[RESTRICT AUTOMERGE] Fix possible uaf of play policy state (e11a4819) · Commits · e / os / android_frameworks_av · GitLab

Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e11a4819 authored Feb 04, 2021 by Edwin Wong

[RESTRICT AUTOMERGE] Fix possible uaf of play policy state

Access to the play policy state may happen after
the state is freed in a race condition, which will
result in a SIGARBT.

SafetyNet logging is not added to avoid log spamming.
queryKeyStatus can be called often.

The crash was reproduced on the device before the fix.
Verified the test passes after the fix.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176486806#testPocBug_176486806

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17648680664

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444154#testPocBug_176444154

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17644415464

Bug: 176444154
Bug: 176486806
Change-Id: I07cc93c255942d56e866d0b08fb786f154f6e0d3

parent eb95e3ce

Hide whitespace changes

Inline Side-by-side

Rohit Sekhar @merothh
mentioned in commit 91324850
· Sep 13, 2022

mentioned in commit 91324850

mentioned in commit 913248509dcaa1b91deac145ef727613635fe5a8

Toggle commit list

Please register or to comment