Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7cac22f authored by Austin Borger's avatar Austin Borger Committed by Automerger Merge Worker
Browse files

Merge "Fix vulnerability in AttributionSource due to incorrect Binder call"... 

Merge "Fix vulnerability in AttributionSource due to incorrect Binder call" into udc-dev am: 1a03b253

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/21497448



Change-Id: Ib08a8121f7a71240afb3c1f4e6454f5987132619
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 540ea968 1a03b253

core/java/android/content/AttributionSource.java

+5 −0
Original line number Diff line number Diff line
@@ -155,6 +155,11 @@ public final class AttributionSource implements Parcelable { 
    AttributionSource(@NonNull Parcel in) {

        this(AttributionSourceState.CREATOR.createFromParcel(in));



        if (!Binder.isDirectlyHandlingTransaction()) {

            throw new SecurityException("AttributionSource should be unparceled during a binder "

                    + "transaction for proper verification.");

        }



        // Since we just unpacked this object as part of it transiting a Binder

        // call, this is the perfect time to enforce that its UID and PID can be trusted

        enforceCallingUidAndPid();