2024-08-17 12:35:07 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2024-08-05 16:38:56 -04:00
|
|
|
From: Pinyao Ting <pinyaoting@google.com>
|
|
|
|
Date: Tue, 20 Jul 2021 00:01:29 +0000
|
|
|
|
Subject: [PATCH] Prevend user spoofing in isRequestPinItemSupported
|
|
|
|
|
|
|
|
This CL ensure the caller process is from the same user when calling
|
|
|
|
ShortcutService#isRequestPinItemSupported.
|
|
|
|
|
|
|
|
Bug: 191772737
|
|
|
|
Test: atest ShortcutManagerTest1 ShortcutManagerTest2
|
|
|
|
ShortcutManagerTest3 ShortcutManagerTest4 ShortcutManagerTest5
|
|
|
|
ShortcutManagerTest6 ShortcutManagerTest7 ShortcutManagerTest8
|
|
|
|
ShortcutManagerTest9 ShortcutManagerTest10 ShortcutManagerTest11
|
|
|
|
ShortcutManagerTest12
|
|
|
|
Test: atest CtsShortcutManagerTestCases
|
|
|
|
Change-Id: Icab7cdf25b870b88ecfde9b99e107bbeda0eb485
|
|
|
|
---
|
|
|
|
.../com/android/server/pm/ShortcutService.java | 15 +++++++++++++++
|
|
|
|
1 file changed, 15 insertions(+)
|
|
|
|
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
|
2024-08-17 12:35:07 -04:00
|
|
|
index 83dc8e99423d..56edf675cc67 100644
|
2024-08-05 16:38:56 -04:00
|
|
|
--- a/services/core/java/com/android/server/pm/ShortcutService.java
|
|
|
|
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
|
2024-08-17 12:35:07 -04:00
|
|
|
@@ -1554,6 +1554,19 @@ public class ShortcutService extends IShortcutService.Stub {
|
2024-08-05 16:38:56 -04:00
|
|
|
mContext.enforceCallingPermission(permission, message);
|
|
|
|
}
|
|
|
|
|
|
|
|
+ private void verifyCallerUserId(@UserIdInt int userId) {
|
|
|
|
+ if (isCallerSystem()) {
|
|
|
|
+ return; // no check
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ final int callingUid = injectBinderCallingUid();
|
|
|
|
+
|
|
|
|
+ // Otherwise, make sure the arguments are valid.
|
|
|
|
+ if (UserHandle.getUserId(callingUid) != userId) {
|
|
|
|
+ throw new SecurityException("Invalid user-ID");
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
private void verifyCaller(@NonNull String packageName, @UserIdInt int userId) {
|
|
|
|
Preconditions.checkStringNotEmpty(packageName, "packageName");
|
|
|
|
|
2024-08-17 12:35:07 -04:00
|
|
|
@@ -2237,6 +2250,8 @@ public class ShortcutService extends IShortcutService.Stub {
|
2024-08-05 16:38:56 -04:00
|
|
|
|
|
|
|
@Override
|
|
|
|
public boolean isRequestPinItemSupported(int callingUserId, int requestType) {
|
|
|
|
+ verifyCallerUserId(callingUserId);
|
|
|
|
+
|
|
|
|
final long token = injectClearCallingIdentity();
|
|
|
|
try {
|
|
|
|
return mShortcutRequestPinProcessor
|