diff options
| author | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-10-10 22:42:09 +0200 |
|---|---|---|
| committer | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-10-11 13:01:38 +0200 |
| commit | ec26024820c5d8cb1d036f2b7fadcac3014c0bbd (patch) | |
| tree | 1ca8cf963daca28efe40b7077df6668d83327e1f | |
| parent | f892c44f02b2a78088d8f41577050d8027205402 (diff) | |
| parent | c55b407814d221ff6b392e335d98445b1fcd50ee (diff) | |
| download | android_packages_apps_Contacts-lineage-16.0.tar.gz android_packages_apps_Contacts-lineage-16.0.tar.bz2 android_packages_apps_Contacts-lineage-16.0.zip | |
Merge tag 'android-9.0.0_r61' into staging/lineage-16.0_merge-android-9.0.0_r61lineage-16.0
Android 9.0.0 Release 61 (6780336)
* tag 'android-9.0.0_r61':
Correct vulnerability when setting pending intents on import/export notifications by setting FLAG_IMMUTABLE
Patch URI vulnerability in contact photo editing
| -rw-r--r-- | src/com/android/contacts/vcard/ExportProcessor.java | 7 | ||||
| -rw-r--r-- | src/com/android/contacts/vcard/NotificationImportExportListener.java | 41 |
2 files changed, 15 insertions, 33 deletions
diff --git a/src/com/android/contacts/vcard/ExportProcessor.java b/src/com/android/contacts/vcard/ExportProcessor.java index 13d80caa1..66308c6bf 100644 --- a/src/com/android/contacts/vcard/ExportProcessor.java +++ b/src/com/android/contacts/vcard/ExportProcessor.java @@ -304,11 +304,12 @@ public class ExportProcessor extends ProcessorBase { intent.setType(Contacts.CONTENT_VCARD_TYPE); intent.putExtra(Intent.EXTRA_STREAM, uri); // Securely grant access using temporary access permissions - intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + // Use FLAG_ACTIVITY_NEW_TASK to set it as new task, to get rid of cached files. + intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_ACTIVITY_NEW_TASK); // Build notification final Notification notification = - NotificationImportExportListener.constructFinishNotificationWithFlags( - mService, title, description, intent, Intent.FLAG_ACTIVITY_NEW_TASK); + NotificationImportExportListener.constructFinishNotification( + mService, title, description, intent); mNotificationManager.notify(NotificationImportExportListener.DEFAULT_NOTIFICATION_TAG, mJobId, notification); } diff --git a/src/com/android/contacts/vcard/NotificationImportExportListener.java b/src/com/android/contacts/vcard/NotificationImportExportListener.java index beabe26bc..8d5346825 100644 --- a/src/com/android/contacts/vcard/NotificationImportExportListener.java +++ b/src/com/android/contacts/vcard/NotificationImportExportListener.java @@ -16,6 +16,8 @@ package com.android.contacts.vcard; +import static android.app.PendingIntent.FLAG_IMMUTABLE; + import android.app.Activity; import android.app.Notification; import android.app.NotificationManager; @@ -229,7 +231,7 @@ public class NotificationImportExportListener implements VCardImportExportListen .setSmallIcon(type == VCardService.TYPE_IMPORT ? android.R.drawable.stat_sys_download : android.R.drawable.stat_sys_upload) - .setContentIntent(PendingIntent.getActivity(context, 0, intent, 0)); + .setContentIntent(PendingIntent.getActivity(context, 0, intent, FLAG_IMMUTABLE)); if (totalCount > 0) { String percentage = NumberFormat.getPercentInstance().format((double) currentCount / totalCount); @@ -254,10 +256,6 @@ public class NotificationImportExportListener implements VCardImportExportListen .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) .setContentTitle(description) .setContentText(description) - // Launch an intent that won't resolve to anything. Restrict the intent to this - // app to make sure that no other app can steal this pending-intent b/19296918. - .setContentIntent(PendingIntent - .getActivity(context, 0, new Intent(context.getPackageName(), null), 0)) .build(); } @@ -270,29 +268,16 @@ public class NotificationImportExportListener implements VCardImportExportListen */ /* package */ static Notification constructFinishNotification( Context context, String title, String description, Intent intent) { - return constructFinishNotificationWithFlags(context, title, description, intent, 0); - } - - /** - * @param flags use FLAG_ACTIVITY_NEW_TASK to set it as new task, to get rid of cached files. - */ - /* package */ static Notification constructFinishNotificationWithFlags( - Context context, String title, String description, Intent intent, int flags) { ContactsNotificationChannelsUtil.createDefaultChannel(context); return new NotificationCompat.Builder(context, - ContactsNotificationChannelsUtil.DEFAULT_CHANNEL) - .setAutoCancel(true) - .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) - .setSmallIcon(R.drawable.quantum_ic_done_vd_theme_24) - .setContentTitle(title) - .setContentText(description) - // If no intent provided, include an intent that won't resolve to anything. - // Restrict the intent to this app to make sure that no other app can steal this - // pending-intent b/19296918. - .setContentIntent(PendingIntent.getActivity(context, 0, - (intent != null ? intent : new Intent(context.getPackageName(), null)), - flags)) - .build(); + ContactsNotificationChannelsUtil.DEFAULT_CHANNEL) + .setAutoCancel(true) + .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) + .setSmallIcon(R.drawable.quantum_ic_done_vd_theme_24) + .setContentTitle(title) + .setContentText(description) + .setContentIntent(PendingIntent.getActivity(context, 0, intent, FLAG_IMMUTABLE)) + .build(); } /** @@ -311,10 +296,6 @@ public class NotificationImportExportListener implements VCardImportExportListen .setSmallIcon(android.R.drawable.stat_notify_error) .setContentTitle(context.getString(R.string.vcard_import_failed)) .setContentText(reason) - // Launch an intent that won't resolve to anything. Restrict the intent to this - // app to make sure that no other app can steal this pending-intent b/19296918. - .setContentIntent(PendingIntent - .getActivity(context, 0, new Intent(context.getPackageName(), null), 0)) .build(); } } |