Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a32504fc authored by Christopher Tate's avatar Christopher Tate
Browse files

Fix security hole in Google backup transport registration 

Previously, it was conceivable that a 3rd party application on a non-GED
device could publish a service that supported the (hidden) IBackupTransport
interface and spoofed the Google backup transport's package and component
name.  This could allow it to secretly intercept all data moved through the
backup mechanism.

Fix by ensuring that the package in question exists and is part of the
OS itself (FLAG_SYSTEM in its ApplicationInfo description) before binding
to it.

Fixes bug #2457063

Change-Id: I3487572be45c2014fa209beacfe3ac6f8270f872
parent 0dde41fb
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment