mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-11 00:44:23 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
41 lines
2.1 KiB
Diff
41 lines
2.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Will Leshner <wleshner@google.com>
|
|
Date: Tue, 31 Oct 2023 13:23:08 -0700
|
|
Subject: [PATCH] Fix vulnerability that allowed attackers to start arbitary
|
|
activities
|
|
|
|
Test: Flashed device and verified dream settings works as expected
|
|
Test: Installed APK from bug and verified the dream didn't allow
|
|
launching the inappropriate settings activity.
|
|
Fixes: 300090204
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6926fd15fb16c51468dde270bd61ee68772b8c14)
|
|
Merged-In: I573040df84bf98a493b39f96c8581e4303206bac
|
|
Change-Id: I573040df84bf98a493b39f96c8581e4303206bac
|
|
---
|
|
.../com/android/settingslib/dream/DreamBackend.java | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java b/packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java
|
|
index 3c0f6fe8ccbb..0b771580fff4 100644
|
|
--- a/packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java
|
|
+++ b/packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java
|
|
@@ -332,7 +332,17 @@ public class DreamBackend {
|
|
if (cn != null && cn.indexOf('/') < 0) {
|
|
cn = resolveInfo.serviceInfo.packageName + "/" + cn;
|
|
}
|
|
- return cn == null ? null : ComponentName.unflattenFromString(cn);
|
|
+ // Ensure that the component is from the same package as the dream service. If not,
|
|
+ // treat the component as invalid and return null instead.
|
|
+ final ComponentName result = cn != null ? ComponentName.unflattenFromString(cn) : null;
|
|
+ if (result != null
|
|
+ && !result.getPackageName().equals(resolveInfo.serviceInfo.packageName)) {
|
|
+ Log.w(TAG,
|
|
+ "Inconsistent package name in component: " + result.getPackageName()
|
|
+ + ", should be: " + resolveInfo.serviceInfo.packageName);
|
|
+ return null;
|
|
+ }
|
|
+ return result;
|
|
}
|
|
|
|
private static void logd(String msg, Object... args) {
|