Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE
Merged-In: I11c236f3901c9faaeb6c702678d330dde8f07f38
Merged-In: I3d784788884f9b80733786dc73d9bb62ffef817b
Change-Id: Iabf5075f225933cd03d2d2ac43b9821ecc9fb7c1
diff --git a/src/com/android/settings/SettingsActivity.java b/src/com/android/settings/SettingsActivity.java
index 4341851..b773872 100644
--- a/src/com/android/settings/SettingsActivity.java
+++ b/src/com/android/settings/SettingsActivity.java
@@ -397,6 +397,10 @@
*/
public static Intent getTrampolineIntent(Intent intent, String highlightMenuKey) {
final Intent detailIntent = new Intent(intent);
+ // Guard against the arbitrary Intent injection.
+ if (detailIntent.getSelector() != null) {
+ detailIntent.setSelector(null);
+ }
// It's a deep link intent, SettingsHomepageActivity will set SplitPairRule and start it.
final Intent trampolineIntent = new Intent(ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY)
.setPackage(Utils.SETTINGS_PACKAGE_NAME)
diff --git a/tests/robotests/src/com/android/settings/SettingsActivityTest.java b/tests/robotests/src/com/android/settings/SettingsActivityTest.java
index 89f8449..5bf2089 100644
--- a/tests/robotests/src/com/android/settings/SettingsActivityTest.java
+++ b/tests/robotests/src/com/android/settings/SettingsActivityTest.java
@@ -16,6 +16,8 @@
package com.android.settings;
+import static android.provider.Settings.EXTRA_SETTINGS_EMBEDDED_DEEP_LINK_INTENT_URI;
+
import static com.android.settings.SettingsActivity.EXTRA_SHOW_FRAGMENT;
import static com.google.common.truth.Truth.assertThat;
@@ -30,6 +32,7 @@
import android.app.ActivityManager;
import android.content.Context;
import android.content.Intent;
+import android.net.Uri;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentManager;
@@ -49,6 +52,7 @@
import org.robolectric.RuntimeEnvironment;
import org.robolectric.annotation.Config;
+import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
@@ -114,6 +118,29 @@
assertThat(((ListenerFragment) fragments.get(1)).mOnActivityResultCalled).isTrue();
}
+ @Test
+ public void getTrampolineIntent_intentSelector_shouldNotChangeIntentAction() {
+ Intent targetIntent = new Intent().setClassName("android",
+ "com.android.internal.app.PlatLogoActivity");
+ Intent intent = new Intent(android.provider.Settings.ACTION_DISPLAY_SETTINGS);
+ intent.setComponent(intent.resolveActivity(mContext.getPackageManager()));
+ intent.setSelector(new
+ Intent().setData(Uri.fromParts(targetIntent.toUri(Intent.URI_INTENT_SCHEME), /* ssp= */ "",
+ /* fragment= */ null)));
+
+ Intent resultIntent = SettingsActivity.getTrampolineIntent(intent, "menu_key");
+
+ String intentUriString =
+ resultIntent.getStringExtra(EXTRA_SETTINGS_EMBEDDED_DEEP_LINK_INTENT_URI);
+ Intent parsedIntent = null;
+ try {
+ parsedIntent = Intent.parseUri(intentUriString, Intent.URI_INTENT_SCHEME);
+ } catch (URISyntaxException e) {
+ // Do nothng.
+ }
+ assertThat(parsedIntent.getAction()).isEqualTo(intent.getAction());
+ }
+
public static class ListenerFragment extends Fragment implements OnActivityResultListener {
private boolean mOnActivityResultCalled;
