Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 06329e5fb214ce6c2179b7fc7740c0fba41f084a
commit06329e5fb214ce6c2179b7fc7740c0fba41f084a[log] [tgz]
authorCarlos Valdivia <carlosvaldivia@google.com>Sat May 07 21:46:15 2016 -0700
committerCarlos Valdivia <carlosvaldivia@google.com>Sat May 07 21:46:15 2016 -0700
tree94dfcf4983106c10ce8d50dcf3065d854878caed
parentdce92891df42d5ad8cdcb6ecade5b2801a14f090 [diff]
[Security] Prevent malicious notifications from AMS.

There was a hole in the getAuthToken logic that allowed notifications
resulting from getAuthToken requests using notifyOnAuthFailure=true to
launch arbitrary activites on the device. This is because the
getAuthToken session overrode onResult (unlike addAccount, updateCreds,
or confirmCreds).

Bug: 13787929
Change-Id: Ife1d48835f48416c2f0690f1413a076b69215190
1 file changed
tree: 94dfcf4983106c10ce8d50dcf3065d854878caed
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. proto/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telecomm/
  24. telephony/
  25. test-runner/
  26. tests/
  27. tools/
  28. wifi/
  29. Android.mk
  30. CleanSpec.mk
  31. compiled-classes-phone
  32. MODULE_LICENSE_APACHE2
  33. NOTICE
  34. preloaded-classes