Fix side channel information disclosure - platform/frameworks/base

diff options

author	Jackal Guo <jackalguo@google.com>	2022-11-03 14:38:48 +0800
committer	Jackal Guo <jackalguo@google.com>	2022-11-08 15:05:35 +0800
commit	0594d55d3295ab78fcba890b77c63431124ca51e (patch)
tree	7ad13e6f7c53490829e29b489051522a0409e2ed /libs/androidfw/AssetsProvider.cpp
parent	907060a9c84f19c595e00277d00bb2cf4aacf6fb (diff)

Fix side channel information disclosure

This method reacts differently when the given package name isn't installed, and is installed but not belonging to the caller. This subtle difference leaves the possibility that malicious code could do a side channel attack. Bug: 249058614 Test: atest CtsWindowManagerDeviceTestCases:ToastWindowTest Test: atest CtsWindowManagerDeviceTestCases:WindowContextPolicyTests Test: atest CtsWindowManagerDeviceTestCases:WindowUntrustedTouchTest Test: atest CtsToastLegacyTestCases:ToastTest Test: atest CtsToastTestCases:LegacyToastTest Test: atest FrameworksCoreTests:ViewRootImplTest Test: atest FrameworksUiServicesTests:NotificationManagerServiceTest Change-Id: I37f28b6a660c4a3d2cd92b25d3f68066902c692f Change-Id: I52372bec19355ea8855ead28fcb0ab250c527f19

Diffstat (limited to 'libs/androidfw/AssetsProvider.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: