mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-30 05:05:47 +00:00
af360bc9ea
wgetc873988898
.patch -O telecomm-01.patch wget0fb5786dbf
.patch -O mediaprovider-01.patch wget1a4b9ef510
.patch -O wifi-01.patch wget364a1d9962
.patch -O bluetooth-01.patch wget87a06448b9
.patch -O settings-01.patch wgetaaba724a68
.patch -O settings-02.patch wget507304e1f5
.patch -O native-01.patch wget89489ff5dd
.patch -O base-01.patch wgetd1765c4715
.patch -O base-02.patch wgetcbb1a0ecd6
.patch -O base-03.patch wget4725772c0b
.patch -O base-04.patch wget19747f6923
.patch -O base-05.patch wgete7a1aa9ed0
.patch -O base-06.patch wget922a7860b1
.patch -O base-07.patch wgeted183ed912
.patch -O base-08.patch wgetc6fbe1330a
.patch -O base-09.patch wget9141cac175
.patch -O base-10.patch wget41235bcc67
.patch -O av-01.patch wgeta89f704701
.patch -O av-02.patch wget6d7cd80d77
.patch -O av-03.patch wget75fc175a08
.patch -O av-04.patch wgetb023ec300f
.patch -O av-05.patch wgetc8117d1539
.patch -O av-06.patch wgetf06d23d824
.patch -O av-07.patch wget9c7408ab07
.patch -O av-08.patch wgetcfbfcefb3c
.patch -O launcher-01.patch wget4a27a7f162
.patch -O libxml-01.patch Signed-off-by: Tad <tad@spotco.us>
49 lines
2.2 KiB
Diff
49 lines
2.2 KiB
Diff
From c873988898e1b520e0e4cfda77e26ec4377a4ce9 Mon Sep 17 00:00:00 2001
|
|
From: Grace Jia <xiaotonj@google.com>
|
|
Date: Thu, 20 Jul 2023 13:42:50 -0700
|
|
Subject: [PATCH] Fix vulnerability in CallRedirectionService.
|
|
|
|
Currently when the CallRedirectionService binding died, we didn't do
|
|
anything, which cause malicious app start activities even not run in the
|
|
background by implementing a CallRedirectionService and overriding the
|
|
onPlaceCall method to schedule a activity start job in an independent
|
|
process and then kill itself. In that way, the activity can still
|
|
start after the CallRedirectionService died. Fix this by unbinding the
|
|
service when the binding died.
|
|
|
|
Bug: b/289809991
|
|
Test: Using testapp provided in bug to make sure the test activity can't
|
|
be started
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)
|
|
Merged-In: I065d361b83700474a1efab2a75928427ee0a14ba
|
|
Change-Id: I065d361b83700474a1efab2a75928427ee0a14ba
|
|
---
|
|
.../callredirection/CallRedirectionProcessor.java | 14 ++++++++++++++
|
|
1 file changed, 14 insertions(+)
|
|
|
|
diff --git a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
index 226382bde..02debcd6c 100644
|
|
--- a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
+++ b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
|
|
@@ -175,6 +175,20 @@ public void onNullBinding(ComponentName componentName) {
|
|
Log.endSession();
|
|
}
|
|
}
|
|
+
|
|
+ @Override
|
|
+ public void onBindingDied(ComponentName componentName) {
|
|
+ // Make sure we unbind the service if binding died to avoid background stating
|
|
+ // activity leaks
|
|
+ Log.startSession("CRSC.oBD");
|
|
+ try {
|
|
+ synchronized (mTelecomLock) {
|
|
+ finishCallRedirection();
|
|
+ }
|
|
+ } finally {
|
|
+ Log.endSession();
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
private class CallRedirectionAdapter extends ICallRedirectionAdapter.Stub {
|