Loading core/java/android/accessibilityservice/AccessibilityService.java +4 −0 Original line number Diff line number Diff line Loading @@ -1982,6 +1982,10 @@ public abstract class AccessibilityService extends Service { IAccessibilityServiceConnection connection = AccessibilityInteractionClient.getInstance().getConnection(mConnectionId); if (mInfo != null && connection != null) { if (!mInfo.isWithinParcelableSize()) { throw new IllegalStateException( "Cannot update service info: size is larger than safe parcelable limits."); } try { connection.setServiceInfo(mInfo); mInfo = null; Loading core/java/android/accessibilityservice/AccessibilityServiceInfo.java +10 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,7 @@ import android.content.res.XmlResourceParser; import android.graphics.drawable.Drawable; import android.hardware.fingerprint.FingerprintManager; import android.os.Build; import android.os.IBinder; import android.os.Parcel; import android.os.Parcelable; import android.os.RemoteException; Loading Loading @@ -1028,6 +1029,15 @@ public class AccessibilityServiceInfo implements Parcelable { return 0; } /** @hide */ public final boolean isWithinParcelableSize() { final Parcel parcel = Parcel.obtain(); writeToParcel(parcel, 0); final boolean result = parcel.dataSize() <= IBinder.MAX_IPC_SIZE; parcel.recycle(); return result; } public void writeToParcel(Parcel parcel, int flagz) { parcel.writeInt(eventTypes); parcel.writeStringArray(packageNames); Loading core/java/android/net/Uri.java +15 −7 Original line number Diff line number Diff line Loading @@ -1194,13 +1194,16 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { } static Uri readFrom(Parcel parcel) { return new HierarchicalUri( parcel.readString8(), Part.readFrom(parcel), PathPart.readFrom(parcel), Part.readFrom(parcel), Part.readFrom(parcel) ); final String scheme = parcel.readString8(); final Part authority = Part.readFrom(parcel); // In RFC3986 the path should be determined based on whether there is a scheme or // authority present (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.3). final boolean hasSchemeOrAuthority = (scheme != null && scheme.length() > 0) || !authority.isEmpty(); final PathPart path = PathPart.readFrom(hasSchemeOrAuthority, parcel); final Part query = Part.readFrom(parcel); final Part fragment = Part.readFrom(parcel); return new HierarchicalUri(scheme, authority, path, query, fragment); } public int describeContents() { Loading Loading @@ -2259,6 +2262,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { } } static PathPart readFrom(boolean hasSchemeOrAuthority, Parcel parcel) { final PathPart path = readFrom(parcel); return hasSchemeOrAuthority ? makeAbsolute(path) : path; } /** * Creates a path from the encoded string. * Loading core/tests/coretests/src/android/net/UriTest.java +54 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,7 @@ public class UriTest extends TestCase { public void testParcelling() { parcelAndUnparcel(Uri.parse("foo:bob%20lee")); parcelAndUnparcel(Uri.fromParts("foo", "bob lee", "fragment")); parcelAndUnparcel(Uri.fromParts("https", "www.google.com", null)); parcelAndUnparcel(new Uri.Builder() .scheme("http") .authority("crazybob.org") Loading Loading @@ -873,9 +874,62 @@ public class UriTest extends TestCase { Throwable targetException = expected.getTargetException(); // Check that the exception was thrown for the correct reason. assertEquals("Unknown representation: 0", targetException.getMessage()); } finally { parcel.recycle(); } } private Uri buildUriFromRawParcel(boolean argumentsEncoded, String scheme, String authority, String path, String query, String fragment) { // Representation value (from AbstractPart.REPRESENTATION_{ENCODED,DECODED}). final int representation = argumentsEncoded ? 1 : 2; Parcel parcel = Parcel.obtain(); try { parcel.writeInt(3); // hierarchical parcel.writeString8(scheme); parcel.writeInt(representation); parcel.writeString8(authority); parcel.writeInt(representation); parcel.writeString8(path); parcel.writeInt(representation); parcel.writeString8(query); parcel.writeInt(representation); parcel.writeString8(fragment); parcel.setDataPosition(0); return Uri.CREATOR.createFromParcel(parcel); } finally { parcel.recycle(); } } public void testUnparcelMalformedPath() { // Regression tests for b/171966843. // Test cases with arguments encoded (covering testing `scheme` * `authority` options). Uri uri0 = buildUriFromRawParcel(true, "https", "google.com", "@evil.com", null, null); assertEquals("https://google.com/@evil.com", uri0.toString()); Uri uri1 = buildUriFromRawParcel(true, null, "google.com", "@evil.com", "name=spark", "x"); assertEquals("//google.com/@evil.com?name=spark#x", uri1.toString()); Uri uri2 = buildUriFromRawParcel(true, "http:", null, "@evil.com", null, null); assertEquals("http::/@evil.com", uri2.toString()); Uri uri3 = buildUriFromRawParcel(true, null, null, "@evil.com", null, null); assertEquals("@evil.com", uri3.toString()); // Test cases with arguments not encoded (covering testing `scheme` * `authority` options). Uri uriA = buildUriFromRawParcel(false, "https", "google.com", "@evil.com", null, null); assertEquals("https://google.com/%40evil.com", uriA.toString()); Uri uriB = buildUriFromRawParcel(false, null, "google.com", "@evil.com", null, null); assertEquals("//google.com/%40evil.com", uriB.toString()); Uri uriC = buildUriFromRawParcel(false, "http:", null, "@evil.com", null, null); assertEquals("http::/%40evil.com", uriC.toString()); Uri uriD = buildUriFromRawParcel(false, null, null, "@evil.com", "name=spark", "y"); assertEquals("%40evil.com?name%3Dspark#y", uriD.toString()); } public void testToSafeString() { checkToSafeString("tel:xxxxxx", "tel:Google"); checkToSafeString("tel:xxxxxxxxxx", "tel:1234567890"); Loading services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +6 −0 Original line number Diff line number Diff line Loading @@ -1353,6 +1353,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub AccessibilityServiceInfo accessibilityServiceInfo; try { accessibilityServiceInfo = new AccessibilityServiceInfo(resolveInfo, mContext); if (!accessibilityServiceInfo.isWithinParcelableSize()) { Slog.e(LOG_TAG, "Skipping service " + accessibilityServiceInfo.getResolveInfo().getComponentInfo() + " because service info size is larger than safe parcelable limits."); continue; } if (userState.mCrashedServices.contains(serviceInfo.getComponentName())) { // Restore the crashed attribute. accessibilityServiceInfo.crashed = true; Loading Loading
core/java/android/accessibilityservice/AccessibilityService.java +4 −0 Original line number Diff line number Diff line Loading @@ -1982,6 +1982,10 @@ public abstract class AccessibilityService extends Service { IAccessibilityServiceConnection connection = AccessibilityInteractionClient.getInstance().getConnection(mConnectionId); if (mInfo != null && connection != null) { if (!mInfo.isWithinParcelableSize()) { throw new IllegalStateException( "Cannot update service info: size is larger than safe parcelable limits."); } try { connection.setServiceInfo(mInfo); mInfo = null; Loading
core/java/android/accessibilityservice/AccessibilityServiceInfo.java +10 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,7 @@ import android.content.res.XmlResourceParser; import android.graphics.drawable.Drawable; import android.hardware.fingerprint.FingerprintManager; import android.os.Build; import android.os.IBinder; import android.os.Parcel; import android.os.Parcelable; import android.os.RemoteException; Loading Loading @@ -1028,6 +1029,15 @@ public class AccessibilityServiceInfo implements Parcelable { return 0; } /** @hide */ public final boolean isWithinParcelableSize() { final Parcel parcel = Parcel.obtain(); writeToParcel(parcel, 0); final boolean result = parcel.dataSize() <= IBinder.MAX_IPC_SIZE; parcel.recycle(); return result; } public void writeToParcel(Parcel parcel, int flagz) { parcel.writeInt(eventTypes); parcel.writeStringArray(packageNames); Loading
core/java/android/net/Uri.java +15 −7 Original line number Diff line number Diff line Loading @@ -1194,13 +1194,16 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { } static Uri readFrom(Parcel parcel) { return new HierarchicalUri( parcel.readString8(), Part.readFrom(parcel), PathPart.readFrom(parcel), Part.readFrom(parcel), Part.readFrom(parcel) ); final String scheme = parcel.readString8(); final Part authority = Part.readFrom(parcel); // In RFC3986 the path should be determined based on whether there is a scheme or // authority present (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.3). final boolean hasSchemeOrAuthority = (scheme != null && scheme.length() > 0) || !authority.isEmpty(); final PathPart path = PathPart.readFrom(hasSchemeOrAuthority, parcel); final Part query = Part.readFrom(parcel); final Part fragment = Part.readFrom(parcel); return new HierarchicalUri(scheme, authority, path, query, fragment); } public int describeContents() { Loading Loading @@ -2259,6 +2262,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { } } static PathPart readFrom(boolean hasSchemeOrAuthority, Parcel parcel) { final PathPart path = readFrom(parcel); return hasSchemeOrAuthority ? makeAbsolute(path) : path; } /** * Creates a path from the encoded string. * Loading
core/tests/coretests/src/android/net/UriTest.java +54 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,7 @@ public class UriTest extends TestCase { public void testParcelling() { parcelAndUnparcel(Uri.parse("foo:bob%20lee")); parcelAndUnparcel(Uri.fromParts("foo", "bob lee", "fragment")); parcelAndUnparcel(Uri.fromParts("https", "www.google.com", null)); parcelAndUnparcel(new Uri.Builder() .scheme("http") .authority("crazybob.org") Loading Loading @@ -873,9 +874,62 @@ public class UriTest extends TestCase { Throwable targetException = expected.getTargetException(); // Check that the exception was thrown for the correct reason. assertEquals("Unknown representation: 0", targetException.getMessage()); } finally { parcel.recycle(); } } private Uri buildUriFromRawParcel(boolean argumentsEncoded, String scheme, String authority, String path, String query, String fragment) { // Representation value (from AbstractPart.REPRESENTATION_{ENCODED,DECODED}). final int representation = argumentsEncoded ? 1 : 2; Parcel parcel = Parcel.obtain(); try { parcel.writeInt(3); // hierarchical parcel.writeString8(scheme); parcel.writeInt(representation); parcel.writeString8(authority); parcel.writeInt(representation); parcel.writeString8(path); parcel.writeInt(representation); parcel.writeString8(query); parcel.writeInt(representation); parcel.writeString8(fragment); parcel.setDataPosition(0); return Uri.CREATOR.createFromParcel(parcel); } finally { parcel.recycle(); } } public void testUnparcelMalformedPath() { // Regression tests for b/171966843. // Test cases with arguments encoded (covering testing `scheme` * `authority` options). Uri uri0 = buildUriFromRawParcel(true, "https", "google.com", "@evil.com", null, null); assertEquals("https://google.com/@evil.com", uri0.toString()); Uri uri1 = buildUriFromRawParcel(true, null, "google.com", "@evil.com", "name=spark", "x"); assertEquals("//google.com/@evil.com?name=spark#x", uri1.toString()); Uri uri2 = buildUriFromRawParcel(true, "http:", null, "@evil.com", null, null); assertEquals("http::/@evil.com", uri2.toString()); Uri uri3 = buildUriFromRawParcel(true, null, null, "@evil.com", null, null); assertEquals("@evil.com", uri3.toString()); // Test cases with arguments not encoded (covering testing `scheme` * `authority` options). Uri uriA = buildUriFromRawParcel(false, "https", "google.com", "@evil.com", null, null); assertEquals("https://google.com/%40evil.com", uriA.toString()); Uri uriB = buildUriFromRawParcel(false, null, "google.com", "@evil.com", null, null); assertEquals("//google.com/%40evil.com", uriB.toString()); Uri uriC = buildUriFromRawParcel(false, "http:", null, "@evil.com", null, null); assertEquals("http::/%40evil.com", uriC.toString()); Uri uriD = buildUriFromRawParcel(false, null, null, "@evil.com", "name=spark", "y"); assertEquals("%40evil.com?name%3Dspark#y", uriD.toString()); } public void testToSafeString() { checkToSafeString("tel:xxxxxx", "tel:Google"); checkToSafeString("tel:xxxxxxxxxx", "tel:1234567890"); Loading
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +6 −0 Original line number Diff line number Diff line Loading @@ -1353,6 +1353,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub AccessibilityServiceInfo accessibilityServiceInfo; try { accessibilityServiceInfo = new AccessibilityServiceInfo(resolveInfo, mContext); if (!accessibilityServiceInfo.isWithinParcelableSize()) { Slog.e(LOG_TAG, "Skipping service " + accessibilityServiceInfo.getResolveInfo().getComponentInfo() + " because service info size is larger than safe parcelable limits."); continue; } if (userState.mCrashedServices.contains(serviceInfo.getComponentName())) { // Restore the crashed attribute. accessibilityServiceInfo.crashed = true; Loading
