Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "[DO NOT MERGE] Fix another AddAccountSettings memory leak"

Browse Source
This commit is contained in:
Fyodor Kupolov
2017-09-27 00:25:16 +00:00
committed by Gerrit Code Review
parent 680525c742 7183f0a6f3
commit bff14ae56f
1 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
services/core/java/com/android/server/accounts/AccountManagerService.java
View File

@@ -2954,9 +2954,13 @@ public class AccountManagerService
* have users launching arbitrary activities by tricking users to
* interact with malicious notifications.
*/
checkKeyIntent(
if (!checkKeyIntent(
Binder.getCallingUid(),
intent);
intent)) {
onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,
"invalid intent in bundle returned");
return;
}
doNotification(
mAccounts,
account,
@@ -3351,9 +3355,13 @@ public class AccountManagerService
Intent intent = null;
if (result != null
&& (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
checkKeyIntent(
if (!checkKeyIntent(
Binder.getCallingUid(),
intent);
intent)) {
onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,
"invalid intent in bundle returned");
return;
}
}
IAccountManagerResponse response;
if (mExpectActivityLaunch && result != null
@@ -4700,13 +4708,14 @@ public class AccountManagerService
* into launching arbitrary intents on the device via by tricking to click authenticator
* supplied entries in the system Settings app.
*/
protected void checkKeyIntent(
int authUid,
Intent intent) throws SecurityException {
protected boolean checkKeyIntent(int authUid, Intent intent) {
long bid = Binder.clearCallingIdentity();
try {
PackageManager pm = mContext.getPackageManager();
ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mAccounts.userId);
if (resolveInfo == null) {
return false;
}
ActivityInfo targetActivityInfo = resolveInfo.activityInfo;
int targetUid = targetActivityInfo.applicationInfo.uid;
if (!isExportedSystemActivity(targetActivityInfo)
@@ -4716,9 +4725,10 @@ public class AccountManagerService
String activityName = targetActivityInfo.name;
String tmpl = "KEY_INTENT resolved to an Activity (%s) in a package (%s) that "
+ "does not share a signature with the supplying authenticator (%s).";
throw new SecurityException(
String.format(tmpl, activityName, pkgName, mAccountType));
Log.e(TAG, String.format(tmpl, activityName, pkgName, mAccountType));
return false;
}
return true;
} finally {
Binder.restoreCallingIdentity(bid);
}
@@ -4868,9 +4878,13 @@ public class AccountManagerService
}
if (result != null
&& (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
checkKeyIntent(
if (!checkKeyIntent(
Binder.getCallingUid(),
intent);
intent)) {
onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,
"invalid intent in bundle returned");
return;
}
}
if (result != null
&& !TextUtils.isEmpty(result.getString(AccountManager.KEY_AUTHTOKEN))) {