diff options
| author | 2025-04-16 11:22:07 -0700 | |
|---|---|---|
| committer | 2025-09-18 11:25:08 +0200 | |
| commit | 71c4109dce834f1b30442aeef14302c86f87007f (patch) | |
| tree | deefe5e3e865214c4f7706cd0e39fe7f0c8f2eb7 | |
| parent | 0fb38ed81e9b49d5da4be8f50d9d69865c1192e8 (diff) | |
[SP 2025-09-01] Add ComponentName explicitly to make sure arbitary intents aren't launched from Settings.
Bug: 378902342
Flag: EXEMPT security fix
Change-Id: I0e67f1258cb427c5b998e40a8a0c104af3ead042
(cherry picked from commit 6a896b6b26d445800773e1b4649895bea17eac1f)
| -rw-r--r-- | src/com/android/settings/accounts/AccountTypePreferenceLoader.java | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java index 71c71346adb..8ca74c85dd8 100644 --- a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java +++ b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java @@ -265,7 +265,14 @@ public class AccountTypePreferenceLoader { try { // Allows to launch only authenticator owned activities. ApplicationInfo authenticatorAppInf = pm.getApplicationInfo(authDesc.packageName, 0); - return resolvedAppInfo.uid == authenticatorAppInf.uid; + if (resolvedAppInfo.uid == authenticatorAppInf.uid) { + // Explicitly set the component to be same as authenticator to + // prevent launching arbitrary activities. + intent.setComponent(resolvedActivityInfo.getComponentName()); + return true; + } else { + return false; + } } catch (NameNotFoundException e) { Log.e(TAG, "Intent considered unsafe due to exception.", |