Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 33b4ab78 authored by Rhed Jao's avatar Rhed Jao
Browse files

Enforce package visibility to the api getCreatorPackage 

App can query which applications are installed on the device
via the api PendingIntent#getCreatorPackage. This cl enforces
package visibility filter to the getCreatorPackage api to fix
this security issue.

Bug: 198782887
Test: atest AppEnumerationTests
Test: PoC application
Change-Id: I4c30a161dc92076861f764ed2d049fab9263d6ab
parent 96b12a26

services/core/java/com/android/server/am/ActivityManagerService.java

+9 −4
Original line number Diff line number Diff line
@@ -5091,14 +5091,19 @@ public class ActivityManagerService extends IActivityManager.Stub 
    @Override

    public PendingIntentInfo getInfoForIntentSender(IIntentSender sender) {

        if (sender instanceof PendingIntentRecord) {

            PendingIntentRecord res = (PendingIntentRecord) sender;

            final PendingIntentRecord res = (PendingIntentRecord) sender;

            final String packageName = res.key.packageName;

            final int uid = res.uid;

            final boolean shouldFilter = getPackageManagerInternal().filterAppAccess(

                    packageName, Binder.getCallingUid(), UserHandle.getUserId(uid));

            return new PendingIntentInfo(

                    res.key.packageName,

                    res.uid,

                    shouldFilter ? null : packageName,

                    shouldFilter ? INVALID_UID : uid,

                    (res.key.flags & PendingIntent.FLAG_IMMUTABLE) != 0,

                    res.key.type);

        } else {

            return new PendingIntentInfo(null, -1, false, ActivityManager.INTENT_SENDER_UNKNOWN);

            return new PendingIntentInfo(null, INVALID_UID, false,

                    ActivityManager.INTENT_SENDER_UNKNOWN);

        }

    }