Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Suprabh Shukla <suprabh@google.com>	2018-10-10 14:30:08 -0700
committer	Suprabh Shukla <suprabh@google.com>	2018-10-16 19:46:01 +0000
commit	21b131029746f2118036acc6f33ca8548218e671 (patch)
tree	6e4a718d7fe6bd465638c6532d11da4e5f3345b5 /tools/aapt2/java/JavaClassGenerator_test.cpp
parent	20c6621d823a343734332e6adbd8e0ea129ead75 (diff)

Trust session id only if started with ACTION_CONFIRM_INSTALL

InstallStart was reading sessionInfo whenever the starting intent had the extra EXTRA_SESSION_ID. This could happen even if an external app inserted a valid session id into its own REQUEST_INSTALL_PACKAGE intent. This allows apps to potentially spoof the calling package. Test: Existing tests pass: atest GtsPackageInstallTestCases GtsNoPermissionTestCases \ GtsNoPermissionTestCases25 Bug: 112031362 Change-Id: Icdab1deeaf6b0afe7a61709cd87305336c467e33

Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: