Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 6728d4f92caa8a344b225cfbc1b257d14cd8c273
commit6728d4f92caa8a344b225cfbc1b257d14cd8c273[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Fri Jan 15 20:53:21 2021 -0700
committerMichael Groover <mpgroover@google.com>Wed Jan 20 13:05:09 2021 -0800
tree0072a8dfe6e9fca3f8fecb57838d2f695956ac81
parentfd763b652d75b12b65251d6a7d4aede5465a3d3e [diff]
Add StrictMode check for unsafe intent launching

Exported components that are not guarded by a signature permission
can receive Intents from any other app on a device. If an app unparcels
and launches an Intent from the Intent delivered to this unprotected
component then a malicious actor can potentially craft an Intent that
could launch hidden components, grant URI permissions, etc. This
commit adds a StrictMode check to report if a component launches an
Intent unparceled from the delivered Intent.

Bug: 160796858
Test: atest StrictModeTest
Change-Id: I763b8a965f91f5b433ce2f4b619e10ef12f5c296
8 files changed
tree: 0072a8dfe6e9fca3f8fecb57838d2f695956ac81
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. cmds/
  6. config/
  7. core/
  8. data/
  9. docs/
  10. drm/
  11. errorprone/
  12. graphics/
  13. identity/
  14. keystore/
  15. libs/
  16. location/
  17. lowpan/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc-extras/
  23. obex/
  24. opengl/
  25. packages/
  26. proto/
  27. rs/
  28. samples/
  29. sax/
  30. services/
  31. startop/
  32. telecomm/
  33. telephony/
  34. test-base/
  35. test-legacy/
  36. test-mock/
  37. test-runner/
  38. tests/
  39. tools/
  40. wifi/
  41. .clang-format
  42. .gitignore
  43. .mailmap
  44. Android.bp
  45. Android.mk
  46. ApiDocs.bp
  47. BATTERY_STATS_OWNERS
  48. CleanSpec.mk
  49. framework-jarjar-rules.txt
  50. METADATA
  51. MODULE_LICENSE_APACHE2
  52. MULTIUSER_OWNERS
  53. NOTICE
  54. OWNERS
  55. OWNERS.md
  56. pathmap.mk
  57. PREUPLOAD.cfg
  58. StubLibraries.bp
  59. TEST_MAPPING
  60. ZYGOTE_OWNERS