[SP 2025-09-01] Drop PendingIntent extras from external packages during enrollment.

Bug: 388528350 Flag: EXEMPT bugfix Test: atest FingerprintEnrollIntroductionTest FaceEnrollIntroductionTest Change-Id: I61281dcf95e53100a96d6a218f3f00fd1b4ea3f9 (cherry picked from commit 4ccdeee849d5fef78498ba33cadc525523efcbd7)
author: Joe Bolinger <jbolinger@google.com> 2025-04-05 02:30:30 +0000
committer: Kampalus <kampalus@protonmail.ch> 2025-09-18 11:29:39 +0200
commit: 260bd4a8281de300262f4b10beab5a5c03135cc1 (patch)
tree: 2faec33b19e1a7be86d9bcb473ed3f3f979f698f
parent: eac395698f82c60c99d3dcf572a4c08f90d50155 (diff)
3 files changed, 64 insertions, 2 deletions
diff --git a/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java b/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java
index 127ad6231a7..ddfadaf048f 100644
--- a/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java
+++ b/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java
@@ -50,6 +50,8 @@ import com.google.android.setupdesign.span.LinkSpan;
 import com.google.android.setupdesign.template.RequireScrollMixin;
 import com.google.android.setupdesign.util.DynamicColorPalette;
 
+import java.util.List;
+
 /**
  * Abstract base class for the intro onboarding activity for biometric enrollment.
  */
@@ -250,6 +252,19 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
     }
 
     @Override
+    protected void onStart() {
+        super.onStart();
+
+        if (!getPackageName().equals(getCallingPackage())) {
+            for (String key : List.of(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL,
+                    MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE,
+                    MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT)) {
+                getIntent().removeExtra(key);
+            }
+        }
+    }
+
+    @Override
     protected void onResume() {
         super.onResume();
 
@@ -497,14 +512,15 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
         getIntent().removeExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT);
     }
 
-    protected void removeEnrollNextBiometricIfSkipEnroll(@Nullable Intent data) {
+    private void removeEnrollNextBiometricIfSkipEnroll(@Nullable Intent data) {
         if (data != null
                 && data.getBooleanExtra(
                         MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL, false)) {
             removeEnrollNextBiometric();
         }
     }
-    protected void handleBiometricResultSkipOrFinished(int resultCode, @Nullable Intent data) {
+
+    private void handleBiometricResultSkipOrFinished(int resultCode, @Nullable Intent data) {
         removeEnrollNextBiometricIfSkipEnroll(data);
         if (resultCode == RESULT_SKIP) {
             onEnrollmentSkipped(data);
diff --git a/tests/robotests/src/com/android/settings/biometrics/face/FaceEnrollIntroductionTest.java b/tests/robotests/src/com/android/settings/biometrics/face/FaceEnrollIntroductionTest.java
index 81a72694592..984073f19b5 100644
--- a/tests/robotests/src/com/android/settings/biometrics/face/FaceEnrollIntroductionTest.java
+++ b/tests/robotests/src/com/android/settings/biometrics/face/FaceEnrollIntroductionTest.java
@@ -32,11 +32,13 @@ import static com.google.common.truth.Truth.assertWithMessage;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import android.app.Activity;
+import android.app.PendingIntent;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
@@ -64,6 +66,7 @@ import com.android.settings.R;
 import com.android.settings.Settings;
 import com.android.settings.biometrics.BiometricEnrollBase;
 import com.android.settings.biometrics.BiometricUtils;
+import com.android.settings.biometrics.MultiBiometricEnrollHelper;
 import com.android.settings.password.ChooseLockSettingsHelper;
 import com.android.settings.testutils.FakeFeatureFactory;
 import com.android.settings.testutils.shadow.SettingsShadowResources;
@@ -206,6 +209,12 @@ public class FaceEnrollIntroductionTest {
         testIntent.putExtra(BiometricUtils.EXTRA_ENROLL_REASON,
                 FaceEnrollOptions.ENROLL_REASON_SETTINGS);
 
+        testIntent.putExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE,
+                mock(PendingIntent.class));
+        testIntent.putExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT,
+                mock(PendingIntent.class));
+        testIntent.putExtra(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL, false);
+
         when(mFakeFeatureFactory.mFaceFeatureProvider.getPostureGuidanceIntent(any())).thenReturn(
                 null /* Simulate no posture intent */);
         mContext = spy(ApplicationProvider.getApplicationContext());
@@ -690,4 +699,16 @@ public class FaceEnrollIntroductionTest {
                 .isEqualTo(FaceEnrollOptions.ENROLL_REASON_SETTINGS);
     }
 
+    @Test
+    public void drops_pendingIntents() {
+        setupActivity();
+
+        mController.start();
+        Shadows.shadowOf(Looper.getMainLooper()).idle();
+
+        final Intent intent = mActivity.getIntent();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL)).isFalse();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE)).isFalse();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT)).isFalse();
+    }
 }
diff --git a/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollIntroductionTest.java b/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollIntroductionTest.java
index edd50a6e6f6..24fb7165fd0 100644
--- a/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollIntroductionTest.java
+++ b/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollIntroductionTest.java
@@ -34,6 +34,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.when;
 
+import android.app.PendingIntent;
 import android.content.Context;
 import android.content.Intent;
 import android.content.res.Resources;
@@ -44,6 +45,7 @@ import android.hardware.fingerprint.FingerprintEnrollOptions;
 import android.hardware.fingerprint.FingerprintManager;
 import android.hardware.fingerprint.FingerprintSensorProperties;
 import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
+import android.os.Looper;
 import android.os.UserManager;
 import android.view.View;
 
@@ -55,6 +57,7 @@ import com.android.internal.widget.VerifyCredentialResponse;
 import com.android.settings.R;
 import com.android.settings.biometrics.BiometricUtils;
 import com.android.settings.biometrics.GatekeeperPasswordProvider;
+import com.android.settings.biometrics.MultiBiometricEnrollHelper;
 
 import com.google.android.setupcompat.util.WizardManagerHelper;
 import com.google.android.setupdesign.GlifLayout;
@@ -70,6 +73,7 @@ import org.mockito.stubbing.Answer;
 import org.robolectric.Robolectric;
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.RuntimeEnvironment;
+import org.robolectric.Shadows;
 import org.robolectric.android.controller.ActivityController;
 
 import java.util.ArrayList;
@@ -353,7 +357,19 @@ public class FingerprintEnrollIntroductionTest {
                 false);
         Assert.assertEquals(View.INVISIBLE,
                 mFingerprintEnrollIntroduction.getSecondaryFooterButton().getVisibility());
+    }
+
+    @Test
+    public void drops_pendingIntents() {
+        setupFingerprintEnrollIntroWith(newExternalPendingIntent());
+
+        mController.start();
+        Shadows.shadowOf(Looper.getMainLooper()).idle();
 
+        final Intent intent = mFingerprintEnrollIntroduction.getIntent();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL)).isFalse();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE)).isFalse();
+        assertThat(intent.hasExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT)).isFalse();
     }
 
     private Intent newTokenOnlyIntent() {
@@ -383,6 +399,15 @@ public class FingerprintEnrollIntroductionTest {
                 .putExtra(EXTRA_KEY_GK_PW_HANDLE, 1L);
     }
 
+    private Intent newExternalPendingIntent() {
+        return newTokenOnlyIntent()
+                .putExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FACE,
+                        mock(PendingIntent.class))
+                .putExtra(MultiBiometricEnrollHelper.EXTRA_ENROLL_AFTER_FINGERPRINT,
+                        mock(PendingIntent.class))
+                .putExtra(MultiBiometricEnrollHelper.EXTRA_SKIP_PENDING_ENROLL, false);
+    }
+
     private VerifyCredentialResponse newGoodCredential(long gkPwHandle, @NonNull byte[] hat) {
         return new VerifyCredentialResponse.Builder()
                 .setGatekeeperPasswordHandle(gkPwHandle)
author	Joe Bolinger <jbolinger@google.com>	2025-04-05 02:30:30 +0000
committer	Kampalus <kampalus@protonmail.ch>	2025-09-18 11:29:39 +0200
commit	260bd4a8281de300262f4b10beab5a5c03135cc1 (patch)
tree	2faec33b19e1a7be86d9bcb473ed3f3f979f698f
parent	eac395698f82c60c99d3dcf572a4c08f90d50155 (diff)