filippodb
/
SchildiChat-android
mirror of https://github.com/SchildiChat/SchildiChat-android.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix app stuck in restart loop when requesting notification permissions 

Fixes https://github.com/SchildiChat/SchildiChat-android/issues/235

Note: this disables a "security mechanism" added by upstream. I don't
think the attack vector this saves us from justifies completely breaking
login though. There may be a way to keep the mechanism effective by
checking for activities owned by the operating system, but that probably
requires a more elaborate signature check to be safe.

Change-Id: Ic8ebe8f0d6377ee8a74f83573a9414b21126713b
This commit is contained in:
SpiritCroc 2024-12-02 09:52:26 +01:00
parent 07c88d5119
commit fb75357dee
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt
View File

@ -126,7 +126,7 @@ abstract class VectorBaseActivity<VB : ViewBinding> : AppCompatActivity(), Maver
val tag = this@VectorBaseActivity::class.simpleName.toString() val tag = this@VectorBaseActivity::class.simpleName.toString()
lifecycleScope.launch { lifecycleScope.launch {
repeatOnLifecycle(Lifecycle.State.RESUMED) { repeatOnLifecycle(Lifecycle.State.RESUMED) {
logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this)}") } logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this@VectorBaseActivity)}") }
viewEvents viewEvents
.stream(tag) .stream(tag)
.collect { .collect {

11
vector/src/main/java/im/vector/app/features/lifecycle/VectorActivityLifecycleCallbacks.kt
View File

@ -92,7 +92,10 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
if (isTaskCorrupted) { if (isTaskCorrupted) {
Timber.e("Application is potentially corrupted by an unknown activity") Timber.e("Application is potentially corrupted by an unknown activity")
MainActivity.restartApp(activity, MainActivityArgs()) // NOTE: this also kills us when we request notification permissions!
// Logs say: E SC_NP_DBG: Found potential malicious activity: com.android.permissioncontroller.permission.ui.GrantPermissionsActivity vs im.vector.app.features.debug.TestLinkifyActivity, ...
// We *could* whitelist com.android.permissioncontroller and com.google.android.permissioncontroller via activity.packageName, but how can we know that other OS'es don't have their own?
//MainActivity.restartApp(activity, MainActivityArgs())
return@launch return@launch
} }
} }
@ -144,5 +147,9 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
* @param activity the activity of the task * @param activity the activity of the task
* @return true if the activity is potentially malicious * @return true if the activity is potentially malicious
*/ */
private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className } private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className }.also {
if (it) {
Timber.tag("SC_NP_DBG").e("Found potential malicious activity: ${activity.className} (${activity.packageName}) vs ${activitiesInfo.joinToString { it.name }}")
}
}
} }