Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07fcc831 authored by Kunal Malhotra's avatar Kunal Malhotra
Browse files

Checking if package belongs to UID before registering broadcast receiver 

Test: manual testing done on device by installing test APK and checking if receiver can register
Bug: 242040055
Change-Id: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
(cherry picked from commit 790a8d0d)
parent 853c9d7b

services/core/java/com/android/server/am/ActiveServices.java

+5 −0
Original line number Original line Diff line number Diff line
@@ -2517,6 +2517,11 @@ public final class ActiveServices { 
                            throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "

                            throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "

                                    + className + " is not an isolatedProcess");

                                    + className + " is not an isolatedProcess");

                        }

                        }

                        if (AppGlobals.getPackageManager().getPackageUid(callingPackage,

                                0, userId) != callingUid) {

                            throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "

                                    + "calling package not owned by calling UID ");

                        }

                        // Run the service under the calling package's application.

                        // Run the service under the calling package's application.

                        ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo(

                        ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo(

                                callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId);

                                callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId);