diff options
| author | 2024-01-04 21:21:40 +0000 | |
|---|---|---|
| committer | 2024-01-04 21:21:40 +0000 | |
| commit | bde2b3ca6cc66f98defe05a5daaa63e98d8b421f (patch) | |
| tree | f8cff61a6ab01c1f6382dbd3e9caff6421e3b3f2 | |
| parent | 2139011282ec85cea1b7a3d5e586ba1a0cf1eb58 (diff) | |
| parent | f7b47c51d1f1691327ebb1a34c6b5ae80a667051 (diff) | |
Validate package names passed to the installer. am: d42af9a50d am: dd8a33e19d am: f7b47c51d1
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/25648374
Change-Id: I336b74b31a034f516231ba9b025ade92d4e7f054
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageInstallerService.java | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java index a9115371413c..b99e66f68038 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java @@ -55,6 +55,7 @@ import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.pm.ParceledListSlice; import android.content.pm.VersionedPackage; +import android.content.pm.parsing.FrameworkParsingPackageUtils; import android.graphics.Bitmap; import android.net.Uri; import android.os.Binder; @@ -665,17 +666,22 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements // App package name and label length is restricted so that really long strings aren't // written to disk. - if (params.appPackageName != null - && params.appPackageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) { + if (params.appPackageName != null && !isValidPackageName(params.appPackageName)) { params.appPackageName = null; } params.appLabel = TextUtils.trimToSize(params.appLabel, PackageItemInfo.MAX_SAFE_LABEL_LENGTH); - String requestedInstallerPackageName = (params.installerPackageName != null - && params.installerPackageName.length() < SessionParams.MAX_PACKAGE_NAME_LENGTH) - ? params.installerPackageName : installerPackageName; + // Validate installer package name. + if (params.installerPackageName != null && !isValidPackageName( + params.installerPackageName)) { + params.installerPackageName = null; + } + + var requestedInstallerPackageName = + params.installerPackageName != null ? params.installerPackageName + : installerPackageName; if (PackageManagerServiceUtils.isRootOrShell(callingUid) || PackageInstallerSession.isSystemDataLoaderInstallation(params) @@ -1085,6 +1091,19 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements return Integer.parseInt(sessionId); } + private static boolean isValidPackageName(@NonNull String packageName) { + if (packageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) { + return false; + } + // "android" is a valid package name + var errorMessage = FrameworkParsingPackageUtils.validateName( + packageName, /* requireSeparator= */ false, /* requireFilename */ true); + if (errorMessage != null) { + return false; + } + return true; + } + private File getTmpSessionDir(String volumeUuid) { return Environment.getDataAppDirectory(volumeUuid); } |