diff options
| author | Gary Mai <garymai@google.com> | 2021-02-02 15:17:48 -0800 |
|---|---|---|
| committer | Anis Assi <anisassi@google.com> | 2021-02-05 10:35:45 -0800 |
| commit | 56c07a617701c10901de45be8216e20f5e1265e9 (patch) | |
| tree | 37f9f5221fd79a3d9908ccff75341f38762ba550 | |
| parent | f196a40c868f7393791916334911b7e97f658f5d (diff) | |
| download | Contacts-oreo-mr1-security-release.tar.gz | |
Stop returning intent data in QuickContact in onActivityResultandroid-security-8.1.0_r93android-security-8.1.0_r92android-security-8.1.0_r91android-security-8.1.0_r90android-security-8.1.0_r89android-security-8.1.0_r88android-security-8.1.0_r87oreo-mr1-security-release
Contacts code does not use the data, only the result code, and it is a potential URI permission grant attack angle.
Clean up unused code in ImplicitIntentsUtil
Bug: 178825358
Test: Manual test with POC app. Observed crash instead of contacts data
read.
Change-Id: Ie8da7faef3611eacd14eda7c0067e2aa24805a10
(cherry picked from commit cec9f9094baa5225ca2ce9a64c8fcd6af7000b00)
| -rw-r--r-- | src/com/android/contacts/quickcontact/QuickContactActivity.java | 2 | ||||
| -rw-r--r-- | src/com/android/contacts/util/ImplicitIntentsUtil.java | 21 |
2 files changed, 2 insertions, 21 deletions
diff --git a/src/com/android/contacts/quickcontact/QuickContactActivity.java b/src/com/android/contacts/quickcontact/QuickContactActivity.java index 5da750242..a2d2b852c 100644 --- a/src/com/android/contacts/quickcontact/QuickContactActivity.java +++ b/src/com/android/contacts/quickcontact/QuickContactActivity.java @@ -927,7 +927,7 @@ public class QuickContactActivity extends ContactsActivity { final boolean deletedOrSplit = requestCode == REQUEST_CODE_CONTACT_EDITOR_ACTIVITY && (resultCode == ContactDeletionInteraction.RESULT_CODE_DELETED || resultCode == ContactEditorActivity.RESULT_CODE_SPLIT); - setResult(resultCode, data); + setResult(resultCode); if (deletedOrSplit) { finish(); } else if (requestCode == REQUEST_CODE_CONTACT_SELECTION_ACTIVITY && diff --git a/src/com/android/contacts/util/ImplicitIntentsUtil.java b/src/com/android/contacts/util/ImplicitIntentsUtil.java index 0d00519f2..a1ab896d0 100644 --- a/src/com/android/contacts/util/ImplicitIntentsUtil.java +++ b/src/com/android/contacts/util/ImplicitIntentsUtil.java @@ -102,29 +102,10 @@ public class ImplicitIntentsUtil { */ public static void startQuickContact(Activity activity, Uri contactLookupUri, int previousScreenType) { - startQuickContact(activity, contactLookupUri, previousScreenType, /* requestCode */ -1); - } - - /** - * Starts QuickContact for result with the default mode and specified previous screen type. - */ - public static void startQuickContactForResult(Activity activity, Uri contactLookupUri, - int previousScreenType, int requestCode) { - startQuickContact(activity, contactLookupUri, previousScreenType, requestCode); - } - - private static void startQuickContact(Activity activity, Uri contactLookupUri, - int previousScreenType, int requestCode) { final Intent intent = ImplicitIntentsUtil.composeQuickContactIntent( activity, contactLookupUri, previousScreenType); - // We only start "for result" if specifically requested. - if (requestCode >= 0) { - intent.setPackage(activity.getPackageName()); - activity.startActivityForResult(intent, requestCode); - } else { - startActivityInApp(activity, intent); - } + startActivityInApp(activity, intent); } /** |