mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
6fb0a581c3
Signed-off-by: Tad <tad@spotco.us>
82 lines
4.3 KiB
Diff
82 lines
4.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Norman <danielnorman@google.com>
|
|
Date: Thu, 9 Feb 2023 12:28:26 -0800
|
|
Subject: [PATCH] Checks if AccessibilityServiceInfo is within parcelable size.
|
|
|
|
- If too large when parsing service XMLs then skip this service.
|
|
- If too large when a service attempts to update its own info
|
|
then throw an error.
|
|
|
|
Bug: 261589597
|
|
Test: atest AccessibilityServiceInfoTest
|
|
Change-Id: Iffc0cd48cc713f7904d68059e141cb7de5a4b906
|
|
Merged-In: Iffc0cd48cc713f7904d68059e141cb7de5a4b906
|
|
(cherry picked from commit on googleplex-android-review.googlesource.com host: 553232c29079fbeab28f95307d025c1426aa7142)
|
|
Merged-In: Iffc0cd48cc713f7904d68059e141cb7de5a4b906
|
|
---
|
|
.../accessibilityservice/AccessibilityService.java | 4 ++++
|
|
.../accessibilityservice/AccessibilityServiceInfo.java | 10 ++++++++++
|
|
.../accessibility/AccessibilityManagerService.java | 6 ++++++
|
|
3 files changed, 20 insertions(+)
|
|
|
|
diff --git a/core/java/android/accessibilityservice/AccessibilityService.java b/core/java/android/accessibilityservice/AccessibilityService.java
|
|
index 6933e5201a21..ef59803e3ede 100644
|
|
--- a/core/java/android/accessibilityservice/AccessibilityService.java
|
|
+++ b/core/java/android/accessibilityservice/AccessibilityService.java
|
|
@@ -1488,6 +1488,10 @@ public abstract class AccessibilityService extends Service {
|
|
IAccessibilityServiceConnection connection =
|
|
AccessibilityInteractionClient.getInstance().getConnection(mConnectionId);
|
|
if (mInfo != null && connection != null) {
|
|
+ if (!mInfo.isWithinParcelableSize()) {
|
|
+ throw new IllegalStateException(
|
|
+ "Cannot update service info: size is larger than safe parcelable limits.");
|
|
+ }
|
|
try {
|
|
connection.setServiceInfo(mInfo);
|
|
mInfo = null;
|
|
diff --git a/core/java/android/accessibilityservice/AccessibilityServiceInfo.java b/core/java/android/accessibilityservice/AccessibilityServiceInfo.java
|
|
index f85f35889aae..76930d75c5de 100644
|
|
--- a/core/java/android/accessibilityservice/AccessibilityServiceInfo.java
|
|
+++ b/core/java/android/accessibilityservice/AccessibilityServiceInfo.java
|
|
@@ -29,6 +29,7 @@ import android.content.res.Resources;
|
|
import android.content.res.TypedArray;
|
|
import android.content.res.XmlResourceParser;
|
|
import android.hardware.fingerprint.FingerprintManager;
|
|
+import android.os.IBinder;
|
|
import android.os.Parcel;
|
|
import android.os.Parcelable;
|
|
import android.util.AttributeSet;
|
|
@@ -766,6 +767,15 @@ public class AccessibilityServiceInfo implements Parcelable {
|
|
return 0;
|
|
}
|
|
|
|
+ /** @hide */
|
|
+ public final boolean isWithinParcelableSize() {
|
|
+ final Parcel parcel = Parcel.obtain();
|
|
+ writeToParcel(parcel, 0);
|
|
+ final boolean result = parcel.dataSize() <= IBinder.MAX_IPC_SIZE;
|
|
+ parcel.recycle();
|
|
+ return result;
|
|
+ }
|
|
+
|
|
public void writeToParcel(Parcel parcel, int flagz) {
|
|
parcel.writeInt(eventTypes);
|
|
parcel.writeStringArray(packageNames);
|
|
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
|
|
index 91d1b7576ca7..fd87be3e5649 100644
|
|
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
|
|
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
|
|
@@ -1302,6 +1302,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
|
|
AccessibilityServiceInfo accessibilityServiceInfo;
|
|
try {
|
|
accessibilityServiceInfo = new AccessibilityServiceInfo(resolveInfo, mContext);
|
|
+ if (!accessibilityServiceInfo.isWithinParcelableSize()) {
|
|
+ Slog.e(LOG_TAG, "Skipping service "
|
|
+ + accessibilityServiceInfo.getResolveInfo().getComponentInfo()
|
|
+ + " because service info size is larger than safe parcelable limits.");
|
|
+ continue;
|
|
+ }
|
|
mTempAccessibilityServiceInfoList.add(accessibilityServiceInfo);
|
|
} catch (XmlPullParserException | IOException xppe) {
|
|
Slog.e(LOG_TAG, "Error while initializing AccessibilityServiceInfo", xppe);
|