diff options
| author | Abodunrinwa Toki <toki@google.com> | 2019-07-01 19:41:44 +0100 |
|---|---|---|
| committer | Abodunrinwa Toki <toki@google.com> | 2019-08-12 18:53:21 +0000 |
| commit | 34e380cdd64230db81a5754b7b6e2654509af180 (patch) | |
| tree | 0b108154bbd7e1b4c6b900ad84b9ec2744f3520a /rs/java/android/renderscript/ProgramFragmentFixedFunction.java | |
| parent | 8931739c16b538800aca170aac399738dbb1837e (diff) | |
RESTRICT AUTOMERGE TextClassifier cross-user vulnerability in direct-reply
Sys UI runs on user 0. This can lead to the TextClassifier (TC)
running for the wrong user. Consequencies are user A can launch apps
in user B via the TC's predicted actions and selected text being
unintentionally shared from user A to an app running in user B.
This fix ensures that the correct user id is passed and verified for
every TC request going across process boundaries (i.e. via SystemTC).
- Sys UI sets the appropriate user id in the TextView
- TextClassificationManager (TCM) system service is constructed using
a context generated from this user id
- SystemTC sets this user id before querying the TCMService
- TCMService validates the user id before forwarding the request to
the TCService belonging to that user id.
Bug: 136483597
Bug: 123232892
Test: atest android.view.textclassifier
atest android.widget.TextViewActivityTest
(manual) See I2fdffd8eb4221782cb1f34d2ddbe41dd3d36595c
Change-Id: Ibe68bc9e257521de97cbb014176b2b8ba23547d1
Diffstat (limited to 'rs/java/android/renderscript/ProgramFragmentFixedFunction.java')
0 files changed, 0 insertions, 0 deletions