Merge "Don't put credentials in results from externally accessible activities"
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 30be255..55736f4 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1007,6 +1007,15 @@
<activity android:name="ConfirmLockPassword"
android:windowSoftInputMode="stateVisible|adjustResize"/>
+ <!-- Note this must not be exported since it returns the password in the intent -->
+ <activity android:name="ConfirmLockPattern$InternalActivity"
+ android:exported="false"/>
+
+ <!-- Note this must not be exported since it returns the password in the intent -->
+ <activity android:name="ConfirmLockPassword$InternalActivity"
+ android:exported="false"
+ android:windowSoftInputMode="stateVisible|adjustResize"/>
+
<activity android:name="ChooseLockGeneric"
android:label="@string/lockpassword_choose_lock_generic_header"
android:excludeFromRecents="true" >
diff --git a/src/com/android/settings/ChooseLockSettingsHelper.java b/src/com/android/settings/ChooseLockSettingsHelper.java
index d59fefb..5aa511a 100644
--- a/src/com/android/settings/ChooseLockSettingsHelper.java
+++ b/src/com/android/settings/ChooseLockSettingsHelper.java
@@ -54,10 +54,24 @@
* @see #onActivityResult(int, int, android.content.Intent)
*/
boolean launchConfirmationActivity(int request, CharSequence message, CharSequence details) {
+ return launchConfirmationActivity(request, message, details, false);
+ }
+
+ /**
+ * If a pattern, password or PIN exists, prompt the user before allowing them to change it.
+ * @param message optional message to display about the action about to be done
+ * @param details optional detail message to display
+ * @param returnCredentials if true, put credentials into intent. Note that if this is true,
+ this can only be called internally.
+ * @return true if one exists and we launched an activity to confirm it
+ * @see #onActivityResult(int, int, android.content.Intent)
+ */
+ boolean launchConfirmationActivity(int request, CharSequence message, CharSequence details,
+ boolean returnCredentials) {
boolean launched = false;
switch (mLockPatternUtils.getKeyguardStoredPasswordQuality()) {
case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
- launched = confirmPattern(request, message, details);
+ launched = confirmPattern(request, message, details, returnCredentials);
break;
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
@@ -65,7 +79,7 @@
case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
// TODO: update UI layout for ConfirmPassword to show message and details
- launched = confirmPassword(request);
+ launched = confirmPassword(request, returnCredentials);
break;
}
return launched;
@@ -75,10 +89,12 @@
* Launch screen to confirm the existing lock pattern.
* @param message shown in header of ConfirmLockPattern if not null
* @param details shown in footer of ConfirmLockPattern if not null
+ * @param returnCredentials if true, put credentials into intent.
* @see #onActivityResult(int, int, android.content.Intent)
* @return true if we launched an activity to confirm pattern
*/
- private boolean confirmPattern(int request, CharSequence message, CharSequence details) {
+ private boolean confirmPattern(int request, CharSequence message,
+ CharSequence details, boolean returnCredentials) {
if (!mLockPatternUtils.isLockPatternEnabled() || !mLockPatternUtils.savedPatternExists()) {
return false;
}
@@ -86,7 +102,10 @@
// supply header and footer text in the intent
intent.putExtra(ConfirmLockPattern.HEADER_TEXT, message);
intent.putExtra(ConfirmLockPattern.FOOTER_TEXT, details);
- intent.setClassName("com.android.settings", "com.android.settings.ConfirmLockPattern");
+ intent.setClassName("com.android.settings",
+ returnCredentials
+ ? ConfirmLockPattern.InternalActivity.class.getName()
+ : ConfirmLockPattern.class.getName());
if (mFragment != null) {
mFragment.startActivityForResult(intent, request);
} else {
@@ -97,13 +116,17 @@
/**
* Launch screen to confirm the existing lock password.
+ * @param returnCredentials if true, put credentials into intent.
* @see #onActivityResult(int, int, android.content.Intent)
* @return true if we launched an activity to confirm password
*/
- private boolean confirmPassword(int request) {
+ private boolean confirmPassword(int request, boolean returnCredentials) {
if (!mLockPatternUtils.isLockPasswordEnabled()) return false;
final Intent intent = new Intent();
- intent.setClassName("com.android.settings", "com.android.settings.ConfirmLockPassword");
+ intent.setClassName("com.android.settings",
+ returnCredentials
+ ? ConfirmLockPassword.InternalActivity.class.getName()
+ : ConfirmLockPassword.class.getName());
if (mFragment != null) {
mFragment.startActivityForResult(intent, request);
} else {
diff --git a/src/com/android/settings/ConfirmLockPassword.java b/src/com/android/settings/ConfirmLockPassword.java
index 52aa1d9..54acf73 100644
--- a/src/com/android/settings/ConfirmLockPassword.java
+++ b/src/com/android/settings/ConfirmLockPassword.java
@@ -44,6 +44,9 @@
public class ConfirmLockPassword extends SettingsActivity {
+ public static class InternalActivity extends ConfirmLockPassword {
+ }
+
@Override
public Intent getIntent() {
Intent modIntent = new Intent(super.getIntent());
@@ -168,10 +171,12 @@
if (mLockPatternUtils.checkPassword(pin)) {
Intent intent = new Intent();
- intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
- mIsAlpha ? StorageManager.CRYPT_TYPE_PASSWORD
- : StorageManager.CRYPT_TYPE_PIN);
- intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, pin);
+ if (getActivity() instanceof ConfirmLockPassword.InternalActivity) {
+ intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
+ mIsAlpha ? StorageManager.CRYPT_TYPE_PASSWORD
+ : StorageManager.CRYPT_TYPE_PIN);
+ intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, pin);
+ }
getActivity().setResult(RESULT_OK, intent);
getActivity().finish();
diff --git a/src/com/android/settings/ConfirmLockPattern.java b/src/com/android/settings/ConfirmLockPattern.java
index 9405f6d..caf691d 100644
--- a/src/com/android/settings/ConfirmLockPattern.java
+++ b/src/com/android/settings/ConfirmLockPattern.java
@@ -43,6 +43,9 @@
*/
public class ConfirmLockPattern extends SettingsActivity {
+ public static class InternalActivity extends ConfirmLockPattern {
+ }
+
/**
* Names of {@link CharSequence} fields within the originating {@link Intent}
* that are used to configure the keyguard confirmation view's labeling.
@@ -266,10 +269,12 @@
if (mLockPatternUtils.checkPattern(pattern)) {
Intent intent = new Intent();
- intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
- StorageManager.CRYPT_TYPE_PATTERN);
- intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
- LockPatternUtils.patternToString(pattern));
+ if (getActivity() instanceof ConfirmLockPattern.InternalActivity) {
+ intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
+ StorageManager.CRYPT_TYPE_PATTERN);
+ intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
+ LockPatternUtils.patternToString(pattern));
+ }
getActivity().setResult(Activity.RESULT_OK, intent);
getActivity().finish();
diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index f515b36..57b5384 100644
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -378,7 +378,8 @@
boolean launched = new ChooseLockSettingsHelper(this)
.launchConfirmationActivity(CONFIRM_KEY_GUARD_REQUEST,
res.getText(R.string.credentials_install_gesture_prompt),
- res.getText(R.string.credentials_install_gesture_explanation));
+ res.getText(R.string.credentials_install_gesture_explanation),
+ true);
return launched;
}
diff --git a/src/com/android/settings/CryptKeeperSettings.java b/src/com/android/settings/CryptKeeperSettings.java
index 7f7a675..45df8ba 100644
--- a/src/com/android/settings/CryptKeeperSettings.java
+++ b/src/com/android/settings/CryptKeeperSettings.java
@@ -164,7 +164,8 @@
return helper.launchConfirmationActivity(request,
res.getText(R.string.master_clear_gesture_prompt),
- res.getText(R.string.master_clear_gesture_explanation));
+ res.getText(R.string.master_clear_gesture_explanation),
+ true);
}
@Override