drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 4be7c61a: am 5677513b: am da37ed8b: am b9ba0c6c: Prevent authenticators from using Settings to launch arbitrary activities.

Browse Source 
* commit '4be7c61a339f8200527f6df5a7b2215c96f81b4b':
  Prevent authenticators from using Settings to  launch arbitrary activities.
This commit is contained in:
Paul Lawrence
2014-02-27 11:28:43 -08:00
committed by Android Git Automerger
parent 45aaa377c5 4be7c61a33
commit ea5586ef7f
1 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
core/java/android/accounts/AccountManagerService.java
View File

@ -35,6 +35,7 @@ import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.RegisteredServicesCache; import android.content.pm.RegisteredServicesCache;
import android.content.pm.RegisteredServicesCacheListener; import android.content.pm.RegisteredServicesCacheListener;
import android.content.pm.ResolveInfo;
import android.content.pm.UserInfo; import android.content.pm.UserInfo;
import android.database.Cursor; import android.database.Cursor;
import android.database.DatabaseUtils; import android.database.DatabaseUtils;
@ -1799,9 +1800,31 @@ public class AccountManagerService
} }
} }
@Override
public void onResult(Bundle result) { public void onResult(Bundle result) {
mNumResults++; mNumResults++;
if (result != null && !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) { Intent intent = null;
if (result != null
&& (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
/*
* The Authenticator API allows third party authenticators to
* supply arbitrary intents to other apps that they can run,
* this can be very bad when those apps are in the system like
* the System Settings.
*/
PackageManager pm = mContext.getPackageManager();
ResolveInfo resolveInfo = pm.resolveActivity(intent, 0);
int targetUid = resolveInfo.activityInfo.applicationInfo.uid;
int authenticatorUid = Binder.getCallingUid();
if (PackageManager.SIGNATURE_MATCH !=
pm.checkSignatures(authenticatorUid, targetUid)) {
throw new SecurityException(
"Activity to be started with KEY_INTENT must " +
"share Authenticator's signatures");
}
}
if (result != null
&& !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {
String accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME); String accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME);
String accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE); String accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
if (!TextUtils.isEmpty(accountName) && !TextUtils.isEmpty(accountType)) { if (!TextUtils.isEmpty(accountName) && !TextUtils.isEmpty(accountType)) {