Fix app stuck in restart loop when requesting notification permissions

Fixes https://github.com/SchildiChat/SchildiChat-android/issues/235

Note: this disables a "security mechanism" added by upstream. I don't
think the attack vector this saves us from justifies completely breaking
login though. There may be a way to keep the mechanism effective by
checking for activities owned by the operating system, but that probably
requires a more elaborate signature check to be safe.

Change-Id: Ic8ebe8f0d6377ee8a74f83573a9414b21126713b
This commit is contained in:
SpiritCroc 2024-12-02 09:52:26 +01:00
parent 07c88d5119
commit fb75357dee
2 changed files with 10 additions and 3 deletions

View File

@ -126,7 +126,7 @@ abstract class VectorBaseActivity<VB : ViewBinding> : AppCompatActivity(), Maver
val tag = this@VectorBaseActivity::class.simpleName.toString()
lifecycleScope.launch {
repeatOnLifecycle(Lifecycle.State.RESUMED) {
logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this)}") }
logTag?.let { Timber.tag(it).i("observeViewEvents resumed - ${System.identityHashCode(this@VectorBaseActivity)}") }
viewEvents
.stream(tag)
.collect {

View File

@ -92,7 +92,10 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
if (isTaskCorrupted) {
Timber.e("Application is potentially corrupted by an unknown activity")
MainActivity.restartApp(activity, MainActivityArgs())
// NOTE: this also kills us when we request notification permissions!
// Logs say: E SC_NP_DBG: Found potential malicious activity: com.android.permissioncontroller.permission.ui.GrantPermissionsActivity vs im.vector.app.features.debug.TestLinkifyActivity, ...
// We *could* whitelist com.android.permissioncontroller and com.google.android.permissioncontroller via activity.packageName, but how can we know that other OS'es don't have their own?
//MainActivity.restartApp(activity, MainActivityArgs())
return@launch
}
}
@ -144,5 +147,9 @@ class VectorActivityLifecycleCallbacks constructor(private val popupAlertManager
* @param activity the activity of the task
* @return true if the activity is potentially malicious
*/
private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className }
private fun isPotentialMaliciousActivity(activity: ComponentName): Boolean = activitiesInfo.none { it.name == activity.className }.also {
if (it) {
Timber.tag("SC_NP_DBG").e("Found potential malicious activity: ${activity.className} (${activity.packageName}) vs ${activitiesInfo.joinToString { it.name }}")
}
}
}