Fix side channel information disclosure
This method reacts differently when the given package name isn't installed, and is installed but not belonging to the caller. This subtle difference leaves the possibility that malicious code could do a side channel attack. Bug: 249058614 Test: atest CtsWindowManagerDeviceTestCases:ToastWindowTest Test: atest CtsWindowManagerDeviceTestCases:WindowContextPolicyTests Test: atest CtsWindowManagerDeviceTestCases:WindowUntrustedTouchTest Test: atest CtsToastLegacyTestCases:ToastTest Test: atest CtsToastTestCases:LegacyToastTest Test: atest FrameworksCoreTests:ViewRootImplTest Test: atest FrameworksUiServicesTests:NotificationManagerServiceTest Change-Id: I37f28b6a660c4a3d2cd92b25d3f68066902c692f Change-Id: I52372bec19355ea8855ead28fcb0ab250c527f19
Loading
Please register or sign in to comment