Skip to content

Instantly share code, notes, and snippets.

@Thorsten1976
Created April 9, 2014 20:15
Show Gist options
  • Save Thorsten1976/10309867 to your computer and use it in GitHub Desktop.
Save Thorsten1976/10309867 to your computer and use it in GitHub Desktop.
From fe5886ca195b78f8bcbfac5a356fd2d464ec6c40 Mon Sep 17 00:00:00 2001
From: Thorsten Giesecke <thorsten@giesecke.org>
Date: Tue, 8 Apr 2014 01:10:40 +0200
Subject: [PATCH] Vulnerability fix for
http://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf
(introduced with Kitkat)
---
TV-Browser/proguard-project.txt | 3 +++
.../org/tvbrowser/settings/TvbPreferencesActivity.java | 18 ++++++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/TV-Browser/proguard-project.txt b/TV-Browser/proguard-project.txt
index f2fe155..dc6a916 100644
--- a/TV-Browser/proguard-project.txt
+++ b/TV-Browser/proguard-project.txt
@@ -18,3 +18,6 @@
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
+
+# required for PreferenceActivity#isValidFragment(String)
+-keep public class org.tvbrowser.settings.TvbPreferenceFragment
\ No newline at end of file
diff --git a/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java b/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java
index 6526e0d..311c541 100644
--- a/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java
+++ b/TV-Browser/src/org/tvbrowser/settings/TvbPreferencesActivity.java
@@ -20,10 +20,13 @@ import java.util.List;
import org.tvbrowser.tvbrowser.R;
+import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
+import android.os.Build;
import android.os.Bundle;
import android.preference.PreferenceActivity;
+import android.util.Log;
public class TvbPreferencesActivity extends PreferenceActivity {
@Override
@@ -34,8 +37,19 @@ public class TvbPreferencesActivity extends PreferenceActivity {
super.onCreate(savedInstanceState);
}
-
- @Override
+
+ /**
+ * Vulnerability fix as mentioned here:
+ * http://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf
+ */
+ @Override
+ @TargetApi(Build.VERSION_CODES.KITKAT)
+ protected boolean isValidFragment(final String fragmentName) {
+ return "org.tvbrowser.settings.TvbPreferenceFragment".equals(fragmentName) ||
+ super.isValidFragment(fragmentName);
+ }
+
+ @Override
public void onBuildHeaders(List<Header> target) {
loadHeadersFromResource(R.xml.tvbrowser_preferences_header, target);
--
1.8.5.2.msysgit.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment