summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Pinyao Ting <pinyaoting@google.com> 2023-10-02 23:41:25 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-10-02 23:41:25 +0000
commit2721e6e8d3af44eb568ea06eb9c98b25e961902b (patch)
tree0b37b4955a865814811cd5f4fc5470283f984a6d
parent8023670788519866787ae9fba4f5952034b8babc (diff)
parentfb722bc9e74b6e94b009bc1bf287421117df0a27 (diff)
Merge "Validate userId when publishing shortcuts" into rvc-dev am: 72aee14094 am: fedf1c8c14 am: 4934f58cc8 am: 782e7bc3e2 am: 4a0b42a72c am: 63fe378e16 am: 2828a742bc am: fb722bc9e7
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24182288 Change-Id: I0c445eed289cddfd4452aa2c4d9fdd1d7bd6ae70 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/ShortcutService.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 3e4dd1637387..c6aba2ab9cbe 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1743,6 +1743,10 @@ public class ShortcutService extends IShortcutService.Stub {
android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
throw new SecurityException("Shortcut package name mismatch");
}
+ final int callingUid = injectBinderCallingUid();
+ if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+ throw new SecurityException("User-ID in shortcut doesn't match the caller");
+ }
}
private void verifyShortcutInfoPackages(
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-03 23:19:22 +0000