diff options
author | Svet Ganov <svetoslavganov@google.com> | 2015-08-25 07:34:49 -0700 |
---|---|---|
committer | Raph Levien <raph@google.com> | 2015-08-25 21:40:01 +0000 |
commit | 0d93cfb9aff10029057acecf094c0572fa6cce9f (patch) | |
tree | 4512bca825a8cdadf4722cb97a2cd9df0e4b9f3b /src/com/android/packageinstaller | |
parent | bb27277d7fbefd195a9cf6fc8e89ae93daf2e7a9 (diff) | |
download | android_packages_apps_PackageInstaller-0d93cfb9aff10029057acecf094c0572fa6cce9f.tar.gz android_packages_apps_PackageInstaller-0d93cfb9aff10029057acecf094c0572fa6cce9f.tar.bz2 android_packages_apps_PackageInstaller-0d93cfb9aff10029057acecf094c0572fa6cce9f.zip |
Protect permission dialog from type jack attacks
Limit the app name in the permissions dialog to prevent a
bad app with a very long name to trick the user about the
purpose of this dialog. Also wrap the label with
BidiFormatter to protect against bidi override attacks.
bug:23516019
Change-Id: Iba819d384864a004eefc2d2154dbfed3ef3b81c1
Diffstat (limited to 'src/com/android/packageinstaller')
-rw-r--r-- | src/com/android/packageinstaller/permission/model/AppPermissions.java | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissions.java b/src/com/android/packageinstaller/permission/model/AppPermissions.java index 125a6bd8..d465ee09 100644 --- a/src/com/android/packageinstaller/permission/model/AppPermissions.java +++ b/src/com/android/packageinstaller/permission/model/AppPermissions.java @@ -19,6 +19,9 @@ package com.android.packageinstaller.permission.model; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; +import android.text.BidiFormatter; +import android.text.TextPaint; +import android.text.TextUtils; import java.util.ArrayList; import java.util.Collections; @@ -26,6 +29,16 @@ import java.util.LinkedHashMap; import java.util.List; public final class AppPermissions { + private static final float MAX_APP_LABEL_LENGTH_PIXELS = 500; + + private static final TextPaint sAppLabelEllipsizePaint = new TextPaint(); + static { + sAppLabelEllipsizePaint.setAntiAlias(true); + // Both text size and width are given in absolute pixels, for consistent truncation + // across devices; this value corresponds to the default 14dip size on an xdhpi device. + sAppLabelEllipsizePaint.setTextSize(42); + } + private final ArrayList<AppPermissionGroup> mGroups = new ArrayList<>(); private final LinkedHashMap<String, AppPermissionGroup> mNameToGroupMap = new LinkedHashMap<>(); @@ -47,7 +60,7 @@ public final class AppPermissions { mContext = context; mPackageInfo = packageInfo; mFilterPermissions = permissions; - mAppLabel = packageInfo.applicationInfo.loadLabel(context.getPackageManager()); + mAppLabel = loadEllipsizedAppLabel(context, packageInfo); mSortGroups = sortGroups; mOnErrorCallback = onErrorCallback; loadPermissionGroups(); @@ -148,4 +161,13 @@ public final class AppPermissions { } return false; } + + private static CharSequence loadEllipsizedAppLabel(Context context, PackageInfo packageInfo) { + String label = packageInfo.applicationInfo.loadLabel( + context.getPackageManager()).toString(); + String noNewLineLabel = label.replace("\n", " "); + String ellipsizedLabel = TextUtils.ellipsize(noNewLineLabel, sAppLabelEllipsizePaint, + MAX_APP_LABEL_LENGTH_PIXELS, TextUtils.TruncateAt.END).toString(); + return BidiFormatter.getInstance().unicodeWrap(ellipsizedLabel); + } } |