summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCarlos Valdivia <carlosvaldivia@google.com>2014-09-08 00:45:58 (GMT)
committerPaul Kocialkowski <contact@paulk.fr>2015-08-30 21:03:22 (GMT)
commit329603fd3b62ef5bb06c2c3612471edd30fd431a (patch)
treed3dc14defe2bc69b6204812547d0c0cc09d38d27
parent04994e322b88df30ce711c59f2a2975c2aae5612 (diff)
downloadpackages_apps_Settings-replicant-4.2.zip
packages_apps_Settings-replicant-4.2.tar.gz
packages_apps_Settings-replicant-4.2.tar.bz2
SECURITY: Don't pass a usable Pending Intent to 3rd parties.replicant-4.2-0004replicant-4.2
Unfortunately the Settings app has super powers. We shouldn't let untrusted 3rd party authenticators re-purpose those powers to their own nefarious ends. This means that we shouldn't pass along PendingIntents that can have addressing information (component, action, category) filled in by third parties. Bug: 17356824 Change-Id: I397d26c5f465ddfb0e58bbc66cd44756e58cc507 (cherry picked from commit f5d3e74ecc2b973941d8adbe40c6b23094b5abb7) Signed-off-by: Carlos Valdivia <carlosvaldivia@google.com> Tested-by: Moritz Bandemer <replicant@posteo.mx>
-rw-r--r--src/com/android/settings/accounts/AddAccountSettings.java18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/com/android/settings/accounts/AddAccountSettings.java b/src/com/android/settings/accounts/AddAccountSettings.java
index 6f7e29a..6b53d75 100644
--- a/src/com/android/settings/accounts/AddAccountSettings.java
+++ b/src/com/android/settings/accounts/AddAccountSettings.java
@@ -23,6 +23,7 @@ import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.app.Activity;
import android.app.PendingIntent;
+import android.content.ComponentName;
import android.content.Intent;
import android.os.Bundle;
import android.util.Log;
@@ -58,6 +59,7 @@ public class AddAccountSettings extends Activity {
* application.
*/
private static final String KEY_CALLER_IDENTITY = "pendingIntent";
+ private static final String SHOULD_NOT_RESOLVE = "SHOULDN'T RESOLVE!";
private static final String TAG = "AccountSettings";
@@ -170,7 +172,21 @@ public class AddAccountSettings extends Activity {
private void addAccount(String accountType) {
Bundle addAccountOptions = new Bundle();
- mPendingIntent = PendingIntent.getBroadcast(this, 0, new Intent(), 0);
+ /*
+ * The identityIntent is for the purposes of establishing the identity
+ * of the caller and isn't intended for launching activities, services
+ * or broadcasts.
+ *
+ * Unfortunately for legacy reasons we still need to support this. But
+ * we can cripple the intent so that 3rd party authenticators can't
+ * fill in addressing information and launch arbitrary actions.
+ */
+ Intent identityIntent = new Intent();
+ identityIntent.setComponent(new ComponentName(SHOULD_NOT_RESOLVE, SHOULD_NOT_RESOLVE));
+ identityIntent.setAction(SHOULD_NOT_RESOLVE);
+ identityIntent.addCategory(SHOULD_NOT_RESOLVE);
+
+ mPendingIntent = PendingIntent.getBroadcast(this, 0, identityIntent, 0);
addAccountOptions.putParcelable(KEY_CALLER_IDENTITY, mPendingIntent);
addAccountOptions.putBoolean(EXTRA_HAS_MULTIPLE_USERS, Utils.hasMultipleUsers(this));
AccountManager.get(this).addAccount(