Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit db90c38b authored by Edwin Wong's avatar Edwin Wong
Browse files

[RESTRICT AUTOMERGE] Fix possible uaf of play policy state 

Access to the play policy state may happen after
the state is freed in a race condition, which will
result in a SIGARBT.

SafetyNet logging is not added to avoid log spamming.
queryKeyStatus can be called often.

The crash was reproduced on the device before the fix.
Verified the test passes after the fix.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176486806#testPocBug_176486806

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17648680664

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444154#testPocBug_176444154

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17644415464

Bug: 176444154
Bug: 176486806
Change-Id: Ibd318068bf9e5d334f2d5a9af97ba5a2136adc04
parent a9249b23
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment