diff options
| author | Winson <chiuwinson@google.com> | 2020-10-28 13:25:44 -0700 |
|---|---|---|
| committer | Winson Chiu <chiuwinson@google.com> | 2020-10-28 20:58:56 +0000 |
| commit | ebb4d6725888fab564201e7e5bdf9e8c417e026d (patch) | |
| tree | f0c05e39e2bed7b2a5f8aa96813f357b3e1c31c7 /tools/aapt2/java/JavaClassGenerator.cpp | |
| parent | e7069bce3c9b1bb2fe4fcc4245f076917fddd3aa (diff) | |
Remove updateIntentVerificationStatusAsUser from ResolverActivity
DO NOT CHERRY PICK ANYWHERE: Security issue
This API is meant to grant an app complete verification over the
domains it has declared, meaning it will always resolve the domains it
declares for web links.
This can allow an app to take over links that are unowned. Any time a
user selects "Always" when resolving an Intent in the diambiguation
dialog, this API would be called, and all subsequent resolutions of any
domain declared by the app selected would be automatically directed to
that app, with no prompt to the user.
From a quick search, it's possible that all usages of this API are
actually unintended and should be removed. Should be considered for
deprecation in the future.
Bug: 163358811
Test: none, this is not generally testable, see linked bug for context
Merged-In: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
Change-Id: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')
0 files changed, 0 insertions, 0 deletions