Merge tag 'android-security-13.0.0_r21' into staging/lineage-20.0_android-security-13.0.0_r21
Android security 13.0.0 release 21
* tag 'android-security-13.0.0_r21':
Replace getCallingActivity() with getLaunchedFromPackage()
RESTRICT AUTOMERGE Restrict Settings Homepage prior to provisioning
Ignore fragment attr from ext authenticator resource
Limit wifi item edit content's max length to 500
Change-Id: I8cb8676680dab4b03fadc4053452cda93f2dbf46
diff --git a/res/values/styles.xml b/res/values/styles.xml
index d270da1..fe18170 100644
--- a/res/values/styles.xml
+++ b/res/values/styles.xml
@@ -148,6 +148,7 @@
<item name="android:textAppearance">@android:style/TextAppearance.DeviceDefault.Medium</item>
<item name="android:textColorHint">?android:attr/textColorSecondary</item>
<item name="android:minHeight">@dimen/min_tap_target_size</item>
+ <item name="android:maxLength">500</item>
</style>
<style name="wifi_section">
diff --git a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
index f1b5be1..16519af 100644
--- a/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
+++ b/src/com/android/settings/accounts/AccountTypePreferenceLoader.java
@@ -33,6 +33,10 @@
import android.text.TextUtils;
import android.util.Log;
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.annotation.VisibleForTesting;
+import androidx.collection.ArraySet;
import androidx.preference.Preference;
import androidx.preference.Preference.OnPreferenceClickListener;
import androidx.preference.PreferenceFragmentCompat;
@@ -46,6 +50,8 @@
import com.android.settingslib.accounts.AuthenticatorHelper;
import com.android.settingslib.core.instrumentation.Instrumentable;
+import java.util.Set;
+
/**
* Class to load the preference screen to be added to the settings page for the specific account
* type as specified in the account-authenticator.
@@ -83,6 +89,7 @@
try {
desc = mAuthenticatorHelper.getAccountTypeDescription(accountType);
if (desc != null && desc.accountPreferencesId != 0) {
+ Set<String> fragmentAllowList = generateFragmentAllowlist(parent);
// Load the context of the target package, then apply the
// base Settings theme (no references to local resources)
// and create a context theme wrapper so that we get the
@@ -98,6 +105,12 @@
themedCtx.getTheme().setTo(baseTheme);
prefs = mFragment.getPreferenceManager().inflateFromResource(themedCtx,
desc.accountPreferencesId, parent);
+ // Ignore Fragments provided dynamically, as these are coming from external
+ // applications which must not have access to internal Settings' fragments.
+ // These preferences are rendered into Settings, so they also won't have access
+ // to their own Fragments, meaning there is no acceptable usage of
+ // android:fragment here.
+ filterBlockedFragments(prefs, fragmentAllowList);
}
} catch (PackageManager.NameNotFoundException e) {
Log.w(TAG, "Couldn't load preferences.xml file from " + desc.packageName);
@@ -185,6 +198,48 @@
}
}
+ // Build allowlist from existing Fragments in PreferenceGroup
+ @VisibleForTesting
+ Set<String> generateFragmentAllowlist(@Nullable PreferenceGroup prefs) {
+ Set<String> fragmentAllowList = new ArraySet<>();
+ if (prefs == null) {
+ return fragmentAllowList;
+ }
+
+ for (int i = 0; i < prefs.getPreferenceCount(); i++) {
+ Preference pref = prefs.getPreference(i);
+ if (pref instanceof PreferenceGroup) {
+ fragmentAllowList.addAll(generateFragmentAllowlist((PreferenceGroup) pref));
+ }
+
+ String fragmentName = pref.getFragment();
+ if (!TextUtils.isEmpty(fragmentName)) {
+ fragmentAllowList.add(fragmentName);
+ }
+ }
+ return fragmentAllowList;
+ }
+
+ // Block clicks on any Preference with android:fragment that is not contained in the allowlist
+ @VisibleForTesting
+ void filterBlockedFragments(@Nullable PreferenceGroup prefs,
+ @NonNull Set<String> allowedFragments) {
+ if (prefs == null) {
+ return;
+ }
+ for (int i = 0; i < prefs.getPreferenceCount(); i++) {
+ Preference pref = prefs.getPreference(i);
+ if (pref instanceof PreferenceGroup) {
+ filterBlockedFragments((PreferenceGroup) pref, allowedFragments);
+ }
+
+ String fragmentName = pref.getFragment();
+ if (fragmentName != null && !allowedFragments.contains(fragmentName)) {
+ pref.setOnPreferenceClickListener(preference -> true);
+ }
+ }
+ }
+
/**
* Determines if the supplied Intent is safe. A safe intent is one that is
* will launch a exported=true activity or owned by the same uid as the
diff --git a/src/com/android/settings/homepage/SettingsHomepageActivity.java b/src/com/android/settings/homepage/SettingsHomepageActivity.java
index 60252fa..98c743a 100644
--- a/src/com/android/settings/homepage/SettingsHomepageActivity.java
+++ b/src/com/android/settings/homepage/SettingsHomepageActivity.java
@@ -175,6 +175,16 @@
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
+ // Ensure device is provisioned in order to access Settings home
+ // TODO(b/331254029): This should later be replaced in favor of an allowlist
+ boolean unprovisioned = android.provider.Settings.Global.getInt(getContentResolver(),
+ android.provider.Settings.Global.DEVICE_PROVISIONED, 0) == 0;
+ if (unprovisioned) {
+ Log.e(TAG, "Device is not provisioned, exiting Settings");
+ finish();
+ return;
+ }
+
mIsEmbeddingActivityEnabled = ActivityEmbeddingUtils.isEmbeddingActivityEnabled(this);
if (mIsEmbeddingActivityEnabled) {
final UserManager um = getSystemService(UserManager.class);
diff --git a/src/com/android/settings/search/SearchFeatureProvider.java b/src/com/android/settings/search/SearchFeatureProvider.java
index b14a4d7..2fbaafd 100644
--- a/src/com/android/settings/search/SearchFeatureProvider.java
+++ b/src/com/android/settings/search/SearchFeatureProvider.java
@@ -56,7 +56,7 @@
* @throws IllegalArgumentException when caller is null
* @throws SecurityException when caller is not allowed to launch search result page
*/
- void verifyLaunchSearchResultPageCaller(Context context, @NonNull ComponentName caller)
+ void verifyLaunchSearchResultPageCaller(@NonNull Context context, @NonNull String callerPackage)
throws SecurityException, IllegalArgumentException;
/**
diff --git a/src/com/android/settings/search/SearchFeatureProviderImpl.java b/src/com/android/settings/search/SearchFeatureProviderImpl.java
index 6f90970..3a62ddf 100644
--- a/src/com/android/settings/search/SearchFeatureProviderImpl.java
+++ b/src/com/android/settings/search/SearchFeatureProviderImpl.java
@@ -17,13 +17,14 @@
package com.android.settings.search;
-import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.provider.Settings;
import android.text.TextUtils;
+import androidx.annotation.NonNull;
+
import com.android.settingslib.search.SearchIndexableResources;
import com.android.settingslib.search.SearchIndexableResourcesMobile;
@@ -32,21 +33,18 @@
*/
public class SearchFeatureProviderImpl implements SearchFeatureProvider {
- private static final String TAG = "SearchFeatureProvider";
-
private SearchIndexableResources mSearchIndexableResources;
@Override
- public void verifyLaunchSearchResultPageCaller(Context context, ComponentName caller) {
- if (caller == null) {
+ public void verifyLaunchSearchResultPageCaller(@NonNull Context context,
+ @NonNull String callerPackage) {
+ if (TextUtils.isEmpty(callerPackage)) {
throw new IllegalArgumentException("ExternalSettingsTrampoline intents "
+ "must be called with startActivityForResult");
}
- final String packageName = caller.getPackageName();
- final boolean isSettingsPackage = TextUtils.equals(packageName, context.getPackageName())
- || TextUtils.equals(getSettingsIntelligencePkgName(context), packageName);
- final boolean isAllowlistedPackage =
- isSignatureAllowlisted(context, caller.getPackageName());
+ final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName())
+ || TextUtils.equals(getSettingsIntelligencePkgName(context), callerPackage);
+ final boolean isAllowlistedPackage = isSignatureAllowlisted(context, callerPackage);
if (isSettingsPackage || isAllowlistedPackage) {
return;
}
diff --git a/src/com/android/settings/search/SearchResultTrampoline.java b/src/com/android/settings/search/SearchResultTrampoline.java
index 5e71029..2c6fd67 100644
--- a/src/com/android/settings/search/SearchResultTrampoline.java
+++ b/src/com/android/settings/search/SearchResultTrampoline.java
@@ -20,7 +20,6 @@
import static com.android.settings.SettingsActivity.EXTRA_SHOW_FRAGMENT_TAB;
import android.app.Activity;
-import android.content.ComponentName;
import android.content.Intent;
import android.os.Bundle;
import android.provider.Settings;
@@ -51,11 +50,11 @@
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
- final ComponentName callingActivity = getCallingActivity();
+ final String callerPackage = getLaunchedFromPackage();
// First make sure caller has privilege to launch a search result page.
FeatureFactory.getFactory(this)
.getSearchFeatureProvider()
- .verifyLaunchSearchResultPageCaller(this, callingActivity);
+ .verifyLaunchSearchResultPageCaller(this, callerPackage);
// Didn't crash, proceed and launch the result as a subsetting.
Intent intent = getIntent();
final String highlightMenuKey = intent.getStringExtra(
@@ -99,7 +98,7 @@
if (!ActivityEmbeddingUtils.isEmbeddingActivityEnabled(this)) {
startActivity(intent);
- } else if (isSettingsIntelligence(callingActivity)) {
+ } else if (isSettingsIntelligence(callerPackage)) {
if (FeatureFlagUtils.isEnabled(this, FeatureFlags.SETTINGS_SEARCH_ALWAYS_EXPAND)) {
startActivity(SettingsActivity.getTrampolineIntent(intent, highlightMenuKey)
.setClass(this, DeepLinkHomepageActivityInternal.class)
@@ -132,9 +131,9 @@
finish();
}
- private boolean isSettingsIntelligence(ComponentName callingActivity) {
- return callingActivity != null && TextUtils.equals(
- callingActivity.getPackageName(),
+ private boolean isSettingsIntelligence(String callerPackage) {
+ return TextUtils.equals(
+ callerPackage,
FeatureFactory.getFactory(this).getSearchFeatureProvider()
.getSettingsIntelligencePkgName(this));
}
diff --git a/tests/robotests/src/com/android/settings/search/SearchFeatureProviderImplTest.java b/tests/robotests/src/com/android/settings/search/SearchFeatureProviderImplTest.java
index f349600..8a7419b 100644
--- a/tests/robotests/src/com/android/settings/search/SearchFeatureProviderImplTest.java
+++ b/tests/robotests/src/com/android/settings/search/SearchFeatureProviderImplTest.java
@@ -20,7 +20,6 @@
import static com.google.common.truth.Truth.assertThat;
import android.app.settings.SettingsEnums;
-import android.content.ComponentName;
import android.content.Intent;
import android.content.pm.ActivityInfo;
import android.content.pm.ResolveInfo;
@@ -131,20 +130,22 @@
@Test(expected = SecurityException.class)
public void verifyLaunchSearchResultPageCaller_badCaller_shouldCrash() {
- final ComponentName cn = new ComponentName("pkg", "class");
- mProvider.verifyLaunchSearchResultPageCaller(mActivity, cn);
+ final String packageName = "pkg";
+
+ mProvider.verifyLaunchSearchResultPageCaller(mActivity, packageName);
}
@Test
public void verifyLaunchSearchResultPageCaller_settingsCaller_shouldNotCrash() {
- final ComponentName cn = new ComponentName(mActivity.getPackageName(), "class");
- mProvider.verifyLaunchSearchResultPageCaller(mActivity, cn);
+ final String packageName = mActivity.getPackageName();
+
+ mProvider.verifyLaunchSearchResultPageCaller(mActivity, packageName);
}
@Test
public void verifyLaunchSearchResultPageCaller_settingsIntelligenceCaller_shouldNotCrash() {
final String packageName = mProvider.getSettingsIntelligencePkgName(mActivity);
- final ComponentName cn = new ComponentName(packageName, "class");
- mProvider.verifyLaunchSearchResultPageCaller(mActivity, cn);
+
+ mProvider.verifyLaunchSearchResultPageCaller(mActivity, packageName);
}
}