diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2017-06-12 17:33:58 -0600 |
|---|---|---|
| committer | Harry Youd <harry@harryyoud.co.uk> | 2017-12-23 16:39:10 +0000 |
| commit | a67d9f5750aff277b84f7c751d1e786e1885763b (patch) | |
| tree | 913c5c04c6cf72b015907290f00bcdc69f642f25 /src | |
| parent | 2dabc25a1b02dc71a74316ad0353f4429ad05d60 (diff) | |
| download | packages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.tar.gz packages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.tar.bz2 packages_apps_Settings-a67d9f5750aff277b84f7c751d1e786e1885763b.zip | |
DO NOT MERGE. ActivityPicker shouldn't grant permissions.
This picker has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug: 32879772
Change-Id: I91c48c73287a271bd6c99e60e216dead22e68764
(cherry picked from commit 3f218e8431cb5648bcb46131551c133ba53ef870)
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/android/settings/ActivityPicker.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/com/android/settings/ActivityPicker.java b/src/com/android/settings/ActivityPicker.java index 7c269238e..97996c878 100644 --- a/src/com/android/settings/ActivityPicker.java +++ b/src/com/android/settings/ActivityPicker.java @@ -78,6 +78,10 @@ public class ActivityPicker extends AlertActivity implements Parcelable parcel = intent.getParcelableExtra(Intent.EXTRA_INTENT); if (parcel instanceof Intent) { mBaseIntent = (Intent) parcel; + mBaseIntent.setFlags(mBaseIntent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION + | Intent.FLAG_GRANT_WRITE_URI_PERMISSION + | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION + | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION)); } else { mBaseIntent = new Intent(Intent.ACTION_MAIN, null); mBaseIntent.addCategory(Intent.CATEGORY_DEFAULT); |