Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 287e22a9 authored by Jay Thomas Sullivan's avatar Jay Thomas Sullivan Committed by Jay Sullivan
Browse files

Fix isAutoRevokeWhitelisted vulnerability 

Apps should not be allowed to programatically check whether a given
package is installed on the current device.

But, currently, isAutoRevokeWhitelisted allows app to do so by invoking
isAutoRevokeWhitelisted for a package name, then checking for an error:

- if NullPointerException is thrown, the package does not exist, or
- if SecurityException is thrown, the package exists.

The NullPointerException occurs in PermissionManagerService on the line:

    final int packageUid = UserHandle.getUid(userId, pkg.getUid());
                                                      ^ null

The solution is to:

- avoid a NullPointerException by moving the above line of code down
  below where we've already null-checked 'pkg' (checkAutoRevokeAccess),
- return false when the target app doesn't exist, and
- return false when the calling app doesn't have permission to access
  the target app (via filterAppAccess).

Bug: 186404493
Test: manual
Change-Id: Ibae43d92b8eee24a0e56f08c878a7fe793833287
parent 92ce6e95
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment