diff options
| author | Kunal Malhotra <malhk@google.com> | 2022-11-07 23:33:55 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-14 18:16:46 +0000 |
| commit | cdd30b5c040ba7ebd0a1cc6009183ff602434fc0 (patch) | |
| tree | 87dd91340fb668ced979af1fc1f479d1009f5c6e | |
| parent | 6c24ca2e9523a7278660c6328dee00195d210a9d (diff) | |
| download | base-cdd30b5c040ba7ebd0a1cc6009183ff602434fc0.tar.gz | |
Checking if package belongs to UID before registering broadcast receiver
Test: manual testing done on device by installing test APK and checking if receiver can register
Bug: 242040055
Change-Id: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
(cherry picked from commit 790a8d0dd329460bc60456681cb446accf2a27e0)
(cherry picked from commit e94b6b90ca8ecd21f731cf7a68537bdc8610abf7)
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
| -rw-r--r-- | services/core/java/com/android/server/am/ActiveServices.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index 9669c060b716..c36e0700c723 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -3420,6 +3420,11 @@ public final class ActiveServices { throw new SecurityException("BIND_EXTERNAL_SERVICE failed, " + className + " is not an isolatedProcess"); } + if (!mAm.getPackageManagerInternal().isSameApp(callingPackage, callingUid, + userId)) { + throw new SecurityException("BIND_EXTERNAL_SERVICE failed, " + + "calling package not owned by calling UID "); + } // Run the service under the calling package's application. ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo( callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId); |