OSDN > Find Software > System > OS distribution > Live CD > Android-x86 > SCM > git > frameworks-base > Commit

Android-x86
Fork
external-gbm_gralloc
hardware-powerbtnd
hardware-intel-libva
manifest
device-generic-x86_64
device-generic-common
system-bt
hardware-intel-intel-driver
external-bluetooth-bluedroid
build
device-generic-x86
packages-apps-Camera2
device-viewsonic-viewpad10
packages-apps-Taskbar
packages-apps-Gallery2
system-media
hardware-intel-common-libva
external-vboxguest-linux-modules
system-netd
hardware-intel-common-vaapi
external-swiftshader
external-efibootmgr
device-generic-openthos
packages-apps-Settings
hardware-ril
packages-apps-CMFileManager
packages-apps-Eleven
external-toybox
external-drm_hwcomposer
hardware-libhardware_legacy
system-extras
hardware-libsensors
hardware-liblights
hardware-broadcom-libbt
packages-apps-TSCalibration2
system-core
packages-apps-Bluetooth
device-generic-firmware
device-generic-goldfish
external-s2tc
device-asus
device-amd
device-common
device-hp-tx2500
device-ibm-thinkpad
device-lenovo-s103t
device-tegatech-tegav2
external-srec
external-webkit
external-wpa_supplicant_6
packages-apps-AndroidTerm
packages-apps-FileManager
external-tslib
external-modules-rtl8723au
packages-inputmethods-PinyinIME
sdk
system-bluetooth
hardware-alsa_sound
device-asus-laptop
device-amd-persimmon
development
device-dell-sparta
device-vm-vm
hardware-wacom-input
libcore
packages-apps-Browser
packages-apps-Camera
prebuilt
device-motion-m1400
device-viliv-s5
packages-apps-Superuser
device-asus-eeepc
device-generic-goldfish-opengl
external-mplayer
external-wpa_supplicant
frameworks-policies-base
ndk
packages-apps-Calendar
packages-apps-ConnectBot
packages-apps-Contacts
packages-apps-DeskClock
packages-apps-LIME
packages-apps-Music
packages-providers-DownloadProvider
packages-wallpapers-Basic
packages-wallpapers-MagicSmoke
packages-wallpapers-MusicVisualization
packages-providers-ImProvider
packages-apps-AlarmClock
packages-apps-IM
packages-apps-Launcher
packages-apps-SoundRecorder
external-opencore
vendor-intel-houdini
vendor-samsung-q1u
external-dhcpcd
hardware-menlow-psb
hardware-menlow-ioport
push
external-eject
external-v86d
external-koush-Superuser
external-koush-Widgets
frameworks-native
external-libpciaccess
external-bluetooth-bluez
external-libtruezip
external-stagefright-plugins
external-ntfs-3g
external-parted
hardware-intel-hwcomposer
external-mesa
external-ffmpeg
external-llvm
external-libdrm
external-e2fsprogs
external-bluetooth-glib
hardware-broadcom-wlan
external-drm_gralloc
hardware-gps
external-busybox
kernel
external-alsa-lib
external-alsa-utils
system-vold
frameworks-base
frameworks-av
external-bluetooth-sbc
packages-apps-Trebuchet
dalvik
hardware-x86power
packages-services-Analytics
external-ppp
packages-apps-Launcher3
external-wpa_supplicant_8
hardware-intel-audio_media
hardware-intel-libsensors
hardware-libaudio
hardware-libcamera
external-googleanalytics
hardware-libhardware
hardware-interfaces
bootable-newinstaller
art
external-efivar
hardware-memtrack
system-connectivity-wificond
bionic
external-kernel-drivers
external-drm_framebuffer
external-exfat
external-openssh
external-wireless-tools
external-mksh
external-libffi
external-musl-libc
system-hardware-interfaces
external-minigbm
external-IA-Hardware-Composer
external-drmfb-composer
external-alsa-ucm-conf
external-libncurses
external-llvm-project
system-linkerconfig
Donation

R/O
HTTP
SSH
HTTPS

frameworks-base: Commit

frameworks/base

Commit MetaInfo

Revision	faf2dc95bf26fb075039ed3ee7623e83a281c6dd (tree)
Time	2018-08-11 05:28:06
Author	Makoto Onuki <omakoto@goog...>
Commiter	android-build-team Robot

Log Message

Backport Prevent shortcut info package name spoofing

Test: cts-tradefed run cts -m CtsShortcutManagerTestCases -t android.content.pm.cts.shortcutmanager.ShortcutManagerFakingPublisherTest
Bug: 109824443

Change-Id: I90443973aaef157d357b98b739572866125b2bbc
Merged-In: I78948446a63b428ae750464194558fd44a658493
(cherry picked from commit 9e21579a11219581a0c08ff5dd6ac4dc22e988a4)

Change Summary

modified: services/core/java/com/android/server/pm/ShortcutService.java (diff)

Incremental Difference

--- a/services/core/java/com/android/server/pm/ShortcutService.java

+++ b/services/core/java/com/android/server/pm/ShortcutService.java

		@@ -131,6 +131,7 @@ import java.nio.charset.StandardCharsets;
131	131	import java.util.ArrayList;
132	132	import java.util.Collections;
133	133	import java.util.List;
	134	+import java.util.Objects;
134	135	import java.util.concurrent.atomic.AtomicBoolean;
135	136	import java.util.function.Consumer;
136	137	import java.util.function.Predicate;

		@@ -1534,6 +1535,24 @@ public class ShortcutService extends IShortcutService.Stub {
1534	1535	"Ephemeral apps can't use ShortcutManager");
1535	1536	}
1536	1537
	1538	+ private void verifyShortcutInfoPackage(String callerPackage, ShortcutInfo si) {
	1539	+ if (si == null) {
	1540	+ return;
	1541	+ }
	1542	+ if (!Objects.equals(callerPackage, si.getPackage())) {
	1543	+ android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
	1544	+ throw new SecurityException("Shortcut package name mismatch");
	1545	+ }
	1546	+ }
	1547	+
	1548	+ private void verifyShortcutInfoPackages(
	1549	+ String callerPackage, List<ShortcutInfo> list) {
	1550	+ final int size = list.size();
	1551	+ for (int i = 0; i < size; i++) {
	1552	+ verifyShortcutInfoPackage(callerPackage, list.get(i));
	1553	+ }
	1554	+ }
	1555	+
1537	1556	// Overridden in unit tests to execute r synchronously.
1538	1557	void injectPostToHandler(Runnable r) {
1539	1558	mHandler.post(r);

		@@ -1681,6 +1700,7 @@ public class ShortcutService extends IShortcutService.Stub {
1681	1700	verifyCaller(packageName, userId);
1682	1701
1683	1702	final List<ShortcutInfo> newShortcuts = (List<ShortcutInfo>) shortcutInfoList.getList();
	1703	+ verifyShortcutInfoPackages(packageName, newShortcuts);
1684	1704	final int size = newShortcuts.size();
1685	1705
1686	1706	synchronized (mLock) {

		@@ -1732,6 +1752,7 @@ public class ShortcutService extends IShortcutService.Stub {
1732	1752	verifyCaller(packageName, userId);
1733	1753
1734	1754	final List<ShortcutInfo> newShortcuts = (List<ShortcutInfo>) shortcutInfoList.getList();
	1755	+ verifyShortcutInfoPackages(packageName, newShortcuts);
1735	1756	final int size = newShortcuts.size();
1736	1757
1737	1758	synchronized (mLock) {

		@@ -1812,6 +1833,7 @@ public class ShortcutService extends IShortcutService.Stub {
1812	1833	verifyCaller(packageName, userId);
1813	1834
1814	1835	final List<ShortcutInfo> newShortcuts = (List<ShortcutInfo>) shortcutInfoList.getList();
	1836	+ verifyShortcutInfoPackages(packageName, newShortcuts);
1815	1837	final int size = newShortcuts.size();
1816	1838
1817	1839	synchronized (mLock) {

		@@ -1871,6 +1893,7 @@ public class ShortcutService extends IShortcutService.Stub {
1871	1893	Preconditions.checkNotNull(shortcut);
1872	1894	Preconditions.checkArgument(shortcut.isEnabled(), "Shortcut must be enabled");
1873	1895	verifyCaller(packageName, userId);
	1896	+ verifyShortcutInfoPackage(packageName, shortcut);
1874	1897
1875	1898	final Intent ret;
1876	1899	synchronized (mLock) {

		@@ -1892,6 +1915,7 @@ public class ShortcutService extends IShortcutService.Stub {
1892	1915	private boolean requestPinItem(String packageName, int userId, ShortcutInfo shortcut,
1893	1916	AppWidgetProviderInfo appWidget, Bundle extras, IntentSender resultIntent) {
1894	1917	verifyCaller(packageName, userId);
	1918	+ verifyShortcutInfoPackage(packageName, shortcut);
1895	1919
1896	1920	final boolean ret;
1897	1921	synchronized (mLock) {

Show on old repository browser