Google Git
Sign in
android/platform/packages/apps/DocumentsUI/a48245c5b
commit
a48245c5bfa71b54684e11f71dd1a961e57b4667
[log] [tgz]
author
Himanshu Arora <hmarora@google.com>
Thu Oct 30 10:30:43 2025 +0000
committer
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Wed Jan 07 21:40:27 2026 -0800
tree
7f7699bb1b75588d3f6a6f221d37d88cd2efc283
parent
cf72487df3d11137a7175d0d67e8f53ae54bd5ca [diff]
Prevent a malicious selector from launching an arbitrary activity.

PickActivity reuses the incoming intent to show more apps that can handle the request. If the original intent has a selector, it can be used to launch an arbitrary activity with the permissions of DocumentsUI.
This change fixes the vulnerability by clearing the selector on the copied intent.

Bug: 447135012
Flag: EXEMPT BUGFIX
Test: manual
(cherry picked from commit 32d6a7338dc3f655832c2832dc93d2cc66a2021e)
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:c39362f4223b0a31eacb87b5f7b16441910f0dbc
Merged-In: I3e2eeaab8990a20fe639a165630ed1773e47fb3c
Change-Id: I3e2eeaab8990a20fe639a165630ed1773e47fb3c
1 file changed
tree: 7f7699bb1b75588d3f6a6f221d37d88cd2efc283
  1. app-perf-tests/
  2. perf-tests/
  3. res/
  4. src/
  5. tests/
  6. Android.bp
  7. AndroidManifest.xml
  8. AndroidManifestForUnitTests.xml
  9. build_apk.mk
  10. lint-baseline.xml
  11. lint.xml
  12. OWNERS
  13. PREUPLOAD.cfg
  14. proguard.flags
  15. TEST_MAPPING
  16. wrap_alpha.py