diff options
author | Raphael Kim <raphk@google.com> | 2023-09-18 14:07:23 -0700 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-11-20 22:05:01 +0000 |
commit | 1f9e52afe52bbb0700f5df1f29401e8034a02f67 (patch) | |
tree | d9d84b274932578d236f91dfbe198ac28a16d588 | |
parent | 9affb25a409ccebfd63d92acd667ce946ebf9345 (diff) | |
download | base-1f9e52afe52bbb0700f5df1f29401e8034a02f67.tar.gz |
[CDM] Validate component name length before requesting notification access.
Bug: 295335110
Test: Test app with long component name
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f5fc7f0580127b779a6f69c3301d5fc8d5764c0)
Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
-rw-r--r-- | services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index c9caf62fc146..5445b63a4e20 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -172,6 +172,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind private static final int ASSOCIATE_WITHOUT_PROMPT_MAX_PER_TIME_WINDOW = 5; private static final long ASSOCIATE_WITHOUT_PROMPT_WINDOW_MS = 60 * 60 * 1000; // 60 min; + private static final int MAX_CN_LENGTH = 500; private static final String XML_TAG_ASSOCIATIONS = "associations"; private static final String XML_TAG_ASSOCIATION = "association"; @@ -555,6 +556,9 @@ public class CompanionDeviceManagerService extends SystemService implements Bind String callingPackage = component.getPackageName(); checkCanCallNotificationApi(callingPackage); int userId = getCallingUserId(); + if (component.flattenToString().length() > MAX_CN_LENGTH) { + throw new IllegalArgumentException("Component name is too long."); + } final long identity = Binder.clearCallingIdentity(); try { return PendingIntent.getActivityAsUser(getContext(), |