Merge "Validate userId when publishing shortcuts" into main

author: Pinyao Ting <pinyaoting@google.com> 2023-09-01 18:00:21 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-09-01 18:00:21 +0000
commit: 057185cd24ee48e6db439a6a2b005d97482efcfc (patch)
tree: 58fc2ce8ee7d28f6f9567639583ca93dc4eb3c3f
parent: eb9d4d3d5cb634430ed6798f3a7318bafba4dd0f (diff)
parent: 4a12c242e18e83ac209a457e25edecc4055e6929 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 3e4dd1637387..c6aba2ab9cbe 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1743,6 +1743,10 @@ public class ShortcutService extends IShortcutService.Stub {
             android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
             throw new SecurityException("Shortcut package name mismatch");
         }
+        final int callingUid = injectBinderCallingUid();
+        if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+            throw new SecurityException("User-ID in shortcut doesn't match the caller");
+        }
     }
 
     private void verifyShortcutInfoPackages(
author	Pinyao Ting <pinyaoting@google.com>	2023-09-01 18:00:21 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-09-01 18:00:21 +0000
commit	057185cd24ee48e6db439a6a2b005d97482efcfc (patch)
tree	58fc2ce8ee7d28f6f9567639583ca93dc4eb3c3f
parent	eb9d4d3d5cb634430ed6798f3a7318bafba4dd0f (diff)
parent	4a12c242e18e83ac209a457e25edecc4055e6929 (diff)