diff options
| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2021-08-19 19:08:37 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-08-19 19:08:37 +0000 |
| commit | 11f6a1013f4f7c76db108bdce37be96dc0c65553 (patch) | |
| tree | 0e932412b15802e699fe2834f3df7599de4bd7de | |
| parent | 4c2c1530bf2e31d5f1e03a7085141a97581d20ef (diff) | |
| parent | 19a655d70c100253b5874f3d9b751877b348e5c4 (diff) | |
Merge "Prevend user spoofing in isRequestPinItemSupported" into sc-dev
| -rw-r--r-- | services/core/java/com/android/server/pm/ShortcutService.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java index fcbf40e29933..62d6717e847a 100644 --- a/services/core/java/com/android/server/pm/ShortcutService.java +++ b/services/core/java/com/android/server/pm/ShortcutService.java @@ -1664,6 +1664,19 @@ public class ShortcutService extends IShortcutService.Stub { mContext.enforceCallingPermission(permission, message); } + private void verifyCallerUserId(@UserIdInt int userId) { + if (isCallerSystem()) { + return; // no check + } + + final int callingUid = injectBinderCallingUid(); + + // Otherwise, make sure the arguments are valid. + if (UserHandle.getUserId(callingUid) != userId) { + throw new SecurityException("Invalid user-ID"); + } + } + private void verifyCaller(@NonNull String packageName, @UserIdInt int userId) { Preconditions.checkStringNotEmpty(packageName, "packageName"); @@ -2847,6 +2860,8 @@ public class ShortcutService extends IShortcutService.Stub { @Override public boolean isRequestPinItemSupported(int callingUserId, int requestType) { + verifyCallerUserId(callingUserId); + final long token = injectClearCallingIdentity(); try { return mShortcutRequestPinProcessor |