summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Pinyao Ting <pinyaoting@google.com> 2023-10-02 21:34:51 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-10-02 21:34:51 +0000
commit4a0b42a72cc306f4963aa5326b3366191db6b01a (patch)
treeb0cf551255e6b77d244dfb64aa8200c9f87b67db
parent584df59ac8138e0a92bf45458cba5d5d1552052e (diff)
parent782e7bc3e23dc285f51b7eb0af909e1ccb3ed801 (diff)
Merge "Validate userId when publishing shortcuts" into rvc-dev am: 72aee14094 am: fedf1c8c14 am: 4934f58cc8 am: 782e7bc3e2
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24182288 Change-Id: Ic2c93fd09858955fd7cdd6372204fb60de208566 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/ShortcutService.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index ee63f3b7f216..550e0e2622d7 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1733,6 +1733,10 @@ public class ShortcutService extends IShortcutService.Stub {
android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
throw new SecurityException("Shortcut package name mismatch");
}
+ final int callingUid = injectBinderCallingUid();
+ if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+ throw new SecurityException("User-ID in shortcut doesn't match the caller");
+ }
}
private void verifyShortcutInfoPackages(
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-12 04:37:46 +0000