Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 3916fdc3 authored by Will Leshner's avatar Will Leshner Committed by Kevin F. Haggerty
Browse files

Fix vulnerability that allowed attackers to start arbitary activities 

Test: Flashed device and verified dream settings works as expected
Test: Installed APK from bug and verified the dream didn't allow
launching the inappropriate settings activity.
Fixes: 300090204
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6926fd15fb16c51468dde270bd61ee68772b8c14)
Merged-In: I573040df84bf98a493b39f96c8581e4303206bac
Change-Id: I573040df84bf98a493b39f96c8581e4303206bac
parent 771669ad

packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java

+11 −1
Original line number Diff line number Diff line
@@ -351,7 +351,17 @@ public class DreamBackend { 
        if (cn != null && cn.indexOf('/') < 0) {

            cn = resolveInfo.serviceInfo.packageName + "/" + cn;

        }

        return cn == null ? null : ComponentName.unflattenFromString(cn);

        // Ensure that the component is from the same package as the dream service. If not,

        // treat the component as invalid and return null instead.

        final ComponentName result = cn != null ? ComponentName.unflattenFromString(cn) : null;

        if (result != null

                && !result.getPackageName().equals(resolveInfo.serviceInfo.packageName)) {

            Log.w(TAG,

                    "Inconsistent package name in component: " + result.getPackageName()

                            + ", should be: " + resolveInfo.serviceInfo.packageName);

            return null;

        }

        return result;

    }



    private static void logd(String msg, Object... args) {