Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3f3fa1b5 authored by Felipe Leme's avatar Felipe Leme
Browse files

Make sure apps cannot forge package name on AssistStructure used for Autofill. 

Test: atest CtsAutoFillServiceTestCases:VirtualContainerActivityTest#testAppCannotFakePackageName
Test: atest CtsAutoFillServiceTestCases
Fixes: 69981710

Change-Id: Id6036cddb51dd8dd0c9128b7212d573f630d693f
parent e012e839

core/java/android/app/assist/AssistStructure.java

+10 −0
Original line number Diff line number Diff line
@@ -2139,6 +2139,16 @@ public class AssistStructure implements Parcelable { 
        return mActivityComponent;

    }



    /**

     * Called by Autofill server when app forged a different value.

     *

     * @hide

     */

    public void setActivityComponent(ComponentName componentName) {

        ensureData();

        mActivityComponent = componentName;

    }



    /** @hide */

    public int getFlags() {

        return mFlags;

services/autofill/java/com/android/server/autofill/Session.java

+5 −0
Original line number Diff line number Diff line
@@ -236,6 +236,11 @@ final class Session implements RemoteFillService.FillServiceCallbacks, ViewState 
                structure.ensureData();



                // Sanitize structure before it's sent to service.

                if (!mComponentName.equals(structure.getActivityComponent())) {

                    Slog.w(TAG, "Activity " + mComponentName + " forged different component on "

                            + "AssistStructure: " + structure.getActivityComponent());

                    structure.setActivityComponent(mComponentName);

                }

                structure.sanitizeForParceling(true);



                // Flags used to start the session.