Skip to content

Commit

Permalink
Ignore fragment attr from ext authenticator resource
Browse files Browse the repository at this point in the history
Bug: 341886134
Test: Unit Test
Test: Manual - see ticket for steps
Flag: EXEMPT <security>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2cb9b10ed97b1b9b29661115789605a762f3c2ef)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:24e2f2d2f65d233527e1f50e3e215c266f040792)
Merged-In: Id91c2b3b6d16ba3702ee2cd6723365a4db52863b
Change-Id: Id91c2b3b6d16ba3702ee2cd6723365a4db52863b
  • Loading branch information
Chris Antol authored and aoleary committed Sep 17, 2024
1 parent 6716341 commit f0f147f
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions src/com/android/settings/accounts/AccountTypePreferenceLoader.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@
import android.text.TextUtils;
import android.util.Log;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.collection.ArraySet;
import androidx.preference.Preference;
import androidx.preference.Preference.OnPreferenceClickListener;
import androidx.preference.PreferenceFragmentCompat;
Expand All @@ -46,6 +50,8 @@
import com.android.settingslib.accounts.AuthenticatorHelper;
import com.android.settingslib.core.instrumentation.Instrumentable;

import java.util.Set;

/**
* Class to load the preference screen to be added to the settings page for the specific account
* type as specified in the account-authenticator.
Expand Down Expand Up @@ -83,6 +89,7 @@ public PreferenceScreen addPreferencesForType(final String accountType,
try {
desc = mAuthenticatorHelper.getAccountTypeDescription(accountType);
if (desc != null && desc.accountPreferencesId != 0) {
Set<String> fragmentAllowList = generateFragmentAllowlist(parent);
// Load the context of the target package, then apply the
// base Settings theme (no references to local resources)
// and create a context theme wrapper so that we get the
Expand All @@ -98,6 +105,12 @@ public PreferenceScreen addPreferencesForType(final String accountType,
themedCtx.getTheme().setTo(baseTheme);
prefs = mFragment.getPreferenceManager().inflateFromResource(themedCtx,
desc.accountPreferencesId, parent);
// Ignore Fragments provided dynamically, as these are coming from external
// applications which must not have access to internal Settings' fragments.
// These preferences are rendered into Settings, so they also won't have access
// to their own Fragments, meaning there is no acceptable usage of
// android:fragment here.
filterBlockedFragments(prefs, fragmentAllowList);
}
} catch (PackageManager.NameNotFoundException e) {
Log.w(TAG, "Couldn't load preferences.xml file from " + desc.packageName);
Expand Down Expand Up @@ -185,6 +198,48 @@ public boolean onPreferenceClick(Preference preference) {
}
}

// Build allowlist from existing Fragments in PreferenceGroup
@VisibleForTesting
Set<String> generateFragmentAllowlist(@Nullable PreferenceGroup prefs) {
Set<String> fragmentAllowList = new ArraySet<>();
if (prefs == null) {
return fragmentAllowList;
}

for (int i = 0; i < prefs.getPreferenceCount(); i++) {
Preference pref = prefs.getPreference(i);
if (pref instanceof PreferenceGroup) {
fragmentAllowList.addAll(generateFragmentAllowlist((PreferenceGroup) pref));
}

String fragmentName = pref.getFragment();
if (!TextUtils.isEmpty(fragmentName)) {
fragmentAllowList.add(fragmentName);
}
}
return fragmentAllowList;
}

// Block clicks on any Preference with android:fragment that is not contained in the allowlist
@VisibleForTesting
void filterBlockedFragments(@Nullable PreferenceGroup prefs,
@NonNull Set<String> allowedFragments) {
if (prefs == null) {
return;
}
for (int i = 0; i < prefs.getPreferenceCount(); i++) {
Preference pref = prefs.getPreference(i);
if (pref instanceof PreferenceGroup) {
filterBlockedFragments((PreferenceGroup) pref, allowedFragments);
}

String fragmentName = pref.getFragment();
if (fragmentName != null && !allowedFragments.contains(fragmentName)) {
pref.setOnPreferenceClickListener(preference -> true);
}
}
}

/**
* Determines if the supplied Intent is safe. A safe intent is one that is
* will launch a exported=true activity or owned by the same uid as the
Expand Down

0 comments on commit f0f147f

Please sign in to comment.