summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Pinyao Ting <pinyaoting@google.com> 2023-10-02 23:14:07 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-10-02 23:14:07 +0000
commitfb722bc9e74b6e94b009bc1bf287421117df0a27 (patch)
tree93602f8eebdd78e23f7d48e60b41e6e8ad275f46
parente76f375dda2662433c74754cdcd5b5349dc83f4b (diff)
parent2828a742bce64a92630c7a007f7ec8be080a890f (diff)
Merge "Validate userId when publishing shortcuts" into rvc-dev am: 72aee14094 am: fedf1c8c14 am: 4934f58cc8 am: 782e7bc3e2 am: 4a0b42a72c am: 63fe378e16 am: 2828a742bc
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24182288 Change-Id: If3cc57084e174f4a5871bb50571670e13c751062 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/ShortcutService.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 3e4dd1637387..c6aba2ab9cbe 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1743,6 +1743,10 @@ public class ShortcutService extends IShortcutService.Stub {
android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
throw new SecurityException("Shortcut package name mismatch");
}
+ final int callingUid = injectBinderCallingUid();
+ if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+ throw new SecurityException("User-ID in shortcut doesn't match the caller");
+ }
}
private void verifyShortcutInfoPackages(
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-04 03:13:00 +0000