summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Automatic translation importHEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004cm-13.0Michael Bestas2019-08-10105-10077/+3935
| | | | Change-Id: I15b780e3def981b5cf0f5ac8d712483c06aca98a
* AOSP/Email - Fixed - Security Vulnerability - Email App: Malicious appRaman Tenneti2019-03-231-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | is able to compose message with hidden attachments and bypass attachments path checks attaching private files from /data/data/com.android.email/* + Ported the following CLs. Code is different from gmail. Made the changes to work with Email. ++ https://critique.corp.google.com/#review/136780360 +++ Add isExternal() to ComposeActivity.java and it always returns false. Treat body and quoted text as plaintext if intent is external. ++ https://critique.corp.google.com/#review/137654162 +++ Don't let other apps use our EXTRA_MESSAGE. Load EXTRA_MESSAGE only if action is LAUNCH_COMPOSE. LAUNCH_COMPOSE action is an internal only action: b/32068883. ++ https://critique.corp.google.com/#review/142296051 +++ Don't let external Intent use EXTRA_MESSAGE Bug: 32068883 Bug: 32502421 Bug: 32589229 Test: manual - Ran the following tests on Pixel phone. Tested the Email UI. $ adb install -r out/target/product/marlin/system/app/Email/Email.apk $ adb install -r app-debug.apk Success $ adb shell am start -n com.test.poc.poc32589229/.MainActivity -a android.intent.action.MAIN Starting: Intent { act=android.intent.action.MAIN cmp=com.test.poc.poc32589229/.MainActivity } Duplicated the steps in https://b.corp.google.com/issues/32589229#comment5 and didn't get the attachments after the fix (was getting attachments before the fix). logcat output: 11-21 03:45:48.927 11705 11705 I poc-test: sending a hidden file attachment 11-21 03:45:48.929 11705 11705 I poc-test: Sending contentType: text/html, previewImage: null 11-21 03:45:48.935 914 4482 I ActivityManager: START u0 {act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras)} from uid 10072 11-21 03:45:48.935 914 4482 W ActivityManager: Permission Denial: starting Intent { act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras) } from ProcessRecord{6941817 11705:com.test.poc.poc32589229/u0a72} (pid=11705, uid=10072) not exported from uid 10062 11-21 03:45:48.937 11705 11705 D AndroidRuntime: Shutting down VM --------- beginning of crash 11-21 03:45:48.940 11705 11705 E AndroidRuntime: FATAL EXCEPTION: main 11-21 03:45:48.940 11705 11705 E AndroidRuntime: Process: com.test.poc.poc32589229, PID: 11705 11-21 03:45:48.940 11705 11705 E AndroidRuntime: java.lang.IllegalStateException: Could not execute method for android:onClick ... 11-21 03:45:48.940 11705 11705 E AndroidRuntime: Caused by: java.lang.SecurityException: Permission Denial: starting Intent { act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras) } from ProcessRecord{6941817 11705:com.test.poc.poc32589229/u0a72} (pid=11705, uid=10072) not exported from uid 10062 $ adb install -r out/target/product/marlin/testcases/EmailTests/EmailTests.apk Performing Streamed Install Success $ adb shell am instrument -w com.android.email.tests The number of failures are same as before (with or without this change). Tests run: 158, Failures: 5 Change-Id: If6e2a2efa08b75675c980b72735cde8252e95760 (cherry picked from commit 3526a4ac552f93a83ea838ddae5de45e1e068af0)
* Filter Attachment file name of forward slashes for .eml attachments.Ekin Oguz2018-08-081-0/+5
| | | | | | Bug: b/66230183 Change-Id: I6715358a07bc5bd9de6ee877b4a235a974767536 (cherry picked from commit 53b40fd185517ca82a0c4305570c5a5e3b83abf0)
* Disallow attaching files from our own EmailAttachmentProvider.replicant-6.0-0004-rc1Ekin Oguz2018-04-061-1/+12
| | | | | | | | | | | This is to backport a security fix reported in b/71814449 and b/72569023. Fix is using the same approach as b/27308057, which is to prevent Compose from accepting URIs with our own email attachment provider. Bug: b/71814449 Change-Id: Idcc002b94bcea913383b54bcf1dc5c3e1d254ded (cherry picked from commit 44a5db2dc0ace4d360699c11c27d5c10b43ad628)
* Automatic translation importAbhisek Devkota2017-12-136-0/+1440
| | | | Change-Id: I3cbe6800752496f741f24ee824a1c6790aa97df8
* Automatic translation importreplicant-6.0-0003Abhisek Devkota2017-09-192-11/+56
| | | | Change-Id: Iee1f8c99497302222b8c3b91b74d9eec0261a70a
* Automatic translation importreplicant-6.0-0002Abhisek Devkota2017-06-031-1/+1
| | | | Change-Id: I6ed8ec7088f65a73bb7fe3a102cef5de05c0e698
* Automatic translation importreplicant-6.0-0001Abhisek Devkota2017-04-289-404/+95
| | | | Change-Id: I5368bbf25270420a875a17379bfe037c62bc9e11
* Don't allow file attachment from /data through GET_CONTENT.Ekin Oguz2017-03-131-11/+7
| | | | | | | | | | | | | | | | | | | A custom picker can be used to attach files to Compose activity. With this change, we are disallowing files belonging to file:///data/... to be attached from custom pickers, in order not to expose internal application data. If the Intent Uri is a "file" and the file is in `Environment.getDataDirectory()`, then throw a AttachmentFailureException which is caught immediately and shows a toast to the user. Details b/31494146#comment13 Fix b/32615212 Change-Id: I037888b01fef1cdf5053602cdf9194286d5648df (cherry picked from commit eace8b43e8d1512a205554715ca840324bfbe35f) (cherry picked from commit 1de59f75ce361d86ada269a3bc5bf9078f1fd6d0)
* Automatic translation importAbhisek Devkota2017-02-192-0/+480
| | | | Change-Id: Ic1b15104db999591b2f1db1f23e62695856021a9
* Automatic translation importAbhisek Devkota2017-01-2619-110/+2
| | | | Change-Id: Icb39ec0abde5ace0807829008e5d0bead4e5aa67
* Automatic translation importblinky@build012016-12-241-2/+2
| | | | | Change-Id: Ib43f4dd6fe5b9ee1215ff7aa34fb40a0971ff2f8 Ticket: -
* Automatic translation importblinky@build012016-12-2218-0/+108
| | | | | Change-Id: I44c0ce61a130fb88d4991e8777e0cb2e7a1e178a Ticket: -
* Automatic translation importblinky@build012016-12-211-0/+31
| | | | | Change-Id: Ibcd1dd1047a984df1ef07344564d7a42c4d224ba Ticket: -
* ActivityControler: Fix BadPacelableException in certain scenariosVitalii Kulikov2016-12-051-0/+1
| | | | | | | | | | | | | Getting this with Good Work installed If there is multiple apps that registers to handle same intent excpetion is raised while unmarshaling Conversatin parcel because of wrong ClassLoader being used. Fix it by setting ClassLoader for extras in intent to properly unmashal Conversation parcel. Change-Id: I4c296d503d5ab3f3222e3bf14de7e9864c8c7085
* Automatic translation importclyde@build012016-12-041-1/+0
| | | | | Change-Id: I4dd7726508f0c6ecb0c23c8c8afbab9c6377e875 Ticket: -
* Automatic translation importinky@build012016-11-292-31/+1
| | | | | Change-Id: I50ec37f183c1e2d76545a6bb6b44c226bd862284 Ticket: -
* Automatic translation importpinky@build012016-09-252-0/+84
| | | | | Change-Id: I6f3a405957e3bc1f59d4bbfab9b012b447ada052 Ticket: -
* Automatic translation importpinky@build012016-08-290-0/+0
| | | | | Change-Id: Iff5c00f3a1a8407b1b98ec6b658d2e38fdf47bb0 Ticket: -
* Automatic translation importpinky@build012016-08-276-0/+1440
| | | | | Change-Id: I9b84f37e826b0f436e2188f7dae194b0222e1acf Ticket: -
* MimeUtility: ensure streams are always closedAlexander Martinz2016-07-271-9/+10
| | | | | | | | | | Currently a StrictMode violation gets triggered everytime MimeUtility#getTextFromPart gets called. Ensure we are always closing streams in the finally block. Change-Id: If332487fae43f59d3785841ac7122b8f2b200255 Signed-off-by: Alexander Martinz <eviscerationls@gmail.com>
* Automatic translation importAbhisek Devkota2016-05-171-0/+5
| | | | Change-Id: I832d626c8e0faa6a2c7a2e23366e69f9efec7219
* Merge tag 'android-6.0.1_r43' into HEADJessica Wagantall2016-05-031-1/+19
|\ | | | | | | | | | | | | Ticket: CYNGNOS-2373 Android 6.0.1 release 43 (MOB30J) Change-Id: I08ca60b70bbdbea4ce8dfc764d8454f04c5b7879
| * Don't allow cachedFile Attachments if the content Uri is pointing to ↵Sam Lee2016-03-251-1/+19
| | | | | | | | | | | | | | | | | | | | EmailProvider. This is to backport a security fix reported by b/27308057 and b/27335139. Also, add Analytics for these errors. Bug: b/27335139 Change-Id: I75f6d8f5feb9fc611aa2e429e2b22cbd07223ab9
* | Revert "Merge tag 'android-6.0.1_r22' of ↵Michael Bestas2016-05-0220-46/+555
| | | | | | | | | | | | | | | | | | https://android.googlesource.com/platform/packages/apps/UnifiedEmail into cm-13.0" This reverts commit 9327d03849500974d74da6a161a7cd9f835dac9d, reversing changes made to a9dcd8241bd7884aa4c1e0363fc07a9f7cfc4db7. Change-Id: I80f2f97b753888ee600b48135e4d6e14f0208a67
* | Merge tag 'android-6.0.1_r30' into HEADJessica Wagantall2016-04-180-0/+0
|\| | | | | | | | | Ticket: RM-234 Android 6.0.1 release 30
| * Don't allow file attachment from file:///data.Régis Décamps2016-02-261-30/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 24ed2941ab132e4156bd38f0ab734c81dae8fc2e allows file:// attachment on the /data directory if they are from the same process. This was done to work around applications that shared their internal data file. However, this is bad practice, and other apps should share content:// Uri instead. With this change, Email doesn't allow this anymore. This fixes security issue 199888. Also, add Analytics for these errors compose_errors > send_intent_attachment > data_dir https://code.google.com/p/android/issues/detail?id=199888 b/26989185 Change-Id: I7cae3389f4f7cf5f86600a58c6ccdffaf889d1c3
* | Automatic translation importMichael Bestas2016-04-164-3/+514
| | | | | | | | Change-Id: I2a3faec845c11325e1eda048077dafda90a2d34e
* | Automatic translation importMichael Bestas2016-04-063-1/+481
| | | | | | | | Change-Id: I241831a7381290af41641ffbfe856dbe51d16274
* | Merge tag 'android-6.0.1_r24' into HEADJessica Wagantall2016-04-051-30/+10
|\ \ | | | | | | | | | | | | Ticket: CYNGNOS-2213 Android 6.0.1 release 24
| * \ merge in mnc-dr1.5-release history after reset to mnc-dr1.5-devThe Android Automerger2016-03-220-0/+0
| |\ \
| | * \ merge in mnc-dr1.5-release history after reset to mnc-dr1.5-devThe Android Automerger2016-03-170-0/+0
| | |\ \ | | |/ / | |/| |
| * | | Don't allow file attachment from file:///data.Régis Décamps2016-03-011-30/+10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 24ed2941ab132e4156bd38f0ab734c81dae8fc2e allows file:// attachment on the /data directory if they are from the same process. This was done to work around applications that shared their internal data file. However, this is bad practice, and other apps should share content:// Uri instead. With this change, Email doesn't allow this anymore. This fixes security issue 199888. Also, add Analytics for these errors compose_errors > send_intent_attachment > data_dir https://code.google.com/p/android/issues/detail?id=199888 b/26989185 Change-Id: I7cae3389f4f7cf5f86600a58c6ccdffaf889d1c3
* | | Automatic translation importMichael Bestas2016-03-284-32/+917
| | | | | | | | | | | | Change-Id: I992cde8ec1f12f4d9771c0cf494ebfbaa94471bd
* | | Automatic translation importMichael Bestas2016-03-1714-4/+450
| | | | | | | | | | | | Change-Id: Ib2ce3d69d71d6069f734fe619579ac5684735088
* | | Merge tag 'android-6.0.1_r22' of ↵staging/cm-13.0+r22Steve Kondik2016-03-1020-555/+46
|\| | | | | | | | | | | | | | | | | https://android.googlesource.com/platform/packages/apps/UnifiedEmail into cm-13.0 Android 6.0.1 release 22
| * | am 809d6c96: (-s ours) am a4d171f3: (-s ours) am 76d7877c: (-s ours) Import ↵Geoff Mendal2015-07-150-0/+0
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | translations. DO NOT MERGE * commit '809d6c96ab7606b838acdaf544ec495df3888b0a': Import translations. DO NOT MERGE
| | * | am a4d171f3: (-s ours) am 76d7877c: (-s ours) Import translations. DO NOT MERGEGeoff Mendal2015-07-150-0/+0
| | |\| | | | | | | | | | | | | | | | | * commit 'a4d171f3b810567d6c60ae02ff1564b15ba75a94': Import translations. DO NOT MERGE
| * | | am 7d56d08c: (-s ours) am ad5289cd: (-s ours) Import translations. DO NOT MERGEGeoff Mendal2015-07-130-0/+0
| |\| | | | | | | | | | | | | | | | | | * commit '7d56d08cd6d8b8e3281df14ef3246edace90dbcb': Import translations. DO NOT MERGE
| | * | am ad5289cd: (-s ours) Import translations. DO NOT MERGEGeoff Mendal2015-07-130-0/+0
| | |\ \ | | | | | | | | | | | | | | | | | | | | * commit 'ad5289cd0fcf034fe43c9ffd485aa434424bd8f7': Import translations. DO NOT MERGE
| * | | | am af010d3f: (-s ours) Import translations. DO NOT MERGEGeoff Mendal2015-05-300-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | * commit 'af010d3fdf4cbffe38cb32ccfa4bc6bdd4b6e111': Import translations. DO NOT MERGE
| * | | | am a25fa233: Use to reference support library resource dir.Ying Wang2015-05-191-2/+2
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * commit 'a25fa23347df8fb7ee9a8d7317973f6cfd300547': Use $(SUPPORT_LIBRARY_ROOT) to reference support library resource dir.
| * \ \ \ \ am a67caef6: (-s ours) Import translations. DO NOT MERGEGeoff Mendal2015-05-140-0/+0
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'a67caef65aa37d45f1649a81a4aa52b8c7b88014': Import translations. DO NOT MERGE
* | | | | | | Automatic translation importMichael Bestas2016-03-05106-9/+6998
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ib3b7c5999b1a6f0005ba891324bebbb9c3d63512
* | | | | | | Automatic translation importMichael Bestas2016-02-224-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ica0a49af5527f19902e311891c74222003d1a1f2
* | | | | | | Automatic translation importMichael Bestas2016-02-142-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I010513783ed857dd7575c89775028b9fdfa27ffe
* | | | | | | Automatic translation importMichael Bestas2016-02-022-0/+100
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ieb0c5cb6a7e3dcdbac9a1a2fda457489471febcd
* | | | | | | Automatic translation importMichael Bestas2016-01-251-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Iab740148c0e43d2c07c55617171316cba2243a59
* | | | | | | Remove mail signatures from notification text.Danny Baumann2016-01-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ia0ab851a33aa335724d83dadddf45adbfc1013c6
* | | | | | | unifiedemail: junk iconJorge Ruesga2016-01-131-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I3bfa791b9a2e9645665891361eb9effc236b6e24 Signed-off-by: Jorge Ruesga <jorge@ruesga.com> (cherry picked from commit 8ef4be4355442fd419b2b2be2501db2ae9b5b68f)
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 18:21:14 +0000