Google Git
Sign in
android / platform / frameworks / base / 042b52a8551f
commit042b52a8551fa84a0e17e9ad8db2fcf30002569a[log] [tgz]
authoroli <olit@google.com>Wed May 21 14:38:32 2025 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Fri Oct 10 13:59:41 2025 -0700
treec249114f41f609c710abc298e3ae63d055eb6cd6
parentf08b9104a6e9609ad30205d00ff8c88b45c9e87a [diff]
Add resolveActivityAsUserForExplicitType api to pm

allow checking for resolved activity for an intent with a specific type

allowing the intent to declare its own type can lead to a security
vulnerability if the intent changes its type after the IntentForwarder#canForward
check.

Use the new API in IntentForwarderActivity to prevent checking the intent's type twice.

Update other call sites of IntentForwarder#canForward to extract the resolved type from the intent and pass in to to the method call

Check the launch package rather than calling package

sanitize intent selector as well as received intent

Bug: 403565650 407763772 397216638
Flag: EXEMPT bugfix
Test: manually tested
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:57233409d9bb5aef50373760a9b6551aa618c808)
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:4f0b02dea6c4f508c9b3aef8fff9910e80041d30
Merged-In: I8453f25ed5ddd938718f4d2be4983c881778f281
Change-Id: I8453f25ed5ddd938718f4d2be4983c881778f281
5 files changed
tree: c249114f41f609c710abc298e3ae63d055eb6cd6
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc-extras/
  23. obex/
  24. omapi/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. Android.bp
  46. Android.mk
  47. BATTERY_STATS_OWNERS
  48. BROADCASTS_OWNERS
  49. CleanSpec.mk
  50. framework-jarjar-rules.txt
  51. GAME_MANAGER_OWNERS
  52. INPUT_OWNERS
  53. lint-baseline.xml
  54. METADATA
  55. MODULE_LICENSE_APACHE2
  56. MULTIUSER_OWNERS
  57. NOTICE
  58. OWNERS
  59. OWNERS.md
  60. PACKAGE_MANAGER_OWNERS
  61. pathmap.mk
  62. PERFORMANCE_OWNERS
  63. PREUPLOAD.cfg
  64. ProtoLibraries.bp
  65. TEST_MAPPING
  66. TestProtoLibraries.bp
  67. TRACE_OWNERS
  68. WEAR_OWNERS
  69. ZYGOTE_OWNERS