From f291cb8c6b1e0c8554f4407e9b1e9be27e74058e Mon Sep 17 00:00:00 2001
From: Raman Tenneti <rtenneti@google.com>
Date: Mon, 13 May 2019 13:29:40 -0700
Subject: [PATCH] AOSP/Email - bug fix: do not allow composing message with
 hidden private data attachments.

Ported/merged thefollowing from CL
  https://critique.corp.google.com/#review/247540041

original file:
  java/com/google/android/apps/gmail/unifiedgmail/src/com/google/android/gm/ComposeActivityGmailExternal.java

aosp's version:
  src/com/android/email/activity/ComposeActivityEmailExternal.java

Change description from the above CL:
  "Switch intent filtering to be whitelist based rather than blacklist based.

   ComposeActivityGmailExternal should whitelist what extras we allow in.
   This is a very belated follow up to cl/235253805 where I wrote a quick fix
   as a blacklist based solution."

Bug: 127320867

Test: manual - Ran the following tests on Pixel phone. Tested the email UI.

$ make -j 40
  -rw-r--r-- 1 rtenneti primarygroup 6375626 May  5 19:49 out/target/product/marlin/system/product/app/Email/Email.apk

$ make UnifiedEmailTests -j
  -rw-r--r-- 1 rtenneti primarygroup 311703 May  5 20:04 out/target/product/marlin/testcases/UnifiedEmailTests/arm64/UnifiedEmailTests.apk

$ make EmailTests -j
  -rw-r--r-- 1 rtenneti primarygroup 365023 May 13 14:39 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk

$ adb install -r out/target/product/marlin/system/product/app/Email/Email.apk
$ adb install -r out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk
$ adb install -r out/target/product/marlin/testcases/UnifiedEmailTests/arm64/UnifiedEmailTests.apk

$ adb shell am instrument -w com.android.mail.emailtests
  Time: 3.519
  OK (157 tests)

Change-Id: I5f6541ceb79a1a1c598d0c8207e3cab98d1a8ac5
Merged-In: I5f6541ceb79a1a1c598d0c8207e3cab98d1a8ac5
(cherry picked from commit e81f6f92bbdd43f34aa25fc2b7605aeb887af2cc)
---
 .../ComposeActivityEmailExternal.java         | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/com/android/email/activity/ComposeActivityEmailExternal.java b/src/com/android/email/activity/ComposeActivityEmailExternal.java
index 455193bea..a5cbe9d3a 100644
--- a/src/com/android/email/activity/ComposeActivityEmailExternal.java
+++ b/src/com/android/email/activity/ComposeActivityEmailExternal.java
@@ -16,11 +16,21 @@
 
 package com.android.email.activity;
 
+import android.content.Intent;
+import android.os.Bundle;
+import com.android.mail.compose.ComposeActivity;
+
 /**
  * A subclass of {@link ComposeActivityEmail} which is exported for other Android packages to open.
  */
 public class ComposeActivityEmailExternal extends ComposeActivityEmail {
 
+  @Override
+  protected void onCreate(Bundle savedInstanceState) {
+    sanitizeIntent();
+    super.onCreate(savedInstanceState);
+  }
+
   /**
    * Only relevant when WebView Compose is enabled. Change this when WebView
    * Compose is enabled for Email.
@@ -29,4 +39,30 @@
   public boolean isExternal() {
       return false;
   }
+
+  /**
+   * Overrides the value of {@code #getIntent()} so any future callers will get a sanitized version
+   * of the intent.
+   */
+  // See b/114493057 for context.
+  private void sanitizeIntent() {
+    Intent sanitizedIntent = getIntent();
+    if (sanitizedIntent != null) {
+      Bundle originalExtras = sanitizedIntent.getExtras();
+      sanitizedIntent.replaceExtras(new Bundle());
+      copyStringExtraIfExists(ComposeActivity.EXTRA_SUBJECT, originalExtras, sanitizedIntent);
+      copyStringExtraIfExists(ComposeActivity.EXTRA_TO, originalExtras, sanitizedIntent);
+      copyStringExtraIfExists(ComposeActivity.EXTRA_CC, originalExtras, sanitizedIntent);
+      copyStringExtraIfExists(ComposeActivity.EXTRA_BCC, originalExtras, sanitizedIntent);
+      copyStringExtraIfExists(ComposeActivity.EXTRA_BODY, originalExtras, sanitizedIntent);
+      setIntent(sanitizedIntent);
+    }
+  }
+
+  private void copyStringExtraIfExists(
+      String extraKey, Bundle originalExtras, Intent sanitizedIntent) {
+    if (originalExtras.containsKey(extraKey)) {
+      sanitizedIntent.putExtra(extraKey, originalExtras.getString(extraKey));
+    }
+  }
 }