From 22f0c93b47fc84ef99dcb02c3aade19a709e1157 Mon Sep 17 00:00:00 2001
From: Federico Maccaroni <fedemkr@gmail.com>
Date: Tue, 14 May 2024 16:18:30 -0300
Subject: [PATCH] PM-PM-4327 Changed LaunchMode to SingleInstance to avoid
 security issues only on WebAuthCallbackActivity given that it's exported and
 go back to previous value on the other ones. This is being done in the
 manifest so we can set the appropriate value depending on the API level.

---
 src/App/Platforms/Android/AndroidManifest.xml         | 11 ++++++++++-
 .../Autofill/AutofillExternalSelectionActivity.cs     |  2 +-
 .../Autofill/CredentialProviderSelectionActivity.cs   |  2 +-
 .../Android/Resources/values-v30/manifest.xml         |  1 +
 .../Platforms/Android/Resources/values/manifest.xml   |  1 +
 src/App/Platforms/Android/WebAuthCallbackActivity.cs  |  9 ++-------
 6 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/App/Platforms/Android/AndroidManifest.xml b/src/App/Platforms/Android/AndroidManifest.xml
index fc8985c38..f87720128 100644
--- a/src/App/Platforms/Android/AndroidManifest.xml
+++ b/src/App/Platforms/Android/AndroidManifest.xml
@@ -24,7 +24,7 @@
 		<meta-data android:name="com.samsung.android.sdk.multiwindow.penwindow.enable" android:value="true" />
 		<!-- Support for LG "Dual Window" mode (for Android < 7.0 users) -->
 		<meta-data android:name="com.lge.support.SPLIT_WINDOW" android:value="true" />
-		<!-- Declare MainActivity manually so we can set LaunchMode using API dependant resource -->
+		<!-- Declare exported activities manually so we can set LaunchMode/TaskAffinity using API dependant resource -->
 		<activity android:name="com.x8bit.bitwarden.MainActivity" android:configChanges="keyboard|keyboardHidden|navigation|orientation|screenSize|uiMode" android:exported="true" android:icon="@mipmap/ic_launcher" android:label="Bitwarden" android:launchMode="@integer/launchModeAPIlevel" android:theme="@style/LaunchTheme">
 			<intent-filter>
 				<action android:name="android.intent.action.MAIN" />
@@ -39,6 +39,15 @@
 				<data android:mimeType="text/*" />
 			</intent-filter>
 		</activity>
+		<!-- Declare activities manually so we can set taskAffinity using API dependant resource -->
+		<activity android:name="com.x8bit.bitwarden.WebAuthCallbackActivity" android:launchMode="@integer/webAuthCallbackLaunchMode" android:noHistory="true" android:exported="true">
+			<intent-filter>
+				<action android:name="android.intent.action.VIEW" />
+				<category android:name="android.intent.category.DEFAULT" />
+				<category android:name="android.intent.category.BROWSABLE" />
+				<data android:scheme="bitwarden" />
+			</intent-filter>
+		</activity>
 	</application>
 	<!-- Support for Xamarin.Essentials.Browser.OpenAsync  (for Android > 11) -->
 	<!-- Related docs: https://learn.microsoft.com/en-us/xamarin/essentials/open-browser?tabs=android -->
diff --git a/src/App/Platforms/Android/Autofill/AutofillExternalSelectionActivity.cs b/src/App/Platforms/Android/Autofill/AutofillExternalSelectionActivity.cs
index cd839d6e0..38086b884 100644
--- a/src/App/Platforms/Android/Autofill/AutofillExternalSelectionActivity.cs
+++ b/src/App/Platforms/Android/Autofill/AutofillExternalSelectionActivity.cs
@@ -10,7 +10,7 @@ namespace Bit.Droid.Autofill
 {
     [Activity(
         NoHistory = true,
-        LaunchMode = LaunchMode.SingleInstance,
+        LaunchMode = LaunchMode.SingleTop,
         Exported = false)]
     public class AutofillExternalSelectionActivity : MauiAppCompatActivity
     {
diff --git a/src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs b/src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs
index d97d37123..5ea4213c0 100644
--- a/src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs
+++ b/src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs
@@ -20,7 +20,7 @@ namespace Bit.Droid.Autofill
 {
     [Activity(
         NoHistory = true,
-        LaunchMode = LaunchMode.SingleInstance)]
+        LaunchMode = LaunchMode.SingleTop)]
     public class CredentialProviderSelectionActivity : MauiAppCompatActivity
     {
         private LazyResolve<IFido2MediatorService> _fido2MediatorService = new LazyResolve<IFido2MediatorService>();
diff --git a/src/App/Platforms/Android/Resources/values-v30/manifest.xml b/src/App/Platforms/Android/Resources/values-v30/manifest.xml
index c49cde0dc..85d7ceb59 100644
--- a/src/App/Platforms/Android/Resources/values-v30/manifest.xml
+++ b/src/App/Platforms/Android/Resources/values-v30/manifest.xml
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <resources>
   <integer name="launchModeAPIlevel">0</integer>
+  <integer name="webAuthCallbackLaunchMode">1</integer>
 </resources>
\ No newline at end of file
diff --git a/src/App/Platforms/Android/Resources/values/manifest.xml b/src/App/Platforms/Android/Resources/values/manifest.xml
index d4a9102c5..6752392eb 100644
--- a/src/App/Platforms/Android/Resources/values/manifest.xml
+++ b/src/App/Platforms/Android/Resources/values/manifest.xml
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <resources>
   <integer name="launchModeAPIlevel">2</integer>
+  <integer name="webAuthCallbackLaunchMode">3</integer>
 </resources>
\ No newline at end of file
diff --git a/src/App/Platforms/Android/WebAuthCallbackActivity.cs b/src/App/Platforms/Android/WebAuthCallbackActivity.cs
index 4a8db65c6..01d3c9dff 100644
--- a/src/App/Platforms/Android/WebAuthCallbackActivity.cs
+++ b/src/App/Platforms/Android/WebAuthCallbackActivity.cs
@@ -1,17 +1,12 @@
 using Android.App;
 using Android.Content.PM;
 using Android.OS;
+using Android.Runtime;
 using Bit.App.Droid.Utilities;
 
 namespace Bit.Droid
 {
-    [Activity(
-        NoHistory = true, 
-        LaunchMode = LaunchMode.SingleInstance,
-        Exported = true)]
-    [IntentFilter(new[] { Android.Content.Intent.ActionView },
-        Categories = new[] { Android.Content.Intent.CategoryDefault, Android.Content.Intent.CategoryBrowsable },
-        DataScheme = "bitwarden")]
+    [Register("com.x8bit.bitwarden.WebAuthCallbackActivity")]
     public class WebAuthCallbackActivity : WebAuthenticatorCallbackActivity
     {
         protected override void OnCreate(Bundle savedInstanceState)