Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 13dd0c48 authored by Bishoy Gendy's avatar Bishoy Gendy
Browse files

Fix security vulnerability allowing apps to start from background 

Bug: 317048338
Test: Using the steps in b/317048338#comment12
Change-Id: Ia76c16e8da7e48624e5c2d6c6e0b2dcfb646345b
parent 84f78524

services/core/java/com/android/server/media/MediaSessionRecord.java

+12 −6
Original line number Diff line number Diff line
@@ -1362,9 +1362,15 @@ public class MediaSessionRecord extends MediaSessionRecordImpl implements IBinde 


        @Override

        public IBinder getBinderForSetQueue() throws RemoteException {

            return new ParcelableListBinder<QueueItem>((list) -> {

            return new ParcelableListBinder<QueueItem>(

                    (list) -> {

                        // Checking list items are instanceof QueueItem to validate against

                        // malicious apps calling it directly via reflection with non compilable

                        // items. See b/317048338 for more details

                        List<QueueItem> sanitizedQueue =

                                list.stream().filter(it -> it instanceof QueueItem).toList();

                        synchronized (mLock) {

                    mQueue = list;

                            mQueue = sanitizedQueue;

                        }

                        mHandler.post(MessageHandler.MSG_UPDATE_QUEUE);

                    });