Validate package name passed to setApplicationRestrictions. (Reland)

This adds validation that the package name passed to setApplicationRestrictions is in the correct format. This will avoid an issue where a path could be entered resulting in a file being written to an unexpected place. Bug: 239701237 Merged-In: I1ab2b7228470f10ec26fe3a608ae540cfc9e9a96 Change-Id: I56c2fc14f906cdad80181ab577e2ebc276c151c1 (cherry picked from commit 1b9b59c63bffc675a042cba6cd666831abef2c3e) Merged-In: I56c2fc14f906cdad80181ab577e2ebc276c151c1
author: Oli Lan <olilan@google.com> 2022-09-02 13:29:39 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-02-12 16:55:55 +0000
commit: c7a2d6457484b195b591f94eea8bede7a610ea94 (patch)
tree: cb703a28738f6e1a825711c6a48482d464729b64
parent: 67515279ac77dd6602cf46c8f252f6b48ab52c3e (diff)
download: base-c7a2d6457484b195b591f94eea8bede7a610ea94.tar.gz
1 files changed, 41 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 866a995585cd..88aeb17dc2b4 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -96,6 +96,7 @@ import android.text.TextUtils;
 import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.AtomicFile;
+import android.util.EventLog;
 import android.util.IndentingPrintWriter;
 import android.util.IntArray;
 import android.util.Slog;
@@ -5028,6 +5029,13 @@ public class UserManagerService extends IUserManager.Stub {
     public void setApplicationRestrictions(String packageName, Bundle restrictions,
             @UserIdInt int userId) {
         checkSystemOrRoot("set application restrictions");
+        String validationResult = validateName(packageName);
+        if (validationResult != null) {
+            if (packageName.contains("../")) {
+                EventLog.writeEvent(0x534e4554, "239701237", -1, "");
+            }
+            throw new IllegalArgumentException("Invalid package name: " + validationResult);
+        }
         if (restrictions != null) {
             restrictions.setDefusable(true);
         }
@@ -5054,6 +5062,39 @@ public class UserManagerService extends IUserManager.Stub {
         mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId));
     }
 
+    /**
+     * Check if the given name is valid.
+     *
+     * Note: the logic is taken from FrameworkParsingPackageUtils in master, edited to remove
+     * unnecessary parts. Copied here for a security fix.
+     *
+     * @param name The name to check.
+     * @return null if it's valid, error message if not
+     */
+    @VisibleForTesting
+    static String validateName(String name) {
+        final int n = name.length();
+        boolean front = true;
+        for (int i = 0; i < n; i++) {
+            final char c = name.charAt(i);
+            if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) {
+                front = false;
+                continue;
+            }
+            if (!front) {
+                if ((c >= '0' && c <= '9') || c == '_') {
+                    continue;
+                }
+                if (c == '.') {
+                    front = true;
+                    continue;
+                }
+            }
+            return "bad character '" + c + "'";
+        }
+        return null;
+    }
+
     private int getUidForPackage(String packageName) {
         final long ident = Binder.clearCallingIdentity();
         try {
author	Oli Lan <olilan@google.com>	2022-09-02 13:29:39 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-02-12 16:55:55 +0000
commit	c7a2d6457484b195b591f94eea8bede7a610ea94 (patch)
tree	cb703a28738f6e1a825711c6a48482d464729b64
parent	67515279ac77dd6602cf46c8f252f6b48ab52c3e (diff)
download	base-c7a2d6457484b195b591f94eea8bede7a610ea94.tar.gz