diff options
| author | Evan Rosky <erosky@google.com> | 2022-08-03 11:48:33 -0700 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-08-19 18:43:19 +0000 |
| commit | e5dd8be748c76c11615050c610dfc1fae73ad4a4 (patch) | |
| tree | 7c69883355a05590331c64f121286dc024924527 | |
| parent | 9194bce0d58093bbb0aa77c6050bb9a15d9dbc2a (diff) | |
| download | base-e5dd8be748c76c11615050c610dfc1fae73ad4a4.tar.gz | |
Strip transition information from activityoptions when sent to app
The implementation of shared-element transitions takes the
ActivityOptions from the calling activity and sends them to
another activity. This means that any sensitive information
passed into ActivityManager via ActivityOptions can make its
way to an unrelated app. Recently a RemoteTransition object
was added which includes some sensitive information.
This CL strips the sensitive information from the activity
options before sending it to anonther app.
Bug: 237290578
Test: atest ActivityManagerTest#testActivityManager_stripTransitionFromActivityOptions
Change-Id: Ifa08fc195698f02bf70ca386178c67f6ba4a14ea
(cherry picked from commit 0d03e6f1fc66fefb5409ac93ff49fa922f81664c)
Merged-In: Ifa08fc195698f02bf70ca386178c67f6ba4a14ea
| -rw-r--r-- | core/java/android/app/ActivityOptions.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/wm/ActivityRecord.java | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java index 2eebc01ccc04..0ba1614ab6c5 100644 --- a/core/java/android/app/ActivityOptions.java +++ b/core/java/android/app/ActivityOptions.java @@ -1442,6 +1442,11 @@ public class ActivityOptions extends ComponentOptions { } /** @hide */ + public void setRemoteTransition(@Nullable RemoteTransition remoteTransition) { + mRemoteTransition = remoteTransition; + } + + /** @hide */ public static ActivityOptions fromBundle(Bundle bOptions) { return bOptions != null ? new ActivityOptions(bOptions) : null; } diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java index ab936a6954d6..83687e9ebccd 100644 --- a/services/core/java/com/android/server/wm/ActivityRecord.java +++ b/services/core/java/com/android/server/wm/ActivityRecord.java @@ -4884,8 +4884,12 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A ActivityOptions takeOptions() { if (DEBUG_TRANSITION) Slog.i(TAG, "Taking options for " + this + " callers=" + Debug.getCallers(6)); + if (mPendingOptions == null) return null; final ActivityOptions opts = mPendingOptions; mPendingOptions = null; + // Strip sensitive information from options before sending it to app. + opts.setRemoteTransition(null); + opts.setRemoteAnimationAdapter(null); return opts; } |