summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Raphael Kim <raphk@google.com> 2023-10-10 20:26:26 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-10-10 20:26:26 +0000
commitd2d6282f6e6b4e310cf296869f6e17d94b0c4ad8 (patch)
tree61a5474dde7f027165014dac978e51ba42656d87
parentf8ad006d892c58c919bff82fc1a29e113e585100 (diff)
parent618767b6bf71b872399b57eb89c6724041258f45 (diff)
[CDM] Validate component name length before requesting notification access. am: 618767b6bf
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24805434 Change-Id: Ibf7ac54c688f222dc95caf886c3fc4b50d568ec8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index 2714addaec9e..3ac7b8e6668e 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -127,6 +127,7 @@ public class CompanionDeviceManagerService extends SystemService {
"debug.cdm.cdmservice.removal_time_window";
private static final long ASSOCIATION_REMOVAL_TIME_WINDOW_DEFAULT = DAYS.toMillis(90);
+ private static final int MAX_CN_LENGTH = 500;
private PersistentDataStore mPersistentStore;
private final PersistUserStateHandler mUserPersistenceHandler;
@@ -544,6 +545,9 @@ public class CompanionDeviceManagerService extends SystemService {
String callingPackage = component.getPackageName();
checkCanCallNotificationApi(callingPackage);
// TODO: check userId.
+ if (component.flattenToString().length() > MAX_CN_LENGTH) {
+ throw new IllegalArgumentException("Component name is too long.");
+ }
final long identity = Binder.clearCallingIdentity();
try {
return PendingIntent.getActivityAsUser(getContext(),
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-28 15:47:40 +0000