From 67da4de87c6398a43aec6592f484dffc00f743f5 Mon Sep 17 00:00:00 2001 From: Amith Yamasani Date: Wed, 25 Sep 2013 14:05:33 -0700 Subject: [PATCH] Make sure that external callers cannot pass in the confirm bypass extra Security fix for vulnerability where an app could launch into the screen lock change dialog without first confirming the existing password/pattern. Also, make sure that the fragments are launched with the correct corresponding activity. Bug: 9858403 Change-Id: I0f2c00a44abeb624c6fba0497bf6036a6f1a4564 Conflicts: AndroidManifest.xml src/com/android/settings/ChooseLockGeneric.java changes by Wolfgang Wiedmeyer for replicant backport: removed @Override for isValidFragment as android.app.Fragment is not imported resolved merge conflict Signed-off-by: Wolfgang Wiedmeyer --- AndroidManifest.xml | 6 ++++-- src/com/android/settings/ChooseLockGeneric.java | 15 +++++++++++++-- src/com/android/settings/ChooseLockPassword.java | 3 +++ src/com/android/settings/ChooseLockPattern.java | 5 ++++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/AndroidManifest.xml b/AndroidManifest.xml index c76adc8..fe30f83 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -1030,7 +1030,6 @@ - @@ -1046,7 +1045,10 @@ - + diff --git a/src/com/android/settings/ChooseLockGeneric.java b/src/com/android/settings/ChooseLockGeneric.java index f67213c..28b8da9 100644 --- a/src/com/android/settings/ChooseLockGeneric.java +++ b/src/com/android/settings/ChooseLockGeneric.java @@ -49,6 +49,14 @@ public class ChooseLockGeneric extends PreferenceActivity { return modIntent; } + protected boolean isValidFragment(String fragmentName) { + if (ChooseLockGenericFragment.class.getName().equals(fragmentName)) return true; + return false; + } + + public static class InternalActivity extends ChooseLockGeneric { + } + public static class ChooseLockGenericFragment extends SettingsPreferenceFragment { private static final int MIN_PASSWORD_LENGTH = 4; private static final String KEY_UNLOCK_BACKUP_INFO = "unlock_backup_info"; @@ -86,7 +94,9 @@ public class ChooseLockGeneric extends PreferenceActivity { // Defaults to needing to confirm credentials final boolean confirmCredentials = getActivity().getIntent() .getBooleanExtra(CONFIRM_CREDENTIALS, true); - mPasswordConfirmed = !confirmCredentials; + if (getActivity() instanceof ChooseLockGeneric.InternalActivity) { + mPasswordConfirmed = !confirmCredentials; + } if (savedInstanceState != null) { mPasswordConfirmed = savedInstanceState.getBoolean(PASSWORD_CONFIRMED); @@ -325,7 +335,8 @@ public class ChooseLockGeneric extends PreferenceActivity { } private Intent getBiometricSensorIntent() { - Intent fallBackIntent = new Intent().setClass(getActivity(), ChooseLockGeneric.class); + Intent fallBackIntent = new Intent().setClass(getActivity(), + ChooseLockGeneric.InternalActivity.class); fallBackIntent.putExtra(LockPatternUtils.LOCKSCREEN_BIOMETRIC_WEAK_FALLBACK, true); fallBackIntent.putExtra(CONFIRM_CREDENTIALS, false); fallBackIntent.putExtra(EXTRA_SHOW_FRAGMENT_TITLE, diff --git a/src/com/android/settings/ChooseLockPassword.java b/src/com/android/settings/ChooseLockPassword.java index aab4ba6..70ff443 100644 --- a/src/com/android/settings/ChooseLockPassword.java +++ b/src/com/android/settings/ChooseLockPassword.java @@ -154,6 +154,9 @@ public class ChooseLockPassword extends PreferenceActivity { super.onCreate(savedInstanceState); mLockPatternUtils = new LockPatternUtils(getActivity()); Intent intent = getActivity().getIntent(); + if (!(getActivity() instanceof ChooseLockPassword)) { + throw new SecurityException("Fragment contained in wrong activity"); + } mRequestedQuality = Math.max(intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, mRequestedQuality), mLockPatternUtils.getRequestedPasswordQuality()); mPasswordMinLength = Math.max( diff --git a/src/com/android/settings/ChooseLockPattern.java b/src/com/android/settings/ChooseLockPattern.java index f92dca4..563b841 100644 --- a/src/com/android/settings/ChooseLockPattern.java +++ b/src/com/android/settings/ChooseLockPattern.java @@ -297,6 +297,9 @@ public class ChooseLockPattern extends PreferenceActivity { public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity()); + if (!(getActivity() instanceof ChooseLockPattern)) { + throw new SecurityException("Fragment contained in wrong activity"); + } } @Override @@ -338,7 +341,7 @@ public class ChooseLockPattern extends PreferenceActivity { topLayout.setDefaultTouchRecepient(mLockPatternView); final boolean confirmCredentials = getActivity().getIntent() - .getBooleanExtra("confirm_credentials", false); + .getBooleanExtra("confirm_credentials", true); if (savedInstanceState == null) { if (confirmCredentials) { -- 2.1.4