Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Pinyao Ting <pinyaoting@google.com>	2022-03-03 18:24:37 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-03-21 17:07:53 +0000
commit	f9467b4d9f39559f9fbd928c7aeb8aa607f8e894 (patch)
tree	18e4f99f997383352c875c9649179405e3d15ff8 /rs/java/android/renderscript/ScriptGroup.java
parent	70193c19a66da2ad049273a1164dccc6293d756a (diff)

Verify caller before auto granting slice permission

Currently SliceManagerService#checkSlicePermission does not verify the caller's identity. This leads to a security vulnerability because checkSlicePermission does more than checking the permission as opposed to simply return a boolean value -- it additionally grants slice access under a certain condition. A malicious app can spoof the calling package to acquire slice access. This CL verifies the caller before granting slice access. Bug: 208232850, 179699767 Test: manual Change-Id: I2539c9ff5ea977c91bb58185c95280b4d533a520 Merged-In: I2539c9ff5ea977c91bb58185c95280b4d533a520 (cherry picked from commit 5bd2196c537ae42a5c1626bdc23c3c6db41fb97f) (cherry picked from commit 3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9) Merged-In: I2539c9ff5ea977c91bb58185c95280b4d533a520

Diffstat (limited to 'rs/java/android/renderscript/ScriptGroup.java')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: