diff options
author | Adam Powell <adamp@google.com> | 2016-04-28 16:32:18 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2016-05-27 11:09:25 -0700 |
commit | 5233cf884a8776d6e3178f73742681bbe5587db2 (patch) | |
tree | 9d5f1718276e9095156fc5a5a7a17cfe8fdb6bf6 | |
parent | 68584d383c6fa4ad82aac1bdfa3dbf1c26166efc (diff) | |
download | base-5233cf884a8776d6e3178f73742681bbe5587db2.tar.gz |
Backport ChooserTarget package source check from N
Fix a bug where a ChooserTargetService could supply a ChooserTarget
pointing at a non-exported activity outside of its own package and
have it launch.
Bug 28384423
Change-Id: I3f5854f91c5695ad9253d71055ef58224df47008
-rw-r--r-- | core/java/com/android/internal/app/ChooserActivity.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java index 7699673701f0..e137f9407a3d 100644 --- a/core/java/com/android/internal/app/ChooserActivity.java +++ b/core/java/com/android/internal/app/ChooserActivity.java @@ -656,7 +656,19 @@ public class ChooserActivity extends ResolverActivity { } intent.setComponent(mChooserTarget.getComponentName()); intent.putExtras(mChooserTarget.getIntentExtras()); - activity.startActivityAsCaller(intent, options, true, userId); + + // Important: we will ignore the target security checks in ActivityManager + // if and only if the ChooserTarget's target package is the same package + // where we got the ChooserTargetService that provided it. This lets a + // ChooserTargetService provide a non-exported or permission-guarded target + // to the chooser for the user to pick. + // + // If mSourceInfo is null, we got this ChooserTarget from the caller or elsewhere + // so we'll obey the caller's normal security checks. + final boolean ignoreTargetSecurity = mSourceInfo != null + && mSourceInfo.getResolvedComponentName().getPackageName() + .equals(mChooserTarget.getComponentName().getPackageName()); + activity.startActivityAsCaller(intent, options, ignoreTargetSecurity, userId); return true; } |