2024-06-19 23:57:56 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2024-06-19 16:19:28 -04:00
|
|
|
From: Dmitry Dementyev <dementyev@google.com>
|
|
|
|
Date: Tue, 26 Mar 2024 10:31:44 -0700
|
|
|
|
Subject: [PATCH] Add more checkKeyIntent checks to AccountManagerService.
|
|
|
|
|
|
|
|
Another verification is needed after Bundle modification.
|
|
|
|
Bug: 321941232
|
|
|
|
Test: manual
|
|
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36db8a1d61a881f89fdd3911886adcda6e1f0d7f)
|
|
|
|
Merged-In: I9e45d758a2320328da5664b6341eafe6f285f297
|
|
|
|
Change-Id: I9e45d758a2320328da5664b6341eafe6f285f297
|
|
|
|
---
|
|
|
|
.../android/server/accounts/AccountManagerService.java | 10 ++++++++++
|
|
|
|
1 file changed, 10 insertions(+)
|
|
|
|
|
|
|
|
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
2024-06-19 23:57:56 -04:00
|
|
|
index b06fce9128e6..45c56e41d7fb 100644
|
2024-06-19 16:19:28 -04:00
|
|
|
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
|
|
|
|
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
2024-06-19 23:57:56 -04:00
|
|
|
@@ -3441,6 +3441,11 @@ public class AccountManagerService
|
2024-06-19 16:19:28 -04:00
|
|
|
|
|
|
|
// Strip auth token from result.
|
|
|
|
result.remove(AccountManager.KEY_AUTHTOKEN);
|
|
|
|
+ if (!checkKeyIntent(Binder.getCallingUid(), result)) {
|
|
|
|
+ onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,
|
|
|
|
+ "invalid intent in bundle returned");
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
|
|
|
|
if (Log.isLoggable(TAG, Log.VERBOSE)) {
|
|
|
|
Log.v(TAG,
|
2024-06-19 23:57:56 -04:00
|
|
|
@@ -5017,6 +5022,11 @@ public class AccountManagerService
|
2024-06-19 16:19:28 -04:00
|
|
|
} else {
|
|
|
|
if (mStripAuthTokenFromResult) {
|
|
|
|
result.remove(AccountManager.KEY_AUTHTOKEN);
|
|
|
|
+ if (!checkKeyIntent(Binder.getCallingUid(), result)) {
|
|
|
|
+ onError(AccountManager.ERROR_CODE_INVALID_RESPONSE,
|
|
|
|
+ "invalid intent in bundle returned");
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
if (Log.isLoggable(TAG, Log.VERBOSE)) {
|
|
|
|
Log.v(TAG, getClass().getSimpleName()
|