Merge tag 'android-security-13.0.0_r23' into staging/lineage-20.0_android-security-13.0.0_r23
Android security 13.0.0 release 23
* tag 'android-security-13.0.0_r23':
Checks cross user permission before handling intent
startActivityForResult with new Intent
RESTRICT AUTOMERGE Stops hiding a11y services with the same package+label as an activity.
Change-Id: I8346e3a6a0862419b89b569cb36aa6479a303963
diff --git a/src/com/android/settings/accessibility/AccessibilitySettings.java b/src/com/android/settings/accessibility/AccessibilitySettings.java
index ef7c2ba..093f644 100644
--- a/src/com/android/settings/accessibility/AccessibilitySettings.java
+++ b/src/com/android/settings/accessibility/AccessibilitySettings.java
@@ -22,7 +22,6 @@
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.ActivityInfo;
-import android.content.pm.ServiceInfo;
import android.os.Bundle;
import android.os.Handler;
import android.os.UserHandle;
@@ -389,17 +388,11 @@
final List<AccessibilityShortcutInfo> installedShortcutList =
a11yManager.getInstalledAccessibilityShortcutListAsUser(context,
UserHandle.myUserId());
-
- // Remove duplicate item here, new a ArrayList to copy unmodifiable list result
- // (getInstalledAccessibilityServiceList).
final List<AccessibilityServiceInfo> installedServiceList = new ArrayList<>(
a11yManager.getInstalledAccessibilityServiceList());
- installedServiceList.removeIf(
- target -> containsTargetNameInList(installedShortcutList, target));
final List<RestrictedPreference> activityList =
preferenceHelper.createAccessibilityActivityPreferenceList(installedShortcutList);
-
final List<RestrictedPreference> serviceList =
preferenceHelper.createAccessibilityServicePreferenceList(installedServiceList);
@@ -410,24 +403,6 @@
return preferenceList;
}
- private boolean containsTargetNameInList(List<AccessibilityShortcutInfo> shortcutInfos,
- AccessibilityServiceInfo targetServiceInfo) {
- final ServiceInfo serviceInfo = targetServiceInfo.getResolveInfo().serviceInfo;
- final String servicePackageName = serviceInfo.packageName;
- final CharSequence serviceLabel = serviceInfo.loadLabel(getPackageManager());
-
- for (int i = 0, count = shortcutInfos.size(); i < count; ++i) {
- final ActivityInfo activityInfo = shortcutInfos.get(i).getActivityInfo();
- final String activityPackageName = activityInfo.packageName;
- final CharSequence activityLabel = activityInfo.loadLabel(getPackageManager());
- if (servicePackageName.equals(activityPackageName)
- && serviceLabel.equals(activityLabel)) {
- return true;
- }
- }
- return false;
- }
-
private void initializePreBundledServicesMapFromArray(String categoryKey, int key) {
String[] services = getResources().getStringArray(key);
PreferenceCategory category = mCategoryToPrefCategoryMap.get(categoryKey);
diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
index 0f21097..3e91d2d7 100644
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,6 +18,7 @@
import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+import android.Manifest;
import android.app.Activity;
import android.app.Dialog;
import android.app.admin.DevicePolicyManager;
@@ -38,6 +39,7 @@
import android.text.TextUtils;
import android.util.Log;
+import androidx.annotation.VisibleForTesting;
import androidx.appcompat.app.AlertDialog;
import androidx.fragment.app.DialogFragment;
import androidx.fragment.app.Fragment;
@@ -134,8 +136,13 @@
}
}
if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
- mUserId = ((UserHandle) intent.getParcelableExtra(
- Intent.EXTRA_USER_HANDLE)).getIdentifier();
+ mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+ .getIdentifier();
+ if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPermission()) {
+ Log.w(TAG, "Intent not valid.");
+ finish();
+ return "";
+ }
} else {
mUserId = UserHandle.myUserId();
}
@@ -158,6 +165,28 @@
return mPackageName;
}
+ @VisibleForTesting
+ protected boolean hasInteractAcrossUsersPermission() {
+ Activity activity = getActivity();
+ if (!(activity instanceof SettingsActivity)) {
+ return false;
+ }
+ final String callingPackageName =
+ ((SettingsActivity) activity).getInitialCallingPackage();
+
+ if (TextUtils.isEmpty(callingPackageName)) {
+ Log.w(TAG, "Not able to get calling package name for permission check");
+ return false;
+ }
+ if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+ != PackageManager.PERMISSION_GRANTED) {
+ Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+ + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ return false;
+ }
+ return true;
+ }
+
protected void setIntentAndFinish(boolean appChanged) {
Log.i(TAG, "appChanged=" + appChanged);
Intent intent = new Intent();
diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java
index db7612f..0676ec8 100644
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -655,7 +655,7 @@
int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult(
- restrictionsIntent, requestCode);
+ new Intent(restrictionsIntent), requestCode);
}
}
}