From fb75357deeeb2a5fd80ac912ed0acc60e5db5c06 Mon Sep 17 00:00:00 2001 From: SpiritCroc Date: Mon, 2 Dec 2024 09:52:26 +0100 Subject: [PATCH] Fix app stuck in restart loop when requesting notification permissions Fixes https://github.com/SchildiChat/SchildiChat-android/issues/235 Note: this disables a "security mechanism" added by upstream. I don't think the attack vector this saves us from justifies completely breaking login though. There may be a way to keep the mechanism effective by checking for activities owned by the operating system, but that probably requires a more elaborate signature check to be safe. Change-Id: Ic8ebe8f0d6377ee8a74f83573a9414b21126713b --- .../im/vector/app/core/platform/VectorBaseActivity.kt | 2 +- .../lifecycle/VectorActivityLifecycleCallbacks.kt | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt b/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt index 2aa0d6fd9d..1852177f83 100644 --- a/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt +++ b/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt @@ -126,7 +126,7 @@ abstract class VectorBaseActivity : AppCompatActivity(), Maver val tag = this@VectorBaseActivity::class.simpleName.toString() lifecycleScope.launch { repeatOnLifecycle(Lifecycle.State.RESUMED) { - logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this)}") } + logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this@VectorBaseActivity)}") } viewEvents .stream(tag) .collect { diff --git a/vector/src/main/java/im/vector/app/features/lifecycle/VectorActivityLifecycleCallbacks.kt b/vector/src/main/java/im/vector/app/features/lifecycle/VectorActivityLifecycleCallbacks.kt index 2a3476eba6..4f6bf8ed04 100644 --- a/vector/src/main/java/im/vector/app/features/lifecycle/VectorActivityLifecycleCallbacks.kt +++ b/vector/src/main/java/im/vector/app/features/lifecycle/VectorActivityLifecycleCallbacks.kt @@ -92,7 +92,10 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager if (isTaskCorrupted) { Timber.e("Application is potentially corrupted by an unknown activity") - MainActivity.restartApp(activity, MainActivityArgs()) + // NOTE: this also kills us when we request notification permissions! + // Logs say: E SC_NP_DBG: Found potential malicious activity: com.android.permissioncontroller.permission.ui.GrantPermissionsActivity vs im.vector.app.features.debug.TestLinkifyActivity, ... + // We *could* whitelist com.android.permissioncontroller and com.google.android.permissioncontroller via activity.packageName, but how can we know that other OS'es don't have their own? + //MainActivity.restartApp(activity, MainActivityArgs()) return@launch } } @@ -144,5 +147,9 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager * @param activity the activity of the task * @return true if the activity is potentially malicious */ - private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className } + private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className }.also { + if (it) { + Timber.tag("SC_NP_DBG").e("Found potential malicious activity: ${activity.className} (${activity.packageName}) vs ${activitiesInfo.joinToString { it.name }}") + } + } }