Google Git
Sign in
android / platform / packages / apps / ManagedProvisioning / 0261ca482
commit0261ca4821a02d87afbebfa15c5e8c07b2d3cfbf[log] [tgz]
authorShreya Singh <shreyacsingh@google.com>Fri Mar 07 16:15:57 2025 -0800
committerShreya Singh <shreyacsingh@google.com>Thu Mar 13 11:26:02 2025 -0700
treec7b8904110e24ff2a4347a1681c8ba9da1bff076
parent1fb5bd9051a4051faf802f70de860c19846f4099 [diff]
Fix confused deputy vulnerability in termsActivity to access terms_disclaimer Uri only if the calling app has the permissions

1-P doc at: go/termsDisclaimerVulnerability

Before: https://hsv.googleplex.com/5163551739084800
After: https://hsv.googleplex.com/5207829722955776
https://paste.googleplex.com/5643054726512640

Flag: EXEMPT bug fix
Bug: 299928772
Test: Manual using test app provided by the reporter
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d67902f6a7498d016ee588d6c00710fb2d3ab98)
Merged-In: I4c5ab64cb770c61db1cedc5169a4b8cdf0a4b0bd
Change-Id: I4c5ab64cb770c61db1cedc5169a4b8cdf0a4b0bd
1 file changed
tree: c7b8904110e24ff2a4347a1681c8ba9da1bff076
  1. proto/
  2. res/
  3. src/
  4. tests/
  5. tools/
  6. Android.bp
  7. AndroidManifest.xml
  8. OWNERS
  9. PREUPLOAD.cfg
  10. proguard.flags
  11. README.md
  12. TEST_MAPPING
README.md

Managed Provisioning

Bundled app responsible for provisioning an enterprise device

Flows

QR

{
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.afwsamples.testdpc/com.afwsamples.testdpc.DeviceAdminReceiver",
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://testdpc-latest-apk.appspot.com/preview",
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "gJD2YwtOiWJHkSMkkIfLRlj-quNqG1fb6v100QmzM9w="
}

Code