diff options
| author | Oli Lan <olilan@google.com> | 2022-09-02 13:29:39 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-08 00:10:01 +0000 |
| commit | 9acc4b7bad79a307fdf4183cf50a236d5e7f1759 (patch) | |
| tree | 1f674630ff3a7934ec4a429862e66ddc8f44c174 | |
| parent | 84b3fc11fe7565b50437c0a5342425369f1e67b6 (diff) | |
| download | base-9acc4b7bad79a307fdf4183cf50a236d5e7f1759.tar.gz | |
Validate package name passed to setApplicationRestrictions. (Reland)
This adds validation that the package name passed to
setApplicationRestrictions is in the correct format. This will avoid
an issue where a path could be entered resulting in a file being
written to an unexpected place.
Bug: 239701237
Merged-In: I1ab2b7228470f10ec26fe3a608ae540cfc9e9a96
Change-Id: I56c2fc14f906cdad80181ab577e2ebc276c151c1
(cherry picked from commit 1b9b59c63bffc675a042cba6cd666831abef2c3e)
Merged-In: I56c2fc14f906cdad80181ab577e2ebc276c151c1
| -rw-r--r-- | services/core/java/com/android/server/pm/UserManagerService.java | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index 00fb0651adc4..c2dd32667bc2 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -95,6 +95,7 @@ import android.text.TextUtils; import android.util.ArrayMap; import android.util.ArraySet; import android.util.AtomicFile; +import android.util.EventLog; import android.util.IndentingPrintWriter; import android.util.IntArray; import android.util.Slog; @@ -4970,6 +4971,13 @@ public class UserManagerService extends IUserManager.Stub { public void setApplicationRestrictions(String packageName, Bundle restrictions, @UserIdInt int userId) { checkSystemOrRoot("set application restrictions"); + String validationResult = validateName(packageName); + if (validationResult != null) { + if (packageName.contains("../")) { + EventLog.writeEvent(0x534e4554, "239701237", -1, ""); + } + throw new IllegalArgumentException("Invalid package name: " + validationResult); + } if (restrictions != null) { restrictions.setDefusable(true); } @@ -4996,6 +5004,39 @@ public class UserManagerService extends IUserManager.Stub { mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId)); } + /** + * Check if the given name is valid. + * + * Note: the logic is taken from FrameworkParsingPackageUtils in master, edited to remove + * unnecessary parts. Copied here for a security fix. + * + * @param name The name to check. + * @return null if it's valid, error message if not + */ + @VisibleForTesting + static String validateName(String name) { + final int n = name.length(); + boolean front = true; + for (int i = 0; i < n; i++) { + final char c = name.charAt(i); + if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) { + front = false; + continue; + } + if (!front) { + if ((c >= '0' && c <= '9') || c == '_') { + continue; + } + if (c == '.') { + front = true; + continue; + } + } + return "bad character '" + c + "'"; + } + return null; + } + private int getUidForPackage(String packageName) { final long ident = Binder.clearCallingIdentity(); try { |