diff options
| author | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-10-10 22:44:38 +0200 |
|---|---|---|
| committer | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-10-11 13:01:16 +0200 |
| commit | cb275182c23eabd9f596ec9dd168417b7a87cd0b (patch) | |
| tree | 678a7c38718b382a6448a6f4ea0ed624a6afdd47 | |
| parent | aca6e26f12069e6eb9dcc0232c03ce5f4fc8a48f (diff) | |
| parent | f196a40c868f7393791916334911b7e97f658f5d (diff) | |
| download | packages_apps_Contacts-lineage-15.1.tar.gz packages_apps_Contacts-lineage-15.1.tar.bz2 packages_apps_Contacts-lineage-15.1.zip | |
Merge tag 'android-8.1.0_r81' into staging/lineage-15.1_merge-android-8.1.0_r81lineage-15.1
Android 8.1.0 Release 81 (6780335)
* tag 'android-8.1.0_r81':
Correct vulnerability when setting pending intents on import/export notifications by setting FLAG_IMMUTABLE
Patch URI vulnerability in contact photo editing
| -rw-r--r-- | src/com/android/contacts/vcard/ExportProcessor.java | 7 | ||||
| -rw-r--r-- | src/com/android/contacts/vcard/NotificationImportExportListener.java | 41 |
2 files changed, 15 insertions, 33 deletions
diff --git a/src/com/android/contacts/vcard/ExportProcessor.java b/src/com/android/contacts/vcard/ExportProcessor.java index 13d80caa1..66308c6bf 100644 --- a/src/com/android/contacts/vcard/ExportProcessor.java +++ b/src/com/android/contacts/vcard/ExportProcessor.java @@ -304,11 +304,12 @@ public class ExportProcessor extends ProcessorBase { intent.setType(Contacts.CONTENT_VCARD_TYPE); intent.putExtra(Intent.EXTRA_STREAM, uri); // Securely grant access using temporary access permissions - intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + // Use FLAG_ACTIVITY_NEW_TASK to set it as new task, to get rid of cached files. + intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_ACTIVITY_NEW_TASK); // Build notification final Notification notification = - NotificationImportExportListener.constructFinishNotificationWithFlags( - mService, title, description, intent, Intent.FLAG_ACTIVITY_NEW_TASK); + NotificationImportExportListener.constructFinishNotification( + mService, title, description, intent); mNotificationManager.notify(NotificationImportExportListener.DEFAULT_NOTIFICATION_TAG, mJobId, notification); } diff --git a/src/com/android/contacts/vcard/NotificationImportExportListener.java b/src/com/android/contacts/vcard/NotificationImportExportListener.java index beabe26bc..8d5346825 100644 --- a/src/com/android/contacts/vcard/NotificationImportExportListener.java +++ b/src/com/android/contacts/vcard/NotificationImportExportListener.java @@ -16,6 +16,8 @@ package com.android.contacts.vcard; +import static android.app.PendingIntent.FLAG_IMMUTABLE; + import android.app.Activity; import android.app.Notification; import android.app.NotificationManager; @@ -229,7 +231,7 @@ public class NotificationImportExportListener implements VCardImportExportListen .setSmallIcon(type == VCardService.TYPE_IMPORT ? android.R.drawable.stat_sys_download : android.R.drawable.stat_sys_upload) - .setContentIntent(PendingIntent.getActivity(context, 0, intent, 0)); + .setContentIntent(PendingIntent.getActivity(context, 0, intent, FLAG_IMMUTABLE)); if (totalCount > 0) { String percentage = NumberFormat.getPercentInstance().format((double) currentCount / totalCount); @@ -254,10 +256,6 @@ public class NotificationImportExportListener implements VCardImportExportListen .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) .setContentTitle(description) .setContentText(description) - // Launch an intent that won't resolve to anything. Restrict the intent to this - // app to make sure that no other app can steal this pending-intent b/19296918. - .setContentIntent(PendingIntent - .getActivity(context, 0, new Intent(context.getPackageName(), null), 0)) .build(); } @@ -270,29 +268,16 @@ public class NotificationImportExportListener implements VCardImportExportListen */ /* package */ static Notification constructFinishNotification( Context context, String title, String description, Intent intent) { - return constructFinishNotificationWithFlags(context, title, description, intent, 0); - } - - /** - * @param flags use FLAG_ACTIVITY_NEW_TASK to set it as new task, to get rid of cached files. - */ - /* package */ static Notification constructFinishNotificationWithFlags( - Context context, String title, String description, Intent intent, int flags) { ContactsNotificationChannelsUtil.createDefaultChannel(context); return new NotificationCompat.Builder(context, - ContactsNotificationChannelsUtil.DEFAULT_CHANNEL) - .setAutoCancel(true) - .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) - .setSmallIcon(R.drawable.quantum_ic_done_vd_theme_24) - .setContentTitle(title) - .setContentText(description) - // If no intent provided, include an intent that won't resolve to anything. - // Restrict the intent to this app to make sure that no other app can steal this - // pending-intent b/19296918. - .setContentIntent(PendingIntent.getActivity(context, 0, - (intent != null ? intent : new Intent(context.getPackageName(), null)), - flags)) - .build(); + ContactsNotificationChannelsUtil.DEFAULT_CHANNEL) + .setAutoCancel(true) + .setColor(context.getResources().getColor(R.color.dialtacts_theme_color)) + .setSmallIcon(R.drawable.quantum_ic_done_vd_theme_24) + .setContentTitle(title) + .setContentText(description) + .setContentIntent(PendingIntent.getActivity(context, 0, intent, FLAG_IMMUTABLE)) + .build(); } /** @@ -311,10 +296,6 @@ public class NotificationImportExportListener implements VCardImportExportListen .setSmallIcon(android.R.drawable.stat_notify_error) .setContentTitle(context.getString(R.string.vcard_import_failed)) .setContentText(reason) - // Launch an intent that won't resolve to anything. Restrict the intent to this - // app to make sure that no other app can steal this pending-intent b/19296918. - .setContentIntent(PendingIntent - .getActivity(context, 0, new Intent(context.getPackageName(), null), 0)) .build(); } } |