Android/packages_apps_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ea05b747d27d2b46eba6dbbd6881b339a692d20
packages_apps_Settings/src/com/android/settings/utils/VoiceSettingsActivity.java
Dianne Hackborn 2dbeb423a9 Fix issue #22860466: viapi security bug - rubber stamping in nested VIs 
The settings activities that get launched directly by voice now
protect themselves to only execute if they were actually directly
launched by the voice interaction service, rather than allowing
any activity currently under voice control to abuse them.

Note the original code also allowed them to execute regardless of
whether they were running under voice, since it allowed for a null
saved state.  I assume that was a mistake, so have removed it.

Change-Id: Ib2269a7ee13016d300afba7fa257bfaca8990fab
2015-08-03 17:17:10 -07:00

86 lines
2.9 KiB
Java
Raw Blame History

/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.utils;
import android.app.Activity;
import android.app.Fragment;
import android.app.VoiceInteractor;
import android.app.VoiceInteractor.AbortVoiceRequest;
import android.app.VoiceInteractor.CompleteVoiceRequest;
import android.content.Intent;
import android.os.Bundle;
import android.view.View;
import android.widget.TextView;
import android.util.Log;
/**
* Activity for modifying a setting using the Voice Interaction API. This activity
* will only allow modifying the setting if the intent was sent using
* {@link android.service.voice.VoiceInteractionSession#startVoiceActivity startVoiceActivity}
* by the current Voice Interaction Service.
*/
abstract public class VoiceSettingsActivity extends Activity {
private static final String TAG = "VoiceSettingsActivity";
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
if (isVoiceInteractionRoot()) {
// Only permit if this is a voice interaction.
if (onVoiceSettingInteraction(getIntent())) {
// If it's complete, finish.
finish();
}
} else {
Log.v(TAG, "Cannot modify settings without voice interaction");
finish();
}
}
/**
* Modify the setting as a voice interaction. Should return true if the
* voice interaction is complete or false if more interaction is required.
*/
abstract protected boolean onVoiceSettingInteraction(Intent intent);
/**
* Send a notification that the interaction was successful. If {@param prompt} is
* not null, then it will be read to the user.
*/
protected void notifySuccess(CharSequence prompt) {
if (getVoiceInteractor() != null) {
getVoiceInteractor().submitRequest(new CompleteVoiceRequest(prompt, null) {
@Override
public void onCompleteResult(Bundle options) {
finish();
}
});
}
}
/**
* Indicates when the setting could not be changed.
*/
protected void notifyFailure(CharSequence prompt) {
if (getVoiceInteractor() != null) {
getVoiceInteractor().submitRequest(new AbortVoiceRequest(prompt, null));
}
}
}
Reference in New Issue View Git Blame Copy Permalink