92f761550246e60016ce1c37f1c19869536756af - platform_packages_apps_Settings

commit	92f761550246e60016ce1c37f1c19869536756af	[log] [tgz]
author	Carlos Valdivia <carlosvaldivia@google.com>	Mon Sep 08 20:12:24 2014 -0700
committer	Carlos Valdivia <carlosvaldivia@google.com>	Tue Sep 09 11:17:19 2014 -0700
tree	0dd94d1721c47cf3abcb69f0014211b2577bdd04
parent	bec89d797b6f2680c544639faed7e47573625e11 [diff]

SECURITY: Prevent preference intents from exploiting settings.

Settings has super powers because it shares the system uid. We prevent
those powers from being exploited by malicious authenticators by
checking the intents those authenticators provide.

We will only launch intents that resolve to Activities that are exported=true
or owned by the same UID as the authenticator.

Bug: 14408627
Change-Id: Ia179df8561d29745767dac0f3c97eb0f68083f59

src/com/android/settings/accounts/ManageAccountsSettings.java[diff]

1 file changed

tree: 0dd94d1721c47cf3abcb69f0014211b2577bdd04

res/
src/
tests/
Android.mk
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
proguard.flags