Set default ClassLoader for Parcel readSerializable API. - platform/frameworks/base

diff options

author	Hao Ke <haok@google.com>	2021-11-22 21:46:36 +0000
committer	Hao Ke <haok@google.com>	2021-12-06 14:34:03 +0000
commit	e214082cb0daea2370e9fb2367b1759a9d274450 (patch)
tree	6237886388699b2eb5c7ba3390806a21f8d5c66e /libs/androidfw/StringPool.cpp
parent	92a4b54de58d76cc9c376e80e2956eff8e11e2e9 (diff)

Set default ClassLoader for Parcel readSerializable API.

Set the default ClassLoader for the readSerializable(ClassLoader, Class) API, when the ClassLoader parameter is null. Doing so could enhance the security of Parcel deserialization, as it would prevent resolving the Serializable class using unexpected ClassLoaders. Test: atest -d android.os.cts.ParcelTest Bug: 195622897 Change-Id: I6da4b4f817c33e4464d90d1e9775b54793835c92

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: