Merge pull request #7225 from vector-im/yostyle/fix_strandhogg_detection

Add Activities of android permission controller in the whitelist
This commit is contained in:
Yoan Pintas 2022-10-04 11:51:06 +02:00 committed by GitHub
commit ef82cc6aa7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 7 deletions

1
changelog.d/7224.bugfix Normal file
View File

@ -0,0 +1 @@
Fix app restarts in loop on Android 13 on the first run of the app.

View File

@ -33,6 +33,7 @@ import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.SupervisorJob import kotlinx.coroutines.SupervisorJob
import kotlinx.coroutines.launch import kotlinx.coroutines.launch
import kotlinx.coroutines.withContext import kotlinx.coroutines.withContext
import org.matrix.android.sdk.api.extensions.tryOrNull
import timber.log.Timber import timber.log.Timber
class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager: PopupAlertManager) : Application.ActivityLifecycleCallbacks { class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager: PopupAlertManager) : Application.ActivityLifecycleCallbacks {
@ -58,6 +59,26 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
override fun onActivityStopped(activity: Activity) {} override fun onActivityStopped(activity: Activity) {}
override fun onActivityCreated(activity: Activity, savedInstanceState: Bundle?) { override fun onActivityCreated(activity: Activity, savedInstanceState: Bundle?) {
if (activitiesInfo.isEmpty()) {
val context = activity.applicationContext
val packageManager: PackageManager = context.packageManager
// Get all activities from element android
activitiesInfo = packageManager.getPackageInfo(context.packageName, PackageManager.GET_ACTIVITIES).activities
// Get all activities from PermissionController module
// See https://source.android.com/docs/core/architecture/modular-system/permissioncontroller#package-format
if (Build.VERSION.SDK_INT > Build.VERSION_CODES.S_V2) {
activitiesInfo += tryOrNull {
packageManager.getPackageInfo("com.google.android.permissioncontroller", PackageManager.GET_ACTIVITIES).activities
} ?: tryOrNull {
packageManager.getModuleInfo("com.google.android.permission", 1).packageName?.let {
packageManager.getPackageInfo(it, PackageManager.GET_ACTIVITIES or PackageManager.MATCH_APEX).activities
}
}.orEmpty()
}
}
// restart the app if the task contains an unknown activity // restart the app if the task contains an unknown activity
coroutineScope.launch { coroutineScope.launch {
val isTaskCorrupted = try { val isTaskCorrupted = try {
@ -92,12 +113,6 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
*/ */
private suspend fun isTaskCorrupted(activity: Activity): Boolean = withContext(Dispatchers.Default) { private suspend fun isTaskCorrupted(activity: Activity): Boolean = withContext(Dispatchers.Default) {
val context = activity.applicationContext val context = activity.applicationContext
val packageManager: PackageManager = context.packageManager
// Get all activities from app manifest
if (activitiesInfo.isEmpty()) {
activitiesInfo = packageManager.getPackageInfo(context.packageName, PackageManager.GET_ACTIVITIES).activities
}
// Get all running activities on app task // Get all running activities on app task
// and compare to activities declared in manifest // and compare to activities declared in manifest
@ -122,7 +137,7 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
runningTaskInfo.topActivity?.let { runningTaskInfo.topActivity?.let {
// Check whether the activity task affinity matches with app task affinity. // Check whether the activity task affinity matches with app task affinity.
// The activity is considered safe when its task affinity doesn't correspond to app task affinity. // The activity is considered safe when its task affinity doesn't correspond to app task affinity.
if (packageManager.getActivityInfo(it, 0).taskAffinity == context.applicationInfo.taskAffinity) { if (context.packageManager.getActivityInfo(it, 0).taskAffinity == context.applicationInfo.taskAffinity) {
isPotentialMaliciousActivity(it) isPotentialMaliciousActivity(it)
} else false } else false
} ?: false } ?: false