Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit f678426e authored by Michael Bestas's avatar Michael Bestas
Browse files

Merge branch 'android16-security-release' of... 

Merge branch 'android16-security-release' of https://android.googlesource.com/platform/packages/apps/Settings into lineage-23.0

* 'android16-security-release' of https://android.googlesource.com/platform/packages/apps/Settings:
  Hide sensistive content from locked profiles
  Ignore face settings extras when called by an external package.
  startActivityForResult with earlier new Intent
  Use correct API to get calling package name in CredentialStorage
  Prevent SettingsSliceProvider from accessing unused packages
  Hide notification content in history
  Do not enable the Content Protection toggle for non-admin users.
  Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings.
  AppRestrictions - use vetted component
  Drop PendingIntent extras from external packages during enrollment.

Change-Id: I2e6b262a366c24202897f3e040825f9e41d31a02
parents 8f7cf2c8 0c2075c1

res/values/config.xml

+3 −0
Original line number Diff line number Diff line
@@ -201,6 +201,9 @@ 
    <!-- List of packages that should be allowlisted for slice uri access. Do not translate -->

    <string-array name="slice_allowlist_package_names" translatable="false"/>



    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->

    <string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>



    <!-- Whether to use a UI variant that minimizes the number of UI elements on screen. This is

         typically used when there is not enough space to display everything, because pattern view

         doesn't interact well with scroll view -->

src/com/android/settings/accounts/AccountTypePreferenceLoader.java

+8 −1
Original line number Diff line number Diff line
@@ -265,7 +265,14 @@ public class AccountTypePreferenceLoader { 
        try {

            // Allows to launch only authenticator owned activities.

            ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0);

            return resolvedAppInfo.uid == authenticatorAppInf.uid;

            if (resolvedAppInfo.uid == authenticatorAppInf.uid) {

                // Explicitly set the component to be same as authenticator to

                // prevent launching arbitrary activities.

                intent.setComponent(resolvedActivityInfo.getComponentName());

                return true;

            } else {

                return false;

            }

        } catch (NameNotFoundException e) {

            Log.e(TAG,

                "Intent considered unsafe due to exception.",

src/com/android/settings/biometrics/BiometricEnrollIntroduction.java

+18 −2
Original line number Diff line number Diff line
@@ -50,6 +50,8 @@ import com.google.android.setupdesign.span.LinkSpan; 
import com.google.android.setupdesign.template.RequireScrollMixin;

import com.google.android.setupdesign.util.DynamicColorPalette;



import java.util.List;



/**

 * Abstract base class for the intro onboarding activity for biometric enrollment.

 */
@@ -249,6 +251,19 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase 
                !isScrollNeeded && !enrollmentCompleted ? View.VISIBLE : View.INVISIBLE);

    }



    @Override

    protected void onStart() {

        super.onStart();



        if (!getPackageName().equals(getCallingPackage())) {

            for (String key : List.of(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL,

                    MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE,

                    MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT)) {

                getIntent().removeExtra(key);

            }

        }

    }



    @Override

    protected void onResume() {

        super.onResume();
@@ -497,14 +512,15 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase 
        getIntent().removeExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT);

    }



    protected void removeEnrollNextBiometricIfSkipEnroll(@Nullable Intent data) {

    private void removeEnrollNextBiometricIfSkipEnroll(@Nullable Intent data) {

        if (data != null

                && data.getBooleanExtra(

                        MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL, false)) {

            removeEnrollNextBiometric();

        }

    }

    protected void handleBiometricResultSkipOrFinished(int resultCode, @Nullable Intent data) {



    private void handleBiometricResultSkipOrFinished(int resultCode, @Nullable Intent data) {

        removeEnrollNextBiometricIfSkipEnroll(data);

        if (resultCode == RESULT_SKIP) {

            onEnrollmentSkipped(data);

src/com/android/settings/biometrics/face/FaceSettings.java

+14 −7
Original line number Diff line number Diff line
@@ -95,8 +95,8 @@ public class FaceSettings extends DashboardFragment { 
    private FaceManager mFaceManager;

    private DevicePolicyManager mDevicePolicyManager;

    private int mUserId;

    private int mSensorId;

    private long mChallenge;

    private int mSensorId = -1;

    private long mChallenge = 0;

    private byte[] mToken;

    private FaceSettingsAttentionPreferenceController mAttentionController;

    private FaceSettingsRemoveButtonPreferenceController mRemoveController;
@@ -181,12 +181,19 @@ public class FaceSettings extends DashboardFragment { 
        mUserManager = context.getSystemService(UserManager.class);

        mFaceManager = context.getSystemService(FaceManager.class);

        mDevicePolicyManager = context.getSystemService(DevicePolicyManager.class);



        final SettingsActivity activity = (SettingsActivity) requireActivity();

        final String callingPackage = activity.getInitialCallingPackage();

        if (callingPackage == null || !callingPackage.equals(activity.getPackageName())) {

            mUserId = UserHandle.myUserId();

        } else {

            // only allow these extras when called internally by Settings

            mToken = getIntent().getByteArrayExtra(KEY_TOKEN);

            mSensorId = getIntent().getIntExtra(BiometricEnrollBase.EXTRA_KEY_SENSOR_ID, -1);

            mChallenge = getIntent().getLongExtra(BiometricEnrollBase.EXTRA_KEY_CHALLENGE, 0L);

            mUserId = getIntent().getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());

        }



        mUserId = getActivity().getIntent().getIntExtra(

                Intent.EXTRA_USER_ID, UserHandle.myUserId());

        mFaceFeatureProvider = FeatureFactory.getFeatureFactory().getFaceFeatureProvider();



        if (mUserManager.getUserInfo(mUserId).isManagedProfile()) {

src/com/android/settings/notification/history/NotificationHistoryActivity.java

+24 −4
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.settings.notification.history;



import static android.provider.Settings.Secure.LOCK_SCREEN_ALLOW_PRIVATE_NOTIFICATIONS;

import static android.provider.Settings.Secure.NOTIFICATION_HISTORY_ENABLED;

import static android.view.View.GONE;

import static android.view.View.VISIBLE;
@@ -28,9 +29,11 @@ import android.annotation.DrawableRes; 
import android.app.ActionBar;

import android.app.ActivityManager;

import android.app.INotificationManager;

import android.app.KeyguardManager;

import android.content.ComponentName;

import android.content.Context;

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.content.res.Resources;

import android.content.res.TypedArray;

import android.os.Bundle;
@@ -58,6 +61,7 @@ import androidx.recyclerview.widget.RecyclerView; 
import com.android.internal.logging.UiEvent;

import com.android.internal.logging.UiEventLogger;

import com.android.internal.logging.UiEventLoggerImpl;

import com.android.internal.widget.LockPatternUtils;

import com.android.internal.widget.NotificationExpandButton;

import com.android.settings.R;

import com.android.settings.notification.NotificationBackend;
@@ -68,6 +72,7 @@ import com.android.settingslib.widget.MainSwitchBar; 


import java.util.ArrayList;

import java.util.Arrays;

import java.util.List;

import java.util.concurrent.CountDownLatch;

import java.util.concurrent.Future;

import java.util.concurrent.TimeUnit;
@@ -98,6 +103,8 @@ public class NotificationHistoryActivity extends CollapsingToolbarBaseActivity { 


    private UiEventLogger mUiEventLogger = new UiEventLoggerImpl();



    private ArrayList<Integer> mContentRestrictedUsers = new ArrayList<>();



    enum NotificationHistoryEvent implements UiEventLogger.UiEventEnum {

        @UiEvent(doc = "User turned on notification history")

        NOTIFICATION_HISTORY_ON(504),
@@ -205,14 +212,14 @@ public class NotificationHistoryActivity extends CollapsingToolbarBaseActivity { 


            final NotificationHistoryRecyclerView rv =

                    viewForPackage.findViewById(R.id.notification_list);

            rv.setAdapter(new NotificationHistoryAdapter(mNm, rv,

            rv.setAdapter(new NotificationHistoryAdapter(NotificationHistoryActivity.this, mNm, rv,

                    newCount -> {

                        count.setText(StringUtil.getIcuPluralsString(this, newCount,

                                R.string.notification_history_count));

                        if (newCount == 0) {

                            viewForPackage.setVisibility(GONE);

                        }

                    }, mUiEventLogger));

                    }, mUiEventLogger, mContentRestrictedUsers));

            ((NotificationHistoryAdapter) rv.getAdapter()).onRebuildComplete(

                    new ArrayList<>(nhp.notifications));
@@ -249,6 +256,19 @@ public class NotificationHistoryActivity extends CollapsingToolbarBaseActivity { 


        mPm = getPackageManager();

        mUm = getSystemService(UserManager.class);



        List<UserInfo> users = mUm.getProfiles(getUserId());

        for (UserInfo user : users) {

            if (Settings.Secure.getIntForUser(getContentResolver(),

                    LOCK_SCREEN_ALLOW_PRIVATE_NOTIFICATIONS, 0, user.id) == 0) {

                LockPatternUtils lpu = new LockPatternUtils(this);

                KeyguardManager km = getSystemService(KeyguardManager.class);

                if (lpu.isSecure(user.id) && km.isDeviceLocked(user.id)) {

                    mContentRestrictedUsers.add(user.id);

                }

            }

        }



        // wait for history loading and recent/snooze loading

        mCountdownLatch = new CountDownLatch(2);
@@ -419,7 +439,7 @@ public class NotificationHistoryActivity extends CollapsingToolbarBaseActivity { 
            mSnoozedRv.setLayoutManager(lm);

            mSnoozedRv.setAdapter(

                    new NotificationSbnAdapter(NotificationHistoryActivity.this, mPm, mUm,

                            true, mUiEventLogger));

                            true, mUiEventLogger, mContentRestrictedUsers));

            mSnoozedRv.setNestedScrollingEnabled(false);



            if (snoozed == null || snoozed.length == 0) {
@@ -435,7 +455,7 @@ public class NotificationHistoryActivity extends CollapsingToolbarBaseActivity { 
            mDismissedRv.setLayoutManager(dismissLm);

            mDismissedRv.setAdapter(

                    new NotificationSbnAdapter(NotificationHistoryActivity.this, mPm, mUm,

                            false, mUiEventLogger));

                            false, mUiEventLogger, mContentRestrictedUsers));

            mDismissedRv.setNestedScrollingEnabled(false);



            if (dismissed == null || dismissed.length == 0) {