Skip to content

Commit

Permalink
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
Browse files Browse the repository at this point in the history 
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.

Test: builds, boots
Bug: 32990341, 32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
  • Loading branch information
@jsharkey
jsharkey authored and Jeff Sharkey committed Oct 3, 2017
1 parent 0595b5a commit ca7ffa0
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions services/core/java/com/android/server/accounts/AccountManagerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1669,6 +1669,11 @@ public void onResult(Bundle result) {

Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
if (intent != null && notifyOnAuthFailure && !customTokens) {
intent.setFlags(
intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
doNotification(mAccounts,
account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),
intent, accounts.userId);
Expand Down Expand Up @@ -2563,6 +2568,11 @@ public void onResult(Bundle result) {
Intent intent = null;
if (result != null
&& (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
intent.setFlags(
intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
/*
* The Authenticator API allows third party authenticators to
* supply arbitrary intents to other apps that they can run,
Expand Down

0 comments on commit ca7ffa0

Please sign in to comment.