mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-15 10:54:27 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
139 lines
6.4 KiB
Diff
139 lines
6.4 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Ashish Kumar <akgaurav@google.com>
|
|
Date: Fri, 26 May 2023 14:18:46 +0000
|
|
Subject: [PATCH] RESTRICT AUTOMERGE Fixed leak of cross user data in multiple
|
|
settings.
|
|
|
|
- Any app is allowed to receive GET_CONTENT intent. Using this, an user puts back in the intent an uri with data of another user.
|
|
- Telephony service has INTERACT_ACROSS_USER permission. Using this, it reads and shows the deta to the evil user.
|
|
|
|
Fix: When telephony service gets the intent result, it checks if the uri is from the current user or not.
|
|
|
|
Bug: b/256591023 , b/256819787
|
|
|
|
Test: The malicious behaviour was not being reproduced. Unable to import contact from other users data.
|
|
Test2: Able to import contact from the primary user or uri with no user id
|
|
(These settings are not available for secondary users)
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36e10a6d0d7b9efc543f8004729fa85751f4f70d)
|
|
Merged-In: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
|
|
Change-Id: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
|
|
---
|
|
.../android/phone/GsmUmtsCallForwardOptions.java | 12 ++++++++++++
|
|
.../phone/settings/VoicemailSettingsActivity.java | 14 ++++++++++++++
|
|
.../phone/settings/fdn/EditFdnContactScreen.java | 13 +++++++++++++
|
|
3 files changed, 39 insertions(+)
|
|
|
|
diff --git a/src/com/android/phone/GsmUmtsCallForwardOptions.java b/src/com/android/phone/GsmUmtsCallForwardOptions.java
|
|
index 77cc6cca6..aa1c797d4 100644
|
|
--- a/src/com/android/phone/GsmUmtsCallForwardOptions.java
|
|
+++ b/src/com/android/phone/GsmUmtsCallForwardOptions.java
|
|
@@ -5,9 +5,12 @@ import com.android.internal.telephony.CommandsInterface;
|
|
import com.android.internal.telephony.Phone;
|
|
|
|
import android.app.ActionBar;
|
|
+import android.content.ContentProvider;
|
|
import android.content.Intent;
|
|
import android.database.Cursor;
|
|
import android.os.Bundle;
|
|
+import android.os.Process;
|
|
+import android.os.UserHandle;
|
|
import android.preference.Preference;
|
|
import android.preference.PreferenceScreen;
|
|
import android.telephony.CarrierConfigManager;
|
|
@@ -156,6 +159,15 @@ public class GsmUmtsCallForwardOptions extends TimeConsumingPreferenceActivity {
|
|
}
|
|
Cursor cursor = null;
|
|
try {
|
|
+ // check if the URI returned by the user belongs to the user
|
|
+ final int currentUser = UserHandle.getUserId(Process.myUid());
|
|
+ if (currentUser
|
|
+ != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
|
|
+
|
|
+ Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
|
|
+ + "cannot access");
|
|
+ return;
|
|
+ }
|
|
cursor = getContentResolver().query(data.getData(),
|
|
NUM_PROJECTION, null, null, null);
|
|
if ((cursor == null) || (!cursor.moveToFirst())) {
|
|
diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java
|
|
index 0f58d195b..af9a746ed 100644
|
|
--- a/src/com/android/phone/settings/VoicemailSettingsActivity.java
|
|
+++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java
|
|
@@ -17,6 +17,7 @@
|
|
package com.android.phone.settings;
|
|
|
|
import android.app.Dialog;
|
|
+import android.content.ContentProvider;
|
|
import android.content.DialogInterface;
|
|
import android.content.Intent;
|
|
import android.database.Cursor;
|
|
@@ -25,6 +26,8 @@ import android.os.Bundle;
|
|
import android.os.Handler;
|
|
import android.os.Message;
|
|
import android.os.PersistableBundle;
|
|
+import android.os.Process;
|
|
+import android.os.UserHandle;
|
|
import android.os.UserManager;
|
|
import android.preference.Preference;
|
|
import android.preference.PreferenceActivity;
|
|
@@ -522,6 +525,17 @@ public class VoicemailSettingsActivity extends PreferenceActivity
|
|
|
|
Cursor cursor = null;
|
|
try {
|
|
+ // check if the URI returned by the user belongs to the user
|
|
+ final int currentUser = UserHandle.getUserId(Process.myUid());
|
|
+ if (currentUser
|
|
+ != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
|
|
+
|
|
+ if (DBG) {
|
|
+ log("onActivityResult: Contact data of different user, "
|
|
+ + "cannot access");
|
|
+ }
|
|
+ return;
|
|
+ }
|
|
cursor = getContentResolver().query(data.getData(),
|
|
new String[] { CommonDataKinds.Phone.NUMBER }, null, null, null);
|
|
if ((cursor == null) || (!cursor.moveToFirst())) {
|
|
diff --git a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
|
|
index 921e947e4..e733e82bb 100644
|
|
--- a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
|
|
+++ b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
|
|
@@ -18,9 +18,12 @@ package com.android.phone.settings.fdn;
|
|
|
|
import static android.view.Window.PROGRESS_VISIBILITY_OFF;
|
|
import static android.view.Window.PROGRESS_VISIBILITY_ON;
|
|
+import static android.app.Activity.RESULT_OK;
|
|
+
|
|
|
|
import android.app.Activity;
|
|
import android.content.AsyncQueryHandler;
|
|
+import android.content.ContentProvider;
|
|
import android.content.ContentResolver;
|
|
import android.content.ContentValues;
|
|
import android.content.Intent;
|
|
@@ -29,6 +32,8 @@ import android.database.Cursor;
|
|
import android.net.Uri;
|
|
import android.os.Bundle;
|
|
import android.os.Handler;
|
|
+import android.os.Process;
|
|
+import android.os.UserHandle;
|
|
import android.provider.Contacts.PeopleColumns;
|
|
import android.provider.Contacts.PhonesColumns;
|
|
import android.provider.ContactsContract.CommonDataKinds;
|
|
@@ -154,6 +159,14 @@ public class EditFdnContactScreen extends Activity {
|
|
}
|
|
Cursor cursor = null;
|
|
try {
|
|
+ // check if the URI returned by the user belongs to the user
|
|
+ final int currentUser = UserHandle.getUserId(Process.myUid());
|
|
+ if (currentUser
|
|
+ != ContentProvider.getUserIdFromUri(intent.getData(), currentUser)) {
|
|
+ Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
|
|
+ + "cannot access");
|
|
+ return;
|
|
+ }
|
|
cursor = getContentResolver().query(intent.getData(),
|
|
NUM_PROJECTION, null, null, null);
|
|
if ((cursor == null) || (!cursor.moveToFirst())) {
|