Merge "[Security] Prevent malicious notifications from AMS." into nyc-dev
am: c118e62076
* commit 'c118e62076c6defc39001c1618d566e20dda2574':
[Security] Prevent malicious notifications from AMS.
Change-Id: Id862594b563aede7b14486138b95ef01bf5ed822
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 98b3b08..a9a53a2 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -2237,8 +2237,13 @@
}
}
- new Session(accounts, response, account.type, expectActivityLaunch,
- false /* stripAuthTokenFromResult */, account.name,
+ new Session(
+ accounts,
+ response,
+ account.type,
+ expectActivityLaunch,
+ false /* stripAuthTokenFromResult */,
+ account.name,
false /* authDetailsRequired */) {
@Override
protected String toDebugString(long now) {
@@ -2310,6 +2315,15 @@
Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
if (intent != null && notifyOnAuthFailure && !customTokens) {
+ /*
+ * Make sure that the supplied intent is owned by the authenticator
+ * giving it to the system. Otherwise a malicious authenticator could
+ * have users launching arbitrary activities by tricking users to
+ * interact with malicious notifications.
+ */
+ checkKeyIntent(
+ Binder.getCallingUid(),
+ intent);
doNotification(mAccounts,
account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),
intent, accounts.userId);