mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-30 05:05:47 +00:00
af360bc9ea
wgetc873988898.patch -O telecomm-01.patch wget0fb5786dbf.patch -O mediaprovider-01.patch wget1a4b9ef510.patch -O wifi-01.patch wget364a1d9962.patch -O bluetooth-01.patch wget87a06448b9.patch -O settings-01.patch wgetaaba724a68.patch -O settings-02.patch wget507304e1f5.patch -O native-01.patch wget89489ff5dd.patch -O base-01.patch wgetd1765c4715.patch -O base-02.patch wgetcbb1a0ecd6.patch -O base-03.patch wget4725772c0b.patch -O base-04.patch wget19747f6923.patch -O base-05.patch wgete7a1aa9ed0.patch -O base-06.patch wget922a7860b1.patch -O base-07.patch wgeted183ed912.patch -O base-08.patch wgetc6fbe1330a.patch -O base-09.patch wget9141cac175.patch -O base-10.patch wget41235bcc67.patch -O av-01.patch wgeta89f704701.patch -O av-02.patch wget6d7cd80d77.patch -O av-03.patch wget75fc175a08.patch -O av-04.patch wgetb023ec300f.patch -O av-05.patch wgetc8117d1539.patch -O av-06.patch wgetf06d23d824.patch -O av-07.patch wget9c7408ab07.patch -O av-08.patch wgetcfbfcefb3c.patch -O launcher-01.patch wget4a27a7f162.patch -O libxml-01.patch Signed-off-by: Tad <tad@spotco.us>
49 lines
2.2 KiB
Diff
49 lines
2.2 KiB
Diff
From c873988898e1b520e0e4cfda77e26ec4377a4ce9 Mon Sep 17 00:00:00 2001
|
|
From: Grace Jia <xiaotonj@google.com>
|
|
Date: Thu, 20 Jul 2023 13:42:50 -0700
|
|
Subject: [PATCH] Fix vulnerability in CallRedirectionService.
|
|
|
|
Currently when the CallRedirectionService binding died, we didn't do
|
|
anything, which cause malicious app start activities even not run in the
|
|
background by implementing a CallRedirectionService and overriding the
|
|
onPlaceCall method to schedule a activity start job in an independent
|
|
process and then kill itself. In that way, the activity can still
|
|
start after the CallRedirectionService died. Fix this by unbinding the
|
|
service when the binding died.
|
|
|
|
Bug: b/289809991
|
|
Test: Using testapp provided in bug to make sure the test activity can't
|
|
be started
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)
|
|
Merged-In: I065d361b83700474a1efab2a75928427ee0a14ba
|
|
Change-Id: I065d361b83700474a1efab2a75928427ee0a14ba
|
|
---
|
|
.../callredirection/CallRedirectionProcessor.java | 14 ++++++++++++++
|
|
1 file changed, 14 insertions(+)
|
|
|
|
diff --git a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
index 226382bde..02debcd6c 100644
|
|
--- a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
+++ b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
@@ -175,6 +175,20 @@ public void onNullBinding(ComponentName componentName) {
|
|
Log.endSession();
|
|
}
|
|
}
|
|
+
|
|
+ @Override
|
|
+ public void onBindingDied(ComponentName componentName) {
|
|
+ // Make sure we unbind the service if binding died to avoid background stating
|
|
+ // activity leaks
|
|
+ Log.startSession("CRSC.oBD");
|
|
+ try {
|
|
+ synchronized (mTelecomLock) {
|
|
+ finishCallRedirection();
|
|
+ }
|
|
+ } finally {
|
|
+ Log.endSession();
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
private class CallRedirectionAdapter extends ICallRedirectionAdapter.Stub {
|