Prevent intent defined in AccountPreference from leaking access

Intent defined in AccountPreferences can grant Settings protected ContentProviders' access to authenticator app. We'll explicitly set an empty ClipData to avoid being used for unexpected access grant.

Test: manual, refer to #comment5 in bug for repro steps
Bug: 220733496
Change-Id: I85c22c9a7d72b8a55472d366d8adb6a75ac5c8a5
diff --git a/src/com/android/settings/accounts/ b/src/com/android/settings/accounts/
index 42bb34a..f1b5be1 100644
--- a/src/com/android/settings/accounts/
+++ b/src/com/android/settings/accounts/
@@ -19,6 +19,7 @@
 import android.accounts.Account;
 import android.accounts.AuthenticatorDescription;
+import android.content.ClipData;
 import android.content.Context;
 import android.content.Intent;
@@ -164,6 +165,9 @@
                                  * exploiting the fact that settings has system privileges.
                             if (isSafeIntent(pm, prefIntent, acccountType)) {
+                                // Explicitly set an empty ClipData to ensure that we don't offer to
+                                // promote any Uris contained inside for granting purposes
+                                prefIntent.setClipData(ClipData.newPlainText(null, null));
                                     prefIntent, mUserHandle);
                             } else {