diff options
| author | 2018-02-27 14:38:04 -0700 | |
|---|---|---|
| committer | 2018-02-28 23:06:04 +0000 | |
| commit | b0613dceb0db9d75edc19f104af4cd198745d991 (patch) | |
| tree | 40d06795612dbd57c457e739a56b7b81c861774b | |
| parent | d0f517b9df46926d803c7d9963c70791b2af1c01 (diff) | |
Force loading of safe labels in system_server.
It's too easy for code to accidentally use loadLabel() when building
strings for security sensitive contexts, so add ability for a process
to always force loading of safe strings.
Test: builds, boots
Bug: 73657770
Change-Id: I1c7645bd7bebed0cfb6bc3e5bfd36c8cb11d4838
| -rw-r--r-- | core/java/android/content/pm/PackageItemInfo.java | 21 | ||||
| -rw-r--r-- | services/java/com/android/server/SystemServer.java | 3 |
2 files changed, 22 insertions, 2 deletions
diff --git a/core/java/android/content/pm/PackageItemInfo.java b/core/java/android/content/pm/PackageItemInfo.java index 2c0c6ad0723e..53ffd55d5510 100644 --- a/core/java/android/content/pm/PackageItemInfo.java +++ b/core/java/android/content/pm/PackageItemInfo.java @@ -43,6 +43,14 @@ import java.util.Comparator; */ public class PackageItemInfo { private static final float MAX_LABEL_SIZE_PX = 500f; + + private static volatile boolean sForceSafeLabels = false; + + /** {@hide} */ + public static void setForceSafeLabels(boolean forceSafeLabels) { + sForceSafeLabels = forceSafeLabels; + } + /** * Public name of this item. From the "android:name" attribute. */ @@ -128,7 +136,16 @@ public class PackageItemInfo { * @return Returns a CharSequence containing the item's label. If the * item does not have a label, its name is returned. */ - public CharSequence loadLabel(PackageManager pm) { + public @NonNull CharSequence loadLabel(@NonNull PackageManager pm) { + if (sForceSafeLabels) { + return loadSafeLabel(pm); + } else { + return loadUnsafeLabel(pm); + } + } + + /** {@hide} */ + public CharSequence loadUnsafeLabel(PackageManager pm) { if (nonLocalizedLabel != null) { return nonLocalizedLabel; } @@ -163,7 +180,7 @@ public class PackageItemInfo { @SystemApi public @NonNull CharSequence loadSafeLabel(@NonNull PackageManager pm) { // loadLabel() always returns non-null - String label = loadLabel(pm).toString(); + String label = loadUnsafeLabel(pm).toString(); // strip HTML tags to avoid <br> and other tags overwriting original message String labelStr = Html.fromHtml(label).toString(); diff --git a/services/java/com/android/server/SystemServer.java b/services/java/com/android/server/SystemServer.java index 5b5de0e94eca..ccfadc0eba90 100644 --- a/services/java/com/android/server/SystemServer.java +++ b/services/java/com/android/server/SystemServer.java @@ -23,6 +23,7 @@ import android.content.ComponentName; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; +import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.res.Configuration; import android.content.res.Resources.Theme; @@ -331,6 +332,8 @@ public final class SystemServer { // The system server should never make non-oneway calls Binder.setWarnOnBlocking(true); + // The system server should always load safe labels + PackageItemInfo.setForceSafeLabels(true); // Deactivate SQLiteCompatibilityWalFlags until settings provider is initialized SQLiteCompatibilityWalFlags.init(null); |