Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 66864c7a authored by William Leshner's avatar William Leshner Committed by Automerger Merge Worker
Browse files

Merge "Fix vulnerability that allowed attackers to start arbitary activities"... 

Merge "Fix vulnerability that allowed attackers to start arbitary activities" into rvc-dev am: 6b55e128 am: eebdc4c3

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/25238611



Change-Id: I4f3f0e6d5a684db51727da3785f138ac9bbd7a0b
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents c24ce12b eebdc4c3

packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java

+11 −1
Original line number Diff line number Diff line
@@ -351,7 +351,17 @@ public class DreamBackend { 
        if (cn != null && cn.indexOf('/') < 0) {

            cn = resolveInfo.serviceInfo.packageName + "/" + cn;

        }

        return cn == null ? null : ComponentName.unflattenFromString(cn);

        // Ensure that the component is from the same package as the dream service. If not,

        // treat the component as invalid and return null instead.

        final ComponentName result = cn != null ? ComponentName.unflattenFromString(cn) : null;

        if (result != null

                && !result.getPackageName().equals(resolveInfo.serviceInfo.packageName)) {

            Log.w(TAG,

                    "Inconsistent package name in component: " + result.getPackageName()

                            + ", should be: " + resolveInfo.serviceInfo.packageName);

            return null;

        }

        return result;

    }



    private static void logd(String msg, Object... args) {