diff options
author | Jon Miranda <jonmiranda@google.com> | 2019-11-08 13:02:52 -0800 |
---|---|---|
committer | Jon Miranda <jonmiranda@google.com> | 2019-11-08 13:02:52 -0800 |
commit | 7e04887e5945c193bd5abf92ec6092b3a2295a04 (patch) | |
tree | 77707efe3acae116c429caf7982aece6c8ae6813 /src | |
parent | f788bbb0c43dfecdf46d0dda2f74c1131bd549ff (diff) | |
download | android_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.tar.gz android_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.tar.bz2 android_packages_apps_Trebuchet-7e04887e5945c193bd5abf92ec6092b3a2295a04.zip |
Address SessionCommitReceiver vulnerability by validating intent.
Bug: 144081762
Change-Id: I28699d26abefc716e57c281c15699f15003229b2
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/launcher3/SessionCommitReceiver.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/com/android/launcher3/SessionCommitReceiver.java b/src/com/android/launcher3/SessionCommitReceiver.java index 6853bf694..a87c44658 100644 --- a/src/com/android/launcher3/SessionCommitReceiver.java +++ b/src/com/android/launcher3/SessionCommitReceiver.java @@ -71,8 +71,13 @@ public class SessionCommitReceiver extends BroadcastReceiver { SessionInfo info = intent.getParcelableExtra(PackageInstaller.EXTRA_SESSION); UserHandle user = intent.getParcelableExtra(Intent.EXTRA_USER); - PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context); + if (!PackageInstaller.ACTION_SESSION_COMMITTED.equals(intent.getAction()) + || info == null || user == null) { + // Invalid intent. + return; + } + PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context); if (TextUtils.isEmpty(info.getAppPackageName()) || info.getInstallReason() != PackageManager.INSTALL_REASON_USER || packageInstallerCompat.promiseIconAddedForId(info.getSessionId())) { |