Verify `loadingPackageName` on `notifyDexLoad`. - platform/frameworks/base

diff options

author	Jiakai Zhang <jiakaiz@google.com>	2022-10-19 10:56:25 +0100
committer	Jiakai Zhang <jiakaiz@google.com>	2022-10-20 15:16:19 +0000
commit	894d001c2d7baf38f30b43876ac383e4b6dfdfcb (patch)
tree	fb0e0a8ddeddd6d9990ec94e8abc0b92cc7dfafc /libs/androidfw/StringPool.cpp
parent	eecb5c7fc484addaafb029cf7fcfe1a916d9ea00 (diff)

Verify `loadingPackageName` on `notifyDexLoad`.

notifyDexLoad is a PM API callable from an app's process. The arguments are provided by the app and shouldn't be blindly trusted. This change verifies `loadingPackageName` against calling UID. Bug: 253570365 Test: Disable AppZygote preloading, start Chrome, and see dex load report from both isolated process and non-isolated process being accepted (no "Invalid dex load report" warning). Change-Id: I5d2390ed643f5202b3cdb088795d026dc8fa51df

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: