[Ongoing Call] Don't call #getIntent to avoid a security vulnerability.

Fixes: 212467440 Test: atest OngoingCallControllerTest Test: verified clicking the chip can still open valid activities. Change-Id: I7707d01be37582461227edcecf5d559f2019c8a5 Merged-In: I7707d01be37582461227edcecf5d559f2019c8a5 (cherry picked from commit 08d94cbabb44207f1ebfddc76d9f11b6b328fdee) (cherry picked from commit b029b005d8d4122d29cffc86b752fce13b1d4da6) (cherry picked from commit ccac141cc774a76a2aaef76399fa6790252363cf) Merged-In: I7707d01be37582461227edcecf5d559f2019c8a5
author: Caitlin Cassidy <ccassidy@google.com> 2022-03-02 20:33:30 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2022-07-07 01:46:57 +0000
commit: 01c718a42fe1202bd190a41993d64800886d9e0b (patch)
tree: 3dd5c58111154b3d5a3d1a9f40e60b8601149f98
parent: fe205882e5abc45b668639f5cd43145a9f1bd3c6 (diff)
download: base-01c718a42fe1202bd190a41993d64800886d9e0b.tar.gz
2 files changed, 16 insertions, 6 deletions
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallController.kt b/packages/SystemUI/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallController.kt
index 12258136c011..67985b95dda4 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallController.kt
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallController.kt
@@ -21,7 +21,7 @@ import android.app.IActivityManager
 import android.app.IUidObserver
 import android.app.Notification
 import android.app.Notification.CallStyle.CALL_TYPE_ONGOING
-import android.content.Intent
+import android.app.PendingIntent
 import android.util.Log
 import android.view.View
 import androidx.annotation.VisibleForTesting
@@ -98,7 +98,7 @@ class OngoingCallController @Inject constructor(
                 val newOngoingCallInfo = CallNotificationInfo(
                         entry.sbn.key,
                         entry.sbn.notification.`when`,
-                        entry.sbn.notification.contentIntent?.intent,
+                        entry.sbn.notification.contentIntent,
                         entry.sbn.uid,
                         entry.sbn.notification.extras.getInt(
                                 Notification.EXTRA_CALL_TYPE, -1) == CALL_TYPE_ONGOING,
@@ -230,7 +230,6 @@ class OngoingCallController @Inject constructor(
                     logger.logChipClicked()
                     activityStarter.postStartActivityDismissingKeyguard(
                         intent,
-                        0,
                         ActivityLaunchAnimator.Controller.fromView(
                             backgroundView,
                             InteractionJankMonitor.CUJ_STATUS_BAR_APP_LAUNCH_FROM_CALL_CHIP)
@@ -351,7 +350,7 @@ class OngoingCallController @Inject constructor(
     private data class CallNotificationInfo(
         val key: String,
         val callStartTime: Long,
-        val intent: Intent?,
+        val intent: PendingIntent?,
         val uid: Int,
         /** True if the call is currently ongoing (as opposed to incoming, screening, etc.). */
         val isOngoing: Boolean,
diff --git a/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallControllerTest.kt b/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallControllerTest.kt
index b385b7d62cff..45c6be936eb9 100644
--- a/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallControllerTest.kt
+++ b/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/ongoingcall/OngoingCallControllerTest.kt
@@ -22,7 +22,6 @@ import android.app.IUidObserver
 import android.app.Notification
 import android.app.PendingIntent
 import android.app.Person
-import android.content.Intent
 import android.service.notification.NotificationListenerService.REASON_USER_STOPPED
 import android.testing.AndroidTestingRunner
 import android.testing.TestableLooper
@@ -429,6 +428,19 @@ class OngoingCallControllerTest : SysuiTestCase() {
                 .isEqualTo(OngoingCallLogger.OngoingCallEvents.ONGOING_CALL_CLICKED.id)
     }
 
+    /** Regression test for b/212467440. */
+    @Test
+    fun chipClicked_activityStarterTriggeredWithUnmodifiedIntent() {
+        val notifEntry = createOngoingCallNotifEntry()
+        val pendingIntent = notifEntry.sbn.notification.contentIntent
+        notifCollectionListener.onEntryUpdated(notifEntry)
+
+        chipView.performClick()
+
+        // Ensure that the sysui didn't modify the notification's intent -- see b/212467440.
+        verify(mockActivityStarter).postStartActivityDismissingKeyguard(eq(pendingIntent), any())
+    }
+
     @Test
     fun notifyChipVisibilityChanged_visibleEventLogged() {
         controller.notifyChipVisibilityChanged(true)
@@ -570,7 +582,6 @@ class OngoingCallControllerTest : SysuiTestCase() {
             notificationEntryBuilder.modifyNotification(context).setContentIntent(null)
         } else {
             val contentIntent = mock(PendingIntent::class.java)
-            `when`(contentIntent.intent).thenReturn(mock(Intent::class.java))
             notificationEntryBuilder.modifyNotification(context).setContentIntent(contentIntent)
         }
author	Caitlin Cassidy <ccassidy@google.com>	2022-03-02 20:33:30 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-07-07 01:46:57 +0000
commit	01c718a42fe1202bd190a41993d64800886d9e0b (patch)
tree	3dd5c58111154b3d5a3d1a9f40e60b8601149f98
parent	fe205882e5abc45b668639f5cd43145a9f1bd3c6 (diff)
download	base-01c718a42fe1202bd190a41993d64800886d9e0b.tar.gz