mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 02:14:34 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
127 lines
4.9 KiB
Diff
127 lines
4.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Yuri Lin <yurilin@google.com>
|
|
Date: Mon, 29 Aug 2022 17:40:14 -0400
|
|
Subject: [PATCH] Trim any long string inputs that come in to AutomaticZenRule
|
|
|
|
This change both prevents any rules from being unable to be written to
|
|
disk and also avoids risk of running out of memory while handling all
|
|
the zen rules.
|
|
|
|
Bug: 242703460
|
|
Bug: 242703505
|
|
Bug: 242703780
|
|
Bug: 242704043
|
|
Bug: 243794204
|
|
Test: cts AutomaticZenRuleTest; atest android.app.AutomaticZenRuleTest;
|
|
manually confirmed each exploit example either saves the rule
|
|
successfully with a truncated string (in the case of name & conditionId)
|
|
or may fail to save the rule at all (if the owner/configactivity is invalid).
|
|
Additionally ran the memory-exhausting PoC without device crashes.
|
|
|
|
Change-Id: I110172a43f28528dd274b3b346eb29c3796ff2c6
|
|
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
|
|
(cherry picked from commit de172ba0d434c940be9e2aad8685719731ab7da2)
|
|
(cherry picked from commit c4b2c877ec28e2473104d9fcdcf321bd81da881b)
|
|
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
|
|
---
|
|
core/java/android/app/AutomaticZenRule.java | 50 ++++++++++++++++++---
|
|
1 file changed, 43 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/core/java/android/app/AutomaticZenRule.java b/core/java/android/app/AutomaticZenRule.java
|
|
index cd4ace669b6c..29dd91ec1ad6 100644
|
|
--- a/core/java/android/app/AutomaticZenRule.java
|
|
+++ b/core/java/android/app/AutomaticZenRule.java
|
|
@@ -36,6 +36,13 @@ public final class AutomaticZenRule implements Parcelable {
|
|
private ComponentName owner;
|
|
private long creationTime;
|
|
|
|
+ /**
|
|
+ * The maximum string length for any string contained in this automatic zen rule. This pertains
|
|
+ * both to fields in the rule itself (such as its name) and items with sub-fields.
|
|
+ * @hide
|
|
+ */
|
|
+ public static final int MAX_STRING_LENGTH = 1000;
|
|
+
|
|
/**
|
|
* Creates an automatic zen rule.
|
|
*
|
|
@@ -50,9 +57,9 @@ public final class AutomaticZenRule implements Parcelable {
|
|
*/
|
|
public AutomaticZenRule(String name, ComponentName owner, Uri conditionId,
|
|
int interruptionFilter, boolean enabled) {
|
|
- this.name = name;
|
|
- this.owner = owner;
|
|
- this.conditionId = conditionId;
|
|
+ this.name = getTrimmedString(name);
|
|
+ this.owner = getTrimmedComponentName(owner);
|
|
+ this.conditionId = getTrimmedUri(conditionId);
|
|
this.interruptionFilter = interruptionFilter;
|
|
this.enabled = enabled;
|
|
}
|
|
@@ -70,11 +77,11 @@ public final class AutomaticZenRule implements Parcelable {
|
|
public AutomaticZenRule(Parcel source) {
|
|
enabled = source.readInt() == 1;
|
|
if (source.readInt() == 1) {
|
|
- name = source.readString();
|
|
+ name = getTrimmedString(source.readString());
|
|
}
|
|
interruptionFilter = source.readInt();
|
|
conditionId = source.readParcelable(null);
|
|
- owner = source.readParcelable(null);
|
|
+ owner = getTrimmedComponentName(source.readParcelable(null));
|
|
creationTime = source.readLong();
|
|
}
|
|
|
|
@@ -124,7 +131,7 @@ public final class AutomaticZenRule implements Parcelable {
|
|
* Sets the representation of the state that causes this rule to become active.
|
|
*/
|
|
public void setConditionId(Uri conditionId) {
|
|
- this.conditionId = conditionId;
|
|
+ this.conditionId = getTrimmedUri(conditionId);
|
|
}
|
|
|
|
/**
|
|
@@ -139,7 +146,7 @@ public final class AutomaticZenRule implements Parcelable {
|
|
* Sets the name of this rule.
|
|
*/
|
|
public void setName(String name) {
|
|
- this.name = name;
|
|
+ this.name = getTrimmedString(name);
|
|
}
|
|
|
|
/**
|
|
@@ -210,4 +217,33 @@ public final class AutomaticZenRule implements Parcelable {
|
|
return new AutomaticZenRule[size];
|
|
}
|
|
};
|
|
+
|
|
+ /**
|
|
+ * If the package or class name of the provided ComponentName are longer than MAX_STRING_LENGTH,
|
|
+ * return a trimmed version that truncates each of the package and class name at the max length.
|
|
+ */
|
|
+ private static ComponentName getTrimmedComponentName(ComponentName cn) {
|
|
+ if (cn == null) return null;
|
|
+ return new ComponentName(getTrimmedString(cn.getPackageName()),
|
|
+ getTrimmedString(cn.getClassName()));
|
|
+ }
|
|
+ /**
|
|
+ * Returns a truncated copy of the string if the string is longer than MAX_STRING_LENGTH.
|
|
+ */
|
|
+ private static String getTrimmedString(String input) {
|
|
+ if (input != null && input.length() > MAX_STRING_LENGTH) {
|
|
+ return input.substring(0, MAX_STRING_LENGTH);
|
|
+ }
|
|
+ return input;
|
|
+ }
|
|
+ /**
|
|
+ * Returns a truncated copy of the Uri by trimming the string representation to the maximum
|
|
+ * string length.
|
|
+ */
|
|
+ private static Uri getTrimmedUri(Uri input) {
|
|
+ if (input != null && input.toString().length() > MAX_STRING_LENGTH) {
|
|
+ return Uri.parse(getTrimmedString(input.toString()));
|
|
+ }
|
|
+ return input;
|
|
+ }
|
|
}
|