diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2022-05-05 18:22:03 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-05-05 18:22:03 +0000 |
commit | 53337a76c8b5854ba61c11080abf36720f4a851f (patch) | |
tree | c35786a313ea3f016745ee2cb8ac9548240d722f | |
parent | 60a37d1b3976918b08de2d1d94584e2516e188aa (diff) | |
parent | 18d426feae6479851c921d5cfe74ee04120307a2 (diff) | |
download | TvSettings-53337a76c8b5854ba61c11080abf36720f4a851f.tar.gz |
Merge "[PATCH]Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment" into tm-dev
-rw-r--r-- | Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java b/Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java index 5aa891de1..fb3556a3d 100644 --- a/Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java +++ b/Settings/src/com/android/tv/settings/users/AppRestrictionsFragment.java @@ -41,6 +41,7 @@ import android.os.Bundle; import android.os.RemoteException; import android.os.UserHandle; import android.os.UserManager; +import android.util.EventLog; import android.text.TextUtils; import android.util.Log; import android.view.View; @@ -558,14 +559,14 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen if (intent.getPackage() != null && intent.getPackage().equals(packageName)) { return; } - // Activity can be started if intent resolves to multiple activities - List<ResolveInfo> resolveInfos = AppRestrictionsFragment.this.mPackageManager - .queryIntentActivities(intent, 0 /* no flags */); - if (resolveInfos.size() != 1) { - return; + ResolveInfo resolveInfo = mPackageManager.resolveActivity( + intent, PackageManager.MATCH_DEFAULT_ONLY); + + if (resolveInfo == null) { + throw new ActivityNotFoundException("No result for resolving " + intent); } // Prevent potential privilege escalation - ActivityInfo activityInfo = resolveInfos.get(0).activityInfo; + ActivityInfo activityInfo = resolveInfo.activityInfo; if (!packageName.equals(activityInfo.packageName)) { throw new SecurityException("Application " + packageName + " is not allowed to start activity " + intent); @@ -595,8 +596,16 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen } return true; } else if (preference.getIntent() != null) { - assertSafeToStartCustomActivity(preference.getIntent(), + + try { + assertSafeToStartCustomActivity(preference.getIntent(), getPackageFromKey(preference.getKey())); + } catch (ActivityNotFoundException | SecurityException e) { + // return without startActivity + Log.e(TAG, "Cannot start restrictionsIntent " + e); + EventLog.writeEvent(0x534e4554, "200688991", -1 /* UID */, ""); + return true; + } try { startActivityForResult(preference.getIntent(), generateCustomActivityRequestCode(preference)); |