Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6926fd15 authored by Will Leshner's avatar Will Leshner Committed by William Leshner
Browse files

Fix vulnerability that allowed attackers to start arbitary activities 

Test: Flashed device and verified dream settings works as expected
Test: Installed APK from bug and verified the dream didn't allow
launching the inappropriate settings activity.
Fixes: 300090204

Merged-In: I6e90e3a0d513dceb7d7f5c59d6807ebe164c5716
Merged-In: I146415ad400827d0a798e27f34f098feb5e96422
Merged-In: I7f2351fc7d9a82778ce21f67018a45ac67c9aaf8
Change-Id: I573040df84bf98a493b39f96c8581e4303206bac
parent d926f4f2

packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java

+11 −1
Original line number Diff line number Diff line
@@ -351,7 +351,17 @@ public class DreamBackend { 
        if (cn != null && cn.indexOf('/') < 0) {

            cn = resolveInfo.serviceInfo.packageName + "/" + cn;

        }

        return cn == null ? null : ComponentName.unflattenFromString(cn);

        // Ensure that the component is from the same package as the dream service. If not,

        // treat the component as invalid and return null instead.

        final ComponentName result = cn != null ? ComponentName.unflattenFromString(cn) : null;

        if (result != null

                && !result.getPackageName().equals(resolveInfo.serviceInfo.packageName)) {

            Log.w(TAG,

                    "Inconsistent package name in component: " + result.getPackageName()

                            + ", should be: " + resolveInfo.serviceInfo.packageName);

            return null;

        }

        return result;

    }



    private static void logd(String msg, Object... args) {