Fix issue #15828903: Intent.parseUri allows call to FLAG_GRANT_*_URI_PERMISSION
You now need to set a flag if you want this unsafe behavior.
Change-Id: I185e9a04e005e42a887c3d58a2818616790b060a
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index a13a2ea..de7fbab 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -4010,6 +4010,20 @@
*/
public static final int URI_ANDROID_APP_SCHEME = 1<<1;
+ /**
+ * Flag for use with {@link #toUri} and {@link #parseUri}: allow parsing
+ * of unsafe information. In particular, the flags {@link #FLAG_GRANT_READ_URI_PERMISSION},
+ * {@link #FLAG_GRANT_WRITE_URI_PERMISSION}, {@link #FLAG_GRANT_PERSISTABLE_URI_PERMISSION},
+ * and {@link #FLAG_GRANT_PREFIX_URI_PERMISSION} flags can not be set, so that the
+ * generated Intent can not cause unexpected data access to happen.
+ *
+ * <p>If you do not trust the source of the URI being parsed, you should still do further
+ * processing to protect yourself from it. In particular, when using it to start an
+ * activity you should usually add in {@link #CATEGORY_BROWSABLE} to limit the activities
+ * that can handle it.</p>
+ */
+ public static final int URI_ALLOW_UNSAFE = 1<<2;
+
// ---------------------------------------------------------------------
private String mAction;
@@ -4309,7 +4323,7 @@
// old format Intent URI
} else if (!uri.startsWith("#Intent;", i)) {
if (!androidApp) {
- return getIntentOld(uri);
+ return getIntentOld(uri, flags);
} else {
i = -1;
}
@@ -4359,6 +4373,9 @@
// launch flags
else if (uri.startsWith("launchFlags=", i)) {
intent.mFlags = Integer.decode(value).intValue();
+ if ((flags& URI_ALLOW_UNSAFE) == 0) {
+ intent.mFlags &= ~IMMUTABLE_FLAGS;
+ }
}
// package
@@ -4488,6 +4505,10 @@
}
public static Intent getIntentOld(String uri) throws URISyntaxException {
+ return getIntentOld(uri, 0);
+ }
+
+ private static Intent getIntentOld(String uri, int flags) throws URISyntaxException {
Intent intent;
int i = uri.lastIndexOf('#');
@@ -4536,6 +4557,9 @@
i += 12;
int j = uri.indexOf(')', i);
intent.mFlags = Integer.decode(uri.substring(i, j)).intValue();
+ if ((flags& URI_ALLOW_UNSAFE) == 0) {
+ intent.mFlags &= ~IMMUTABLE_FLAGS;
+ }
i = j + 1;
}