diff options
| author | 2023-05-25 21:58:19 +0000 | |
|---|---|---|
| committer | 2023-05-26 17:40:28 +0000 | |
| commit | 48223d6034907349c6a3fab3018c1b37d86367af (patch) | |
| tree | 7abb168f95bd142c340e4ec640e307224c216912 /libs/androidfw/ObbFile.cpp | |
| parent | 850fd984e5f346645b5a941ed7307387c7e4c4de (diff) | |
Resolve StatusHints image exploit across user.
Because of the INTERACT_ACROSS_USERS permission, an app that implements
a ConnectionService can upload an image icon belonging to another user
by setting it in the StatusHints. Validating the construction of the
StatusHints on the calling user would prevent a malicious app from
registering a connection service with the embedded image icon from a
different user.
From additional feedback, this CL also addresses potential
vulnerabilities in an app being able to directly invoke the binder for a
means to manipulate the contents of the bundle that are passed with it.
The targeted points of entry are in ConnectionServiceWrapper for the
following APIs: handleCreateConnectionComplete, setStatusHints,
addConferenceCall, and addExistingConnection.
Fixes: 280797684
Test: Manual (verified that original exploit is no longer an issue).
Test: Unit test for validating image in StatusHints constructor.
Test: Unit tests to address vulnerabilities via the binder.
Change-Id: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
Merged-In: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
Diffstat (limited to 'libs/androidfw/ObbFile.cpp')
0 files changed, 0 insertions, 0 deletions