if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {

                return;

            }

            // Activity can be started if intent resolves to multiple activities

            List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager

                    .queryIntentActivities(intent, 0 /* no flags */);

            if (resolveInfos.size() != 1) {

                return;

            }

            // Prevent potential privilege escalation

            ActivityInfo activityInfo = resolveInfos.get(0).activityInfo;

            if (!packageName.equals(activityInfo.packageName)) {

                throw new SecurityException("Application " + packageName

                        + " is not allowed to start activity " + intent);

            };

        }

    }



    private void onRestrictionsReceived(AppRestrictionsPreference preference, String packageName,