From 18d1359a28cee22491dbe2f8b814ab999348ebfa Mon Sep 17 00:00:00 2001 From: Dmitry Dementyev Date: Tue, 26 Mar 2024 10:31:44 -0700 Subject: [PATCH] Add more checkKeyIntent checks to AccountManagerService. Another verification is needed after Bundle modification. Bug: 321941232 Test: manual (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36db8a1d61a881f89fdd3911886adcda6e1f0d7f) Merged-In: I9e45d758a2320328da5664b6341eafe6f285f297 Change-Id: I9e45d758a2320328da5664b6341eafe6f285f297 --- .../android/server/accounts/AccountManagerService.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index 8a9ddda50d63b..37a68d3eec76c 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -3475,6 +3475,11 @@ public void onResult(Bundle result) { // Strip auth token from result. result.remove(AccountManager.KEY_AUTHTOKEN); + if (!checkKeyIntent(Binder.getCallingUid(), result)) { + onError(AccountManager.ERROR_CODE_INVALID_RESPONSE, + "invalid intent in bundle returned"); + return; + } if (Log.isLoggable(TAG, Log.VERBOSE)) { Log.v(TAG, @@ -5052,6 +5057,11 @@ public void onResult(Bundle result) { } else { if (mStripAuthTokenFromResult) { result.remove(AccountManager.KEY_AUTHTOKEN); + if (!checkKeyIntent(Binder.getCallingUid(), result)) { + onError(AccountManager.ERROR_CODE_INVALID_RESPONSE, + "invalid intent in bundle returned"); + return; + } } if (Log.isLoggable(TAG, Log.VERBOSE)) { Log.v(TAG, getClass().getSimpleName()