Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 287fd504 authored by Alex Buynytskyy's avatar Alex Buynytskyy Committed by Automerger Merge Worker
Browse files

Merge "Validate package names passed to the installer." into sc-dev am: abbb9507 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/25676760



Change-Id: I3b77329a2c4b69ae9338e5967f5f001044b715e0
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 2c94a7e2 abbb9507

services/core/java/com/android/server/pm/PackageInstallerService.java

+24 −5
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ import android.content.pm.PackageItemInfo; 
import android.content.pm.PackageManager;

import android.content.pm.ParceledListSlice;

import android.content.pm.VersionedPackage;

import android.content.pm.parsing.ParsingPackageUtils;

import android.graphics.Bitmap;

import android.net.Uri;

import android.os.Binder;
@@ -601,17 +602,22 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 


        // App package name and label length is restricted so that really long strings aren't

        // written to disk.

        if (params.appPackageName != null

                && params.appPackageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {

        if (params.appPackageName != null && !isValidPackageName(params.appPackageName)) {

            params.appPackageName = null;

        }



        params.appLabel = TextUtils.trimToSize(params.appLabel,

                PackageItemInfo.MAX_SAFE_LABEL_LENGTH);



        String requestedInstallerPackageName = (params.installerPackageName != null

                && params.installerPackageName.length() < SessionParams.MAX_PACKAGE_NAME_LENGTH)

                ? params.installerPackageName : installerPackageName;

        // Validate installer package name.

        if (params.installerPackageName != null && !isValidPackageName(

                params.installerPackageName)) {

            params.installerPackageName = null;

        }



        String requestedInstallerPackageName =

                params.installerPackageName != null ? params.installerPackageName

                        : installerPackageName;



        if ((callingUid == Process.SHELL_UID) || (callingUid == Process.ROOT_UID)) {

            params.installFlags |= PackageManager.INSTALL_FROM_ADB;
@@ -935,6 +941,19 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        throw new IllegalStateException("Failed to allocate session ID");

    }



    private static boolean isValidPackageName(@NonNull String packageName) {

        if (packageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {

            return false;

        }

        // "android" is a valid package name

        String errorMessage = ParsingPackageUtils.validateName(

                packageName, /* requireSeparator= */ false, /* requireFilename */ true);

        if (errorMessage != null) {

            return false;

        }

        return true;

    }



    private File getTmpSessionDir(String volumeUuid) {

        return Environment.getDataAppDirectory(volumeUuid);

    }