diff options
| author | Evan Rosky <erosky@google.com> | 2022-07-28 10:33:21 -0700 |
|---|---|---|
| committer | Evan Rosky <erosky@google.com> | 2022-08-02 20:37:50 +0000 |
| commit | 0b3ad39abf059b3e6e3088ab9d3ac6c43c29a2d5 (patch) | |
| tree | 9ad552c58cb411df0b717ccef967f29531f650c6 | |
| parent | 2bbb7a41380766db7920b4be0dbc0b98fb7a0036 (diff) | |
| download | base-0b3ad39abf059b3e6e3088ab9d3ac6c43c29a2d5.tar.gz | |
Strip transition information from activityoptions once it is read.
The implementation of shared-element transitions takes the
ActivityOptions from the calling activity and sends them to
another activity. This means that any sensitive information
passed into ActivityManager via ActivityOptions can make its
way to an unrelated app. Recently a RemoteTransition object
was added which includes some sensitive information.
This CL strips the sensitive information from the activity
options after it is extracted so that it can't be sent
to the target.
Bug: 237290578
Test: atest ActivityManagerTest#testActivityManager_stripTransitionFromActivityOptions
Change-Id: Ic9f8062e67ab895292af75e97a9ce2f4aa45d467
| -rw-r--r-- | core/java/android/app/ActivityOptions.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/wm/ActivityRecord.java | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java index 0ff9f6655b8a..e76f89ce9461 100644 --- a/core/java/android/app/ActivityOptions.java +++ b/core/java/android/app/ActivityOptions.java @@ -1353,6 +1353,11 @@ public class ActivityOptions { } /** @hide */ + public void setRemoteTransition(@Nullable RemoteTransition remoteTransition) { + mRemoteTransition = remoteTransition; + } + + /** @hide */ public static ActivityOptions fromBundle(Bundle bOptions) { return bOptions != null ? new ActivityOptions(bOptions) : null; } diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java index 0e6d1c69005d..b68c6df34888 100644 --- a/services/core/java/com/android/server/wm/ActivityRecord.java +++ b/services/core/java/com/android/server/wm/ActivityRecord.java @@ -4426,6 +4426,9 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A mPendingRemoteAnimation = options.getRemoteAnimationAdapter(); } mPendingRemoteTransition = options.getRemoteTransition(); + // Since options gets sent to client apps, remove transition information from it. + options.setRemoteTransition(null); + options.setRemoteAnimationAdapter(null); } void applyOptionsAnimation() { |