Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0594d55d authored by Jackal Guo's avatar Jackal Guo
Browse files

Fix side channel information disclosure 

This method reacts differently when the given package name isn't
installed, and is installed but not belonging to the caller. This
subtle difference leaves the possibility that malicious code could
do a side channel attack.

Bug: 249058614
Test: atest CtsWindowManagerDeviceTestCases:ToastWindowTest
Test: atest CtsWindowManagerDeviceTestCases:WindowContextPolicyTests
Test: atest CtsWindowManagerDeviceTestCases:WindowUntrustedTouchTest
Test: atest CtsToastLegacyTestCases:ToastTest
Test: atest CtsToastTestCases:LegacyToastTest
Test: atest FrameworksCoreTests:ViewRootImplTest
Test: atest FrameworksUiServicesTests:NotificationManagerServiceTest
Change-Id: I37f28b6a660c4a3d2cd92b25d3f68066902c692f

Change-Id: I52372bec19355ea8855ead28fcb0ab250c527f19
parent 907060a9

services/core/java/com/android/server/wm/WindowManagerService.java

+6 −14
Original line number Diff line number Diff line
@@ -1928,22 +1928,14 @@ public class WindowManagerService extends IWindowManager.Stub 
                    && attachedWindow.mActivityRecord.mTargetSdk >= Build.VERSION_CODES.O;

        } else {

            // Otherwise, look at the package

            try {

                ApplicationInfo appInfo = mContext.getPackageManager()

                        .getApplicationInfoAsUser(packageName, 0,

                                UserHandle.getUserId(callingUid));

                if (appInfo.uid != callingUid) {

            final ApplicationInfo appInfo = mPmInternal.getApplicationInfo(

                    packageName, 0 /* flags */, SYSTEM_UID, UserHandle.getUserId(callingUid));

            if (appInfo == null || appInfo.uid != callingUid) {

                throw new SecurityException("Package " + packageName + " not in UID "

                        + callingUid);

            }

                if (appInfo.targetSdkVersion >= Build.VERSION_CODES.O) {

                    return true;

                }

            } catch (PackageManager.NameNotFoundException e) {

                /* ignore */

            }

            return appInfo.targetSdkVersion >= Build.VERSION_CODES.O;

        }

        return false;

    }



    /**