DivestOS/Patches/LineageOS-20.0/ASB-2024-06/fwb-09.patch

From d0df12d2f498f441d87852580a89f8588380d902 Mon Sep 17 00:00:00 2001
From: Hans Boehm <hboehm@google.com>
Date: Tue, 2 Jan 2024 16:53:13 -0800
Subject: [PATCH] Check hidden API exemptions

Refuse to deal with newlines and null characters in
HiddenApiSettings.update(). Also disallow nulls in process start
arguments.

Bug: 316153291
Test: Treehugger for now
(cherry picked from commit 7ba059e2cf0a2c20f9a849719cdc32b12c933a44)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:60669aa49aba34c0950d6246bd95b54f91a3c8e8)
Merged-In: I83cd60e46407a4a082f9f3c80e937dbd522dbac4
Change-Id: I83cd60e46407a4a082f9f3c80e937dbd522dbac4
---
 core/java/android/os/ZygoteProcess.java | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index bf2898137967..63bcf5f119e1 100644
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java
@@ -431,6 +431,8 @@ private Process.ProcessStartResult zygoteSendArgsAndGetResult(
                 throw new ZygoteStartFailedEx("Embedded newlines not allowed");
             } else if (arg.indexOf('\r') >= 0) {
                 throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
+            } else if (arg.indexOf('\u0000') >= 0) {
+                throw new ZygoteStartFailedEx("Embedded nulls not allowed");
             }
         }
 
@@ -972,6 +974,14 @@ private boolean maybeSetApiDenylistExemptions(ZygoteState state, boolean sendIfE
             return true;
         }
 
+        for (/* NonNull */ String s : mApiDenylistExemptions) {
+            // indexOf() is intrinsified and faster than contains().
+            if (s.indexOf('\n') >= 0 || s.indexOf('\r') >= 0 || s.indexOf('\u0000') >= 0) {
+                Slog.e(LOG_TAG, "Failed to set API denylist exemptions: Bad character");
+                mApiDenylistExemptions = Collections.emptyList();
+                return false;
+            }
+        }
         try {
             state.mZygoteOutputWriter.write(Integer.toString(mApiDenylistExemptions.size() + 1));
             state.mZygoteOutputWriter.newLine();