Add safety checks on KEY_INTENT mismatch. - platform/frameworks/base

diff options

author	Hao Ke <haok@google.com>	2022-10-04 19:43:58 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-10-08 00:10:16 +0000
commit	1e41d33566f84f624f6a755e4493432d5bd82915 (patch)
tree	1ff70b8b19c9307ea72163c375284630c11e16f1 /libs/androidfw/ApkParsing.cpp
parent	d5122bfaf18f1503e73c1a3a177a56d0f604a008 (diff)

Add safety checks on KEY_INTENT mismatch.

For many years, Parcel mismatch typed exploits has been using the AccoungManagerService's passing of KEY_INTENT workflow, as a foothold of launching arbitrary intents. We are adding an extra check on the service side to simulate the final deserialization of the KEY_INTENT value, to make sure the client side won't get a mismatched KEY_INTENT value. Bug: 250588548 Bug: 240138294 Test: atest CtsAccountManagerTestCases Test: local test, also see b/250588548 Change-Id: I433e34f6e21ce15c89825044a15b1dec46bb25cc (cherry picked from commit ba27731d04d95bf4b17c41a5d85aac09c39b9329) Merged-In: I433e34f6e21ce15c89825044a15b1dec46bb25cc

Diffstat (limited to 'libs/androidfw/ApkParsing.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: