Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24ee38d1 authored by Alex Buynytskyy's avatar Alex Buynytskyy Committed by Automerger Merge Worker
Browse files

Validate package names passed to the installer. am: d42af9a5 am: dd8a33e1 am: f7b47c51 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/25648374



Change-Id: If15bca0854ef377933484a0c23948469b8ec688b
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents aaaa43f7 f7b47c51

services/core/java/com/android/server/pm/PackageInstallerService.java

+24 −5
Original line number Diff line number Diff line
@@ -55,6 +55,7 @@ import android.content.pm.PackageItemInfo; 
import android.content.pm.PackageManager;

import android.content.pm.ParceledListSlice;

import android.content.pm.VersionedPackage;

import android.content.pm.parsing.FrameworkParsingPackageUtils;

import android.graphics.Bitmap;

import android.net.Uri;

import android.os.Binder;
@@ -665,17 +666,22 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 


        // App package name and label length is restricted so that really long strings aren't

        // written to disk.

        if (params.appPackageName != null

                && params.appPackageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {

        if (params.appPackageName != null && !isValidPackageName(params.appPackageName)) {

            params.appPackageName = null;

        }



        params.appLabel = TextUtils.trimToSize(params.appLabel,

                PackageItemInfo.MAX_SAFE_LABEL_LENGTH);



        String requestedInstallerPackageName = (params.installerPackageName != null

                && params.installerPackageName.length() < SessionParams.MAX_PACKAGE_NAME_LENGTH)

                ? params.installerPackageName : installerPackageName;

        // Validate installer package name.

        if (params.installerPackageName != null && !isValidPackageName(

                params.installerPackageName)) {

            params.installerPackageName = null;

        }



        var requestedInstallerPackageName =

                params.installerPackageName != null ? params.installerPackageName

                        : installerPackageName;



        if (PackageManagerServiceUtils.isRootOrShell(callingUid)

                || PackageInstallerSession.isSystemDataLoaderInstallation(params)
@@ -1085,6 +1091,19 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        return Integer.parseInt(sessionId);

    }



    private static boolean isValidPackageName(@NonNull String packageName) {

        if (packageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {

            return false;

        }

        // "android" is a valid package name

        var errorMessage = FrameworkParsingPackageUtils.validateName(

                packageName, /* requireSeparator= */ false, /* requireFilename */ true);

        if (errorMessage != null) {

            return false;

        }

        return true;

    }



    private File getTmpSessionDir(String volumeUuid) {

        return Environment.getDataAppDirectory(volumeUuid);

    }