diff options
| author | Abodunrinwa Toki <toki@google.com> | 2019-07-01 19:41:44 +0100 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-12-18 22:55:55 +0000 |
| commit | 721e4d085ca3d1dc5826c0ba71615529f544d7f7 (patch) | |
| tree | f293b2ebd5d39e511edd594e6f5d2d67025b937a /tools/aapt2/java/JavaClassGenerator.cpp | |
| parent | 96879019090356e59496c342e5367effdb421d67 (diff) | |
RESTRICT AUTOMERGE TextClassifier cross-user vulnerability in direct-reply
Sys UI runs on user 0. This can lead to the TextClassifier (TC)
running for the wrong user. Consequencies are user A can launch apps
in user B via the TC's predicted actions and selected text being
unintentionally shared from user A to an app running in user B.
This fix ensures that the correct user id is passed and verified for
every TC request going across process boundaries (i.e. via SystemTC).
- Sys UI sets the appropriate user id in the TextView
- TextClassificationManager (TCM) system service is constructed using
a context generated from this user id
- SystemTC sets this user id before querying the TCMService
- TCMService validates the user id before forwarding the request to
the TCService belonging to that user id.
Bug: 136483597
Bug: 123232892
Test: atest android.view.textclassifier
atest android.widget.TextViewActivityTest
(manual) See I2fdffd8eb4221782cb1f34d2ddbe41dd3d36595c
Change-Id: Ibe68bc9e257521de97cbb014176b2b8ba23547d1
(cherry picked from commit 34e380cdd64230db81a5754b7b6e2654509af180)
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')
0 files changed, 0 insertions, 0 deletions