Google Git
Sign in
android / platform / packages / apps / Email / 46e07f5^! / .
commit46e07f5b8f6406538919f036cfa9f2fb7b467f14[log] [tgz]
authorRaman Tenneti <rtenneti@google.com>Mon Sep 16 15:22:08 2019 -0700
committerRaman Tenneti <rtenneti@google.com>Wed Sep 18 21:01:45 2019 +0000
treec397ed9c4f59da86e53cab487f31697f6c0070ee
parent7de20326e9f0e8f868f748531fe3cba4af0898bb [diff]
AOSP/Email - Secure UPDATE_WIDGET receiver with a new permission

The update methods sends a broadcast with the account name, the folder, etc.
This implicitly bypasses the GET_ACCOUNT permission if a third-party
applications listens to this broadcast.

- Introduce a new app permission
- com.android.email.permission.GET_WIDGET_UPDATE
- Now the com.android.email.permission.GET_WIDGET_UPDATE is required to
- receive the emitted broadcast
- Add this permission to our existing widgets.

Ported changes from cr/106302205
- added uses-permission GET_WIDGET_UPDATE, so Gmail app has the permission to receive the intent

Bug: 139803872

Test: manual - Ran the following tests on Pixel phone. Tested the email UI.

$ make -j 40
$ make Email -j
$ make EmailTests -j
  -rw-r--r-- 1 rtenneti primarygroup 6356400 Sep 16 14:10 out/target/product/marlin/testcases/Email/arm64/Email.apk
  -rw-r--r-- 1 rtenneti primarygroup 389599 Sep 16 14:18 out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk

$ adb install -r -d -g out/target/product/marlin/testcases/Email/arm64/Email.apk
$ adb install -r -d -g out/target/product/marlin/testcases/EmailTests/arm64/EmailTests.apk
$ adb shell am instrument -w com.android.email.tests
  Time: 34.746
  OK (157 tests)

$ atest EmailTests
  Summary
  -------
  EmailTests: Passed: 157, Failed: 0, Ignored: 0, Assumption Failed: 0

  All tests passed!

$ adb install ../security_attack/bug_139803872/poc.apk
  Captured the logcat output at rtenneti's x20web logcat.out.0916.1503
  while reproducting the steps in b/139803872#comment3

Change-Id: I6eea128c20b555b38d325e3706473bb18080bedd
Merged-In: I6eea128c20b555b38d325e3706473bb18080bedd

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index ae13064..6891939 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml

@@ -67,6 +67,14 @@
     <uses-permission
         android:name="android.permission.USE_CREDENTIALS"/>
 
+    <!-- Permission to get widget updates. The associated broadcast gives the
+         account and the characteristics of the folder. -->
+    <permission
+        android:name="com.android.email.permission.GET_WIDGET_UPDATE"
+        android:protectionLevel="signature"
+        android:label="@string/permission_update_widget_label"
+        android:description="@string/permission_update_widget_desc"/>
+
     <!-- Grant permission to system apps to access provider (see provider below) -->
     <permission
         android:name="com.android.email.permission.ACCESS_PROVIDER"