diff options
| author | Rubin Xu <rubinxu@google.com> | 2021-03-02 15:27:51 +0000 |
|---|---|---|
| committer | Rubin Xu <rubinxu@google.com> | 2022-03-24 14:54:42 +0000 |
| commit | f62904fd707b5b8999e44428f50690d0ee09cd5a (patch) | |
| tree | aebcfc8f4196e5fb422c7e30fef719fe72dda4a7 /rs/java/android/renderscript/ProgramFragmentFixedFunction.java | |
| parent | 23d65f1d38ae0e5fcb0beb4e38f451c908b55019 (diff) | |
Secure REMOTE_BUGREPORT_DISPATCH
In remote bugreport collection, Shell sends REMOTE_BUGREPORT_DISPATCH to
DevicePolicyManagerService which in turn notifies Device Owners that a
bug report is ready for collection. There existed a threat where a
malicous user could spoof the REMOTE_BUGREPORT_DISPATCH broadcast via
ADB to send a crafted bugreport to the Device Owner. Securing
REMOTE_BUGREPORT_DISPATCH is not as easy as it appears: putting a
permission on REMOTE_BUGREPORT_DISPATCH does not work since both the
legitimate sender and the malicious user are UID_SHELL. Instead, we
introduces a nonce which was sent from DPMS to Shell when bugreport is
triggered, and DPM will only accept REMOTE_BUGREPORT_DISPATCH when
a matching nonce is seen.
Ignore-AOSP-First: security fix
Bug: 171495100
Test: atest DeviceOwnerTest#testRemoteBugreportWithTwoUsers
Test: atest DeviceOwnerTest#testAdminActionBookkeeping
Test: atest BugreportManagerTest
Change-Id: I7649b4f22b74647d152d76bb46d5ca70bfa3617d
Merged-In: I7649b4f22b74647d152d76bb46d5ca70bfa3617d
(cherry picked from commit a4131c50d07c7b58c496bd82b9ab3389b6721654)
Diffstat (limited to 'rs/java/android/renderscript/ProgramFragmentFixedFunction.java')
0 files changed, 0 insertions, 0 deletions