Improve validation on launcher alias intents.

2026-06-05 19:43:58 +00:00 · 2026-06-05 19:43:58 +00:00 · a2a0b11c98
commit a2a0b11c98
parent 96f893652b
1 changed files with 15 additions and 0 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/MainActivity.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/MainActivity.kt
@ -1052,6 +1052,13 @@ class MainActivity :

  private fun handleConversationIntent(intent: Intent) {
    if (ConversationIntents.isConversationIntent(intent)) {
+      if (!isTrustedConversationIntent(intent)) {
+        Log.w(TAG, "Received a conversation intent through an exported entry point. Ignoring its extras.")
+        intent.action = null
+        setIntent(intent)
+        return
+      }
+
      mainNavigationViewModel.goTo(MainNavigationListLocation.CHATS)
      mainNavigationViewModel.goTo(MainNavigationDetailLocation.Conversation(ConversationIntents.readArgsFromBundle(intent.extras!!)))
      intent.action = null
@ -1059,6 +1066,14 @@ class MainActivity :
    }
  }

+  /**
+   * While MainActivity isn't exporting, we have launcher aliases that are, so we verify that someone isn't launching us through those befre
+   * respecting various intent attributes.
+   */
+  private fun isTrustedConversationIntent(intent: Intent): Boolean {
+    return intent.component?.className == MainActivity::class.java.name
+  }
+
  private fun handleGroupLinkInIntent(intent: Intent) {
    intent.data?.let { data ->
      CommunicationActions.handlePotentialGroupLinkUrl(this, data.toString())