From 5e98f267592775a2b886ccaa752377d6967f9741 Mon Sep 17 00:00:00 2001
From: Rhed Jao <rhedjao@google.com>
Date: Mon, 26 Sep 2022 21:35:26 +0800
Subject: [DO NOT MERGE] Fix permanent denial of service via
 setComponentEnabledSetting

Do not update invalid component enabled settings to prevent the
malicious apps from exhausting system server memory.

Bug: 240936919
Test: atest android.security.cts.PackageManagerTest
Change-Id: I08165337895e89f13a2b9fcce1201cba9ad13d7d
---
 services/core/java/com/android/server/pm/PackageManagerService.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 93c83f7ad7cd..12961584b740 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -21116,6 +21116,9 @@ public class PackageManagerService extends IPackageManager.Stub
                     } else {
                         Slog.w(TAG, "Failed setComponentEnabledSetting: component class "
                                 + className + " does not exist in " + packageName);
+                        // Safetynet logging for b/240936919
+                        EventLog.writeEvent(0x534e4554, "240936919", callingUid);
+                        return;
                     }
                 }
                 switch (newState) {
-- 
cgit v1.2.3-59-g8ed1b