Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1c5bffbf authored by Adam Cohen's avatar Adam Cohen
Browse files

Fix security issue in bindRemoteViewsService 

-> Enforce that the passed intent's component belongs to the same package as the
   passed AppWidget id.

issue 15287902

Change-Id: Ic85c38d399fe1cbb6f7efa844ae0f5367a1906ed
parent 1218c313

services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java

+9 −0
Original line number Diff line number Diff line
@@ -843,6 +843,15 @@ class AppWidgetServiceImpl { 
                throw new IllegalArgumentException("Unknown component " + componentName);

            }



            // Ensure that the service specified by the passed intent belongs to the same package

            // as provides the passed widget id.

            String widgetIdPackage = id.provider.info.provider.getPackageName();

            String servicePackage = componentName.getPackageName();

            if (!servicePackage.equals(widgetIdPackage)) {

                throw new SecurityException("Specified intent doesn't belong to the same package"

                        + " as the provided AppWidget id");

            }



            // If there is already a connection made for this service intent, then disconnect from

            // that first. (This does not allow multiple connections to the same service under

            // the same key)