diff options
| author | Ioana Alexandru <aioana@google.com> | 2023-05-12 15:41:09 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-06-14 00:37:13 +0000 |
| commit | e2ee0f86ab8c2c0c2ac34709282b9d52a6344be5 (patch) | |
| tree | 9b30021573e5d61c5e47d488987cff3f8bbed374 | |
| parent | 40659fabbd69dd0b757c7cfac09f443f63aea280 (diff) | |
| download | base-e2ee0f86ab8c2c0c2ac34709282b9d52a6344be5.tar.gz | |
Implement visitUris for RemoteViews ViewGroupActionAdd.
This is to prevent a vulnerability where notifications can show
resources belonging to other users, since the URI in the nested views
was not being checked.
Bug: 277740082
Test: atest RemoteViewsTest NotificationVisitUrisTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:850fd984e5f346645b5a941ed7307387c7e4c4de)
Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
| -rw-r--r-- | core/java/android/widget/RemoteViews.java | 5 | ||||
| -rw-r--r-- | core/tests/coretests/src/android/widget/RemoteViewsTest.java | 24 |
2 files changed, 29 insertions, 0 deletions
diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java index c985ae82307c..0b85cbe1cd52 100644 --- a/core/java/android/widget/RemoteViews.java +++ b/core/java/android/widget/RemoteViews.java @@ -2583,6 +2583,11 @@ public class RemoteViews implements Parcelable, Filter { public int getActionTag() { return VIEW_GROUP_ACTION_ADD_TAG; } + + @Override + public final void visitUris(@NonNull Consumer<Uri> visitor) { + mNestedViews.visitUris(visitor); + } } /** diff --git a/core/tests/coretests/src/android/widget/RemoteViewsTest.java b/core/tests/coretests/src/android/widget/RemoteViewsTest.java index a9d3ce51b2c3..350b7fc2926f 100644 --- a/core/tests/coretests/src/android/widget/RemoteViewsTest.java +++ b/core/tests/coretests/src/android/widget/RemoteViewsTest.java @@ -720,6 +720,30 @@ public class RemoteViewsTest { } @Test + public void visitUris_nestedViews() { + final RemoteViews outer = new RemoteViews(mPackage, R.layout.remote_views_test); + + final RemoteViews inner = new RemoteViews(mPackage, 33); + final Uri imageUriI = Uri.parse("content://inner/image"); + final Icon icon1 = Icon.createWithContentUri("content://inner/icon1"); + final Icon icon2 = Icon.createWithContentUri("content://inner/icon2"); + final Icon icon3 = Icon.createWithContentUri("content://inner/icon3"); + final Icon icon4 = Icon.createWithContentUri("content://inner/icon4"); + inner.setImageViewUri(R.id.image, imageUriI); + inner.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4); + + outer.addView(R.id.layout, inner); + + Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class); + outer.visitUris(visitor); + verify(visitor, times(1)).accept(eq(imageUriI)); + verify(visitor, times(1)).accept(eq(icon1.getUri())); + verify(visitor, times(1)).accept(eq(icon2.getUri())); + verify(visitor, times(1)).accept(eq(icon3.getUri())); + verify(visitor, times(1)).accept(eq(icon4.getUri())); + } + + @Test public void visitUris_separateOrientation() { final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test); final Uri imageUriL = Uri.parse("content://landscape/image"); |