diff options
author | Jackal Guo <jackalguo@google.com> | 2023-01-11 14:36:32 +0800 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-14 18:17:15 +0000 |
commit | 955123a6dfe17fbf30f3cd1898dd8229032274c7 (patch) | |
tree | ee2bb90676868b63fd6be956d25455e4a77e5236 | |
parent | 7a04beeda00aff327afee9436fd7aed954ee4127 (diff) | |
download | base-955123a6dfe17fbf30f3cd1898dd8229032274c7.tar.gz |
[RESTRICT AUTOMERGE] Limit length of the name in <uses-permission>
To mitigate a boot loop with a huge name string, this CL restricts
the max length of the name in <users-permission> attr.
Bug: 259942609
Test: manually using the PoC in the buganizer to ensure the symptom
no longer exists.
Change-Id: I35dde9d6bea9eb7c1b81e8cbadeeb908b3fb713f
(cherry picked from commit de8ef32d020ce4efe5dcaae09c9b8e0cf7efb2db)
Merged-In: I35dde9d6bea9eb7c1b81e8cbadeeb908b3fb713f
-rw-r--r-- | services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java index 7ce7f7ebf6cc..810fa5f1e4b3 100644 --- a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java +++ b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java @@ -247,6 +247,9 @@ public class ParsingPackageUtils { private static final String MAX_NUM_COMPONENTS_ERR_MSG = "Total number of components has exceeded the maximum number: " + MAX_NUM_COMPONENTS; + /** The maximum permission name length. */ + private static final int MAX_PERMISSION_NAME_LENGTH = 512; + @IntDef(flag = true, prefix = { "PARSE_" }, value = { PARSE_CHATTY, PARSE_COLLECT_CERTIFICATES, @@ -1275,6 +1278,11 @@ public class ParsingPackageUtils { // that may change. String name = sa.getNonResourceString( R.styleable.AndroidManifestUsesPermission_name); + if (TextUtils.length(name) > MAX_PERMISSION_NAME_LENGTH) { + return input.error(INSTALL_PARSE_FAILED_MANIFEST_MALFORMED, + "The name in the <uses-permission> is greater than " + + MAX_PERMISSION_NAME_LENGTH); + } int maxSdkVersion = 0; TypedValue val = sa.peekValue( |