AOSP/Email - Second part of the Security Vulnerability fix -

Email App: Malicious app is able to compose message with hidden attachments and bypass attachments path checks attaching private files from /data/data/com.android.email/* + Ported the following CLs. Code is different from gmail. Made the changes to work with Email. ++ https://critique.corp.google.com/#review/136780360 +++ Differentiating our Compose intents from other app's intent. Added ComposeActivityEmailExternal method and it always returns true. Treat body and quoted text as plaintext if intent is external. Bug: 32068883 Bug: 32502421 Bug: 32589229 Test: manual - Ran the following tests on Pixel phone. Tested the Email UI. $ adb install -r out/target/product/marlin/system/app/Email/Email.apk $ adb install -r app-debug.apk Success $ adb shell am start -n com.test.poc.poc32589229/.MainActivity -a android.intent.action.MAIN Starting: Intent { act=android.intent.action.MAIN cmp=com.test.poc.poc32589229/.MainActivity } Duplicated the steps in https://b.corp.google.com/issues/32589229#comment5 and didn't get the attachments after the fix (was getting attachments before the fix). $ adb install -r out/target/product/marlin/testcases/EmailTests/EmailTests.apk Performing Streamed Install Success $ adb shell am instrument -w com.android.email.tests The number of failures are same as before (with or without this change). Tests run: 158, Failures: 5 Change-Id: I4eda17af7f60e1c92f49ffa6025b328f6481ec76 (cherry picked from commit c87d04b8c190f52c4f7e8a22dfaa2b5e065415fe)
author: Raman Tenneti <rtenneti@google.com> 2018-11-27 13:47:04 -0800
committer: syphyr <syphyr@gmail.com> 2019-02-06 21:00:16 +0100
commit: bff4ffc4361630fa10613cd919a3979b2d959f0f (patch)
tree: 08a0e00a224745e7d63df1c82981e1057ba9f845
parent: b0e9c6fc777c38143acc0262aac5b87e9062aacc (diff)
download: android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.tar.gz
android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.tar.bz2
android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.zip
2 files changed, 46 insertions, 1 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index d93669b83..67cf0e9a4 100755
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -88,7 +88,7 @@
 
         <uses-library android:name="org.apache.http.legacy" android:required="false" />
         <activity
-            android:name="com.android.email.activity.ComposeActivityEmail"
+            android:name="com.android.email.activity.ComposeActivityEmailExternal"
             android:label="@string/app_name"
             android:documentLaunchMode="intoExisting"
             android:autoRemoveFromRecents="true"
@@ -143,6 +143,19 @@
                 <data android:scheme="mailto" />
             </intent-filter>
 
+        </activity>
+
+        <!--
+            There are 2 ComposeActivityEmail activities (here and above) because one is listening
+             for intents broadcasted internally and the other for those broadcasted from external
+             applications. Refer to b/32068883.
+        -->
+        <activity android:name="com.android.email.activity.ComposeActivityEmail"
+            android:exported="false"
+            android:label="@string/app_name"
+            android:documentLaunchMode="intoExisting"
+            android:autoRemoveFromRecents="true"
+            android:theme="@style/ComposeTheme">
             <intent-filter>
                 <action android:name="com.android.mail.intent.action.LAUNCH_COMPOSE" />
                 <category android:name="android.intent.category.DEFAULT" />
diff --git a/src/com/android/email/activity/ComposeActivityEmailExternal.java b/src/com/android/email/activity/ComposeActivityEmailExternal.java
new file mode 100644
index 000000000..455193bea
--- /dev/null
+++ b/src/com/android/email/activity/ComposeActivityEmailExternal.java
@@ -0,0 +1,32 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.email.activity;
+
+/**
+ * A subclass of {@link ComposeActivityEmail} which is exported for other Android packages to open.
+ */
+public class ComposeActivityEmailExternal extends ComposeActivityEmail {
+
+  /**
+   * Only relevant when WebView Compose is enabled. Change this when WebView
+   * Compose is enabled for Email.
+   */
+  @Override
+  public boolean isExternal() {
+      return false;
+  }
+}
author	Raman Tenneti <rtenneti@google.com>	2018-11-27 13:47:04 -0800
committer	syphyr <syphyr@gmail.com>	2019-02-06 21:00:16 +0100
commit	bff4ffc4361630fa10613cd919a3979b2d959f0f (patch)
tree	08a0e00a224745e7d63df1c82981e1057ba9f845
parent	b0e9c6fc777c38143acc0262aac5b87e9062aacc (diff)
download	android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.tar.gz android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.tar.bz2 android_packages_apps_Email-bff4ffc4361630fa10613cd919a3979b2d959f0f.zip