diff options
author | David Zhao <qingxun@google.com> | 2022-09-21 18:25:17 -0700 |
---|---|---|
committer | David Zhao <qingxun@google.com> | 2022-10-03 13:20:26 -0700 |
commit | f43ec1dfbb2cf61e8f7db40dd9a14d64f62c0564 (patch) | |
tree | 2282d6e2f714936de37b1ce57157a807f951f218 /src | |
parent | 4418cb13d543d8cb1b7bdebfc1188ad75fa1934a (diff) | |
download | TV-f43ec1dfbb2cf61e8f7db40dd9a14d64f62c0564.tar.gz |
Prevent creation of app links to protected activities
Change-Id: Ic22cfe8b2f75609d6cdd6ebed1ddba0961bfe30b
Bug: 239416490
Test: Cuttlefish
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/tv/data/ChannelImpl.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/com/android/tv/data/ChannelImpl.java b/src/com/android/tv/data/ChannelImpl.java index f31290d0..5be1179d 100644 --- a/src/com/android/tv/data/ChannelImpl.java +++ b/src/com/android/tv/data/ChannelImpl.java @@ -18,6 +18,7 @@ package com.android.tv.data; import android.content.Context; import android.content.Intent; +import android.content.pm.ActivityInfo; import android.content.pm.PackageManager; import android.database.Cursor; import android.media.tv.TvContract; @@ -673,7 +674,18 @@ public final class ChannelImpl implements Channel { if (!TextUtils.isEmpty(mAppLinkText) && !TextUtils.isEmpty(mAppLinkIntentUri)) { try { Intent intent = Intent.parseUri(mAppLinkIntentUri, Intent.URI_INTENT_SCHEME); - if (intent.resolveActivityInfo(pm, 0) != null) { + ActivityInfo activityInfo = intent.resolveActivityInfo(pm, 0); + if (activityInfo != null) { + String packageName = activityInfo.packageName; + // Prevent creation of App Links to private activities in this package + boolean isProtectedActivity = packageName != null + && (packageName.equals(CommonConstants.BASE_PACKAGE) + || packageName.startsWith(CommonConstants.BASE_PACKAGE + ".")); + if (isProtectedActivity) { + Log.w(TAG,"Attempt to add app link to protected activity: " + + mAppLinkIntentUri); + return; + } mAppLinkIntent = intent; mAppLinkIntent.putExtra( CommonConstants.EXTRA_APP_LINK_CHANNEL_URI, getUri().toString()); |