diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-01-24 08:34:29 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-01-24 08:34:29 +0000 |
commit | 2090acecf3d55d4a344e21912f8862c973de5a09 (patch) | |
tree | 9bc22708e3938cb6b4e863ba7c8ae572be1950fa | |
parent | af70d754406f3ca60311474c7c54429b65649f52 (diff) | |
parent | 3b965ce0697b51d0a326656c0d6785af01f6fa57 (diff) | |
download | base-android-platform-13.0.0_r17.tar.gz |
Merge cherrypicks of ['googleplex-android-review.googlesource.com/24108356', 'googleplex-android-review.googlesource.com/25646616', 'googleplex-android-review.googlesource.com/25787790'] into tm-platform-release.android-platform-13.0.0_r17
Change-Id: I4988c754f0a715d63a169c0eaf0544c8946fd2f3
3 files changed, 68 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index ba6cfabb9593..1c3564bfdba2 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -184,6 +184,7 @@ public class AccountManagerService final MessageHandler mHandler; + private static final int TIMEOUT_DELAY_MS = 1000 * 60 * 15; // Messages that can be sent on mHandler private static final int MESSAGE_TIMED_OUT = 3; private static final int MESSAGE_COPY_SHARED_ACCOUNT = 4; @@ -4851,6 +4852,7 @@ public class AccountManagerService synchronized (mSessions) { mSessions.put(toString(), this); } + scheduleTimeout(); if (response != null) { try { response.asBinder().linkToDeath(this, 0 /* flags */); @@ -5016,6 +5018,11 @@ public class AccountManagerService } } + private void scheduleTimeout() { + mHandler.sendMessageDelayed( + mHandler.obtainMessage(MESSAGE_TIMED_OUT, this), TIMEOUT_DELAY_MS); + } + public void cancelTimeout() { mHandler.removeMessages(MESSAGE_TIMED_OUT, this); } @@ -5052,6 +5059,9 @@ public class AccountManagerService public void onTimedOut() { IAccountManagerResponse response = getResponseAndClose(); + if (Log.isLoggable(TAG, Log.VERBOSE)) { + Log.v(TAG, "Session.onTimedOut"); + } if (response != null) { try { response.onError(AccountManager.ERROR_CODE_REMOTE_EXCEPTION, diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java index 02cf4336b277..c5b82a4605d5 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java @@ -50,6 +50,7 @@ import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.pm.ParceledListSlice; import android.content.pm.VersionedPackage; +import android.content.pm.parsing.FrameworkParsingPackageUtils; import android.graphics.Bitmap; import android.net.Uri; import android.os.Binder; @@ -632,17 +633,22 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements // App package name and label length is restricted so that really long strings aren't // written to disk. - if (params.appPackageName != null - && params.appPackageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) { + if (params.appPackageName != null && !isValidPackageName(params.appPackageName)) { params.appPackageName = null; } params.appLabel = TextUtils.trimToSize(params.appLabel, PackageItemInfo.MAX_SAFE_LABEL_LENGTH); - String requestedInstallerPackageName = (params.installerPackageName != null - && params.installerPackageName.length() < SessionParams.MAX_PACKAGE_NAME_LENGTH) - ? params.installerPackageName : installerPackageName; + // Validate installer package name. + if (params.installerPackageName != null && !isValidPackageName( + params.installerPackageName)) { + params.installerPackageName = null; + } + + var requestedInstallerPackageName = + params.installerPackageName != null ? params.installerPackageName + : installerPackageName; if ((callingUid == Process.SHELL_UID) || (callingUid == Process.ROOT_UID) || PackageInstallerSession.isSystemDataLoaderInstallation(params)) { @@ -999,6 +1005,19 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements return Integer.parseInt(sessionId); } + private static boolean isValidPackageName(@NonNull String packageName) { + if (packageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) { + return false; + } + // "android" is a valid package name + var errorMessage = FrameworkParsingPackageUtils.validateName( + packageName, /* requireSeparator= */ false, /* requireFilename */ true); + if (errorMessage != null) { + return false; + } + return true; + } + private File getTmpSessionDir(String volumeUuid) { return Environment.getDataAppDirectory(volumeUuid); } diff --git a/services/print/java/com/android/server/print/PrintManagerService.java b/services/print/java/com/android/server/print/PrintManagerService.java index 66524edf61ed..1386bbff6cab 100644 --- a/services/print/java/com/android/server/print/PrintManagerService.java +++ b/services/print/java/com/android/server/print/PrintManagerService.java @@ -254,12 +254,45 @@ public final class PrintManagerService extends SystemService { } final long identity = Binder.clearCallingIdentity(); try { - return userState.getCustomPrinterIcon(printerId); + Icon icon = userState.getCustomPrinterIcon(printerId); + return validateIconUserBoundary(icon); } finally { Binder.restoreCallingIdentity(identity); } } + /** + * Validates the custom printer icon to see if it's not in the calling user space. + * If the condition is not met, return null. Otherwise, return the original icon. + * + * @param icon + * @return icon (validated) + */ + private Icon validateIconUserBoundary(Icon icon) { + // Refer to Icon#getUriString for context. The URI string is invalid for icons of + // incompatible types. + if (icon != null && (icon.getType() == Icon.TYPE_URI + || icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP)) { + String encodedUser = icon.getUri().getEncodedUserInfo(); + + // If there is no encoded user, the URI is calling into the calling user space + if (encodedUser != null) { + int userId = Integer.parseInt(encodedUser); + // resolve encoded user + final int resolvedUserId = resolveCallingUserEnforcingPermissions(userId); + + synchronized (mLock) { + // Only the current group members can get the printer icons. + if (resolveCallingProfileParentLocked(resolvedUserId) + != getCurrentUserId()) { + return null; + } + } + } + } + return icon; + } + @Override public void cancelPrintJob(PrintJobId printJobId, int appId, int userId) { if (printJobId == null) { |