Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-03 10:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
e1e6d55cc6
DivestOS/Patches/LineageOS-15.1/android_frameworks_base/377009.patch
Tad 9926f25ada
15.1 December ASB work 
Signed-off-by: Tad <tad@spotco.us>
2023-12-12 01:21:38 -05:00

30 lines
1.4 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pinyao Ting <pinyaoting@google.com>
Date: Mon, 24 Jul 2023 14:58:56 -0700
Subject: [PATCH] Validate userId when publishing shortcuts
Bug: 288110451
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:01bfd04ff445db6290ae430d44ea1bf1a115fe3c)
Merged-In: Idbde676f871db83825155730e3714f3727e25762
Change-Id: Idbde676f871db83825155730e3714f3727e25762
---
services/core/java/com/android/server/pm/ShortcutService.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 83b817559c2a..7acb99c8270a 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1543,6 +1543,10 @@ public class ShortcutService extends IShortcutService.Stub {
android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
throw new SecurityException("Shortcut package name mismatch");
}
+ final int callingUid = injectBinderCallingUid();
+ if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+ throw new SecurityException("User-ID in shortcut doesn't match the caller");
+ }
}
private void verifyShortcutInfoPackages(
Reference in New Issue View Git Blame Copy Permalink