summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Miranda <jonmiranda@google.com>2019-11-08 13:02:52 -0800
committerJon Miranda <jonmiranda@google.com>2019-11-08 13:02:52 -0800
commit7e04887e5945c193bd5abf92ec6092b3a2295a04 (patch)
tree77707efe3acae116c429caf7982aece6c8ae6813
parentf788bbb0c43dfecdf46d0dda2f74c1131bd549ff (diff)
downloadandroid_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.tar.gz
android_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.tar.bz2
android_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.zip
Address SessionCommitReceiver vulnerability by validating intent.
Bug: 144081762 Change-Id: I28699d26abefc716e57c281c15699f15003229b2
Diffstat
-rw-r--r--src/com/android/launcher3/SessionCommitReceiver.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/com/android/launcher3/SessionCommitReceiver.java b/src/com/android/launcher3/SessionCommitReceiver.java
index 6853bf694..a87c44658 100644
--- a/src/com/android/launcher3/SessionCommitReceiver.java
+++ b/src/com/android/launcher3/SessionCommitReceiver.java
@@ -71,8 +71,13 @@ public class SessionCommitReceiver extends BroadcastReceiver {
SessionInfo info = intent.getParcelableExtra(PackageInstaller.EXTRA_SESSION);
UserHandle user = intent.getParcelableExtra(Intent.EXTRA_USER);
- PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
+ if (!PackageInstaller.ACTION_SESSION_COMMITTED.equals(intent.getAction())
+ || info == null || user == null) {
+ // Invalid intent.
+ return;
+ }
+ PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
if (TextUtils.isEmpty(info.getAppPackageName())
|| info.getInstallReason() != PackageManager.INSTALL_REASON_USER
|| packageInstallerCompat.promiseIconAddedForId(info.getSessionId())) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 05:30:33 +0000