summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2017-06-12 23:33:58 (GMT)
committerHarry Youd <harry@harryyoud.co.uk>2017-12-23 16:39:10 (GMT)
commita67d9f5750aff277b84f7c751d1e786e1885763b (patch)
tree913c5c04c6cf72b015907290f00bcdc69f642f25
parent2dabc25a1b02dc71a74316ad0353f4429ad05d60 (diff)
downloadpackages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.zip
packages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.tar.gz
packages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.tar.bz2
DO NOT MERGE. ActivityPicker shouldn't grant permissions.
This picker has no business granting any Uri permissions, so remove any grant flags that malicious apps may have tried sneaking in. Test: builds, boots Bug: 32879772 Change-Id: I91c48c73287a271bd6c99e60e216dead22e68764 (cherry picked from commit 3f218e8431cb5648bcb46131551c133ba53ef870)
-rw-r--r--src/com/android/settings/ActivityPicker.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/com/android/settings/ActivityPicker.java b/src/com/android/settings/ActivityPicker.java
index 7c26923..97996c8 100644
--- a/src/com/android/settings/ActivityPicker.java
+++ b/src/com/android/settings/ActivityPicker.java
@@ -78,6 +78,10 @@ public class ActivityPicker extends AlertActivity implements
Parcelable parcel = intent.getParcelableExtra(Intent.EXTRA_INTENT);
if (parcel instanceof Intent) {
mBaseIntent = (Intent) parcel;
+ mBaseIntent.setFlags(mBaseIntent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+ | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+ | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+ | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
} else {
mBaseIntent = new Intent(Intent.ACTION_MAIN, null);
mBaseIntent.addCategory(Intent.CATEGORY_DEFAULT);