40 lines
1.9 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Edgar Wang <edgarwang@google.com>
Date: Wed, 6 Apr 2022 17:30:27 +0800
Subject: [PATCH] Fix LaunchAnyWhere in AppRestrictionsFragment
If the intent's package equals to the app's package, this intent
will be allowed to startActivityForResult.
But this check is unsafe, because if the component of this intent
is set, the package field will just be ignored. So if we set the
component to any activity we like and set package to the app's
package, it will pass the assertSafeToStartCustomActivity check
and now we can launch anywhere.
Bug: 223578534
Test: robotest and manual verify
Change-Id: I40496105bae313fe5cff2a36dfe329c1e2b5bbe4
(cherry picked from commit 90e095dbe372f29823ad4788c0cc2d781ae3bb24)
(cherry picked from commit b3eecdd13d9f3d9fde99e9881c9e451ff199f7ad)
Merged-In: I40496105bae313fe5cff2a36dfe329c1e2b5bbe4
---
src/com/android/settings/users/AppRestrictionsFragment.java | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java
index 10d714401e..bf0f3da8d0 100644
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -654,10 +654,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
}
private void assertSafeToStartCustomActivity(Intent intent) {
- // Activity can be started if it belongs to the same app
- if (intent.getPackage() != null && intent.getPackage().equals(packageName)) {
- return;
- }
+ EventLog.writeEvent(0x534e4554, "223578534", -1 /* UID */, "");
ResolveInfo resolveInfo = mPackageManager.resolveActivity(
intent, PackageManager.MATCH_DEFAULT_ONLY);