diff options
| author | kholoud mohamed <kholoudm@google.com> | 2021-04-28 11:59:33 +0100 |
|---|---|---|
| committer | kholoud mohamed <kholoudm@google.com> | 2021-04-29 13:36:57 +0100 |
| commit | 2c09c34140445973b9170dc1430790d35031ad0d (patch) | |
| tree | 784a9685289bca0f3ebae8bb444c96a3ca757809 /tools/aapt2/java/JavaClassGenerator_test.cpp | |
| parent | 3e7a628f0fba7c8b8f0dddc41dd061bd876a9c02 (diff) | |
Fix security vulnerability in DPMS#isProvisioningAllowed
isProvisioningAllowed was calling packageManager#getPackageUidAsUser for
the provided packageName to compare against the callerUid, this call
throws a NameNotFoundException if the package isn't installed. This allows the caller to identify if an package is installed or not without holding the QUERY_ALL_PACKAGES permission.
This is now changed to call packageManager#getPackagesForUid for the calling uid and comparing it against the provided packageName.
If an uninstalled package is provided, it will now fail with a general
error message "Caller uid doesn't match the one for the provided package."
Test: Confirmed that the PoC app can no longer query which packages are
installed
Test: atest com.android.cts.devicepolicy.CustomManagedProfileTest#testIsProvisioningAllowed
Bug: 184525395
Change-Id: I13135d941f4944b4313ab2a2b20f1af30a5880a5
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')
0 files changed, 0 insertions, 0 deletions