AOSP/Email - Fixed - Security Vulnerability - Email App: Malicious app
is able to compose message with hidden attachments and bypass
attachments path checks attaching private files from
/data/data/com.android.email/*

+ Ported the following CLs. Code is different from gmail. Made the changes
  to work with Email.
  ++ https://critique.corp.google.com/#review/136780360
     +++ Add isExternal() to ComposeActivity.java and it always returns false.
         Treat body and quoted text as plaintext if intent is external.

  ++ https://critique.corp.google.com/#review/137654162
     +++ Don't let other apps use our EXTRA_MESSAGE.
         Load EXTRA_MESSAGE only if action is LAUNCH_COMPOSE.
         LAUNCH_COMPOSE action is an internal only action: b/32068883.

  ++ https://critique.corp.google.com/#review/142296051
     +++ Don't let external Intent use EXTRA_MESSAGE

Bug: 32068883
Bug: 32502421
Bug: 32589229

Test: manual - Ran the following tests on Pixel phone. Tested the Email UI.

$ adb install -r out/target/product/marlin/system/app/Email/Email.apk

$ adb install -r  app-debug.apk
   Success

$ adb shell am start -n com.test.poc.poc32589229/.MainActivity -a android.intent.action.MAIN
  Starting: Intent { act=android.intent.action.MAIN cmp=com.test.poc.poc32589229/.MainActivity }

  Duplicated the steps in https://b.corp.google.com/issues/32589229#comment5
  and didn't get the attachments after the fix (was getting attachments before the fix).

  logcat output:
    11-21 03:45:48.927 11705 11705 I poc-test: sending a hidden file attachment
    11-21 03:45:48.929 11705 11705 I poc-test: Sending contentType: text/html, previewImage: null
    11-21 03:45:48.935   914  4482 I ActivityManager: START u0 {act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras)} from uid 10072
    11-21 03:45:48.935   914  4482 W ActivityManager: Permission Denial: starting Intent { act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras) } from ProcessRecord{6941817 11705:com.test.poc.poc32589229/u0a72} (pid=11705, uid=10072) not exported from uid 10062
    11-21 03:45:48.937 11705 11705 D AndroidRuntime: Shutting down VM
    --------- beginning of crash
    11-21 03:45:48.940 11705 11705 E AndroidRuntime: FATAL EXCEPTION: main
    11-21 03:45:48.940 11705 11705 E AndroidRuntime: Process: com.test.poc.poc32589229, PID: 11705
    11-21 03:45:48.940 11705 11705 E AndroidRuntime: java.lang.IllegalStateException: Could not execute method for android:onClick
    ...
    11-21 03:45:48.940 11705 11705 E AndroidRuntime: Caused by: java.lang.SecurityException: Permission Denial: starting Intent { act=com.android.mail.intent.action.LAUNCH_COMPOSE pkg=com.android.email cmp=com.android.email/.activity.ComposeActivityEmail (has extras) } from ProcessRecord{6941817 11705:com.test.poc.poc32589229/u0a72} (pid=11705, uid=10072) not exported from uid 10062

$ adb install -r out/target/product/marlin/testcases/EmailTests/EmailTests.apk
  Performing Streamed Install
  Success

$ adb shell am instrument -w com.android.email.tests
  The number of failures are same as before (with or without this change).
  Tests run: 158,  Failures: 5

Change-Id: If6e2a2efa08b75675c980b72735cde8252e95760
(cherry picked from commit 3526a4ac552f93a83ea838ddae5de45e1e068af0)
1 file changed