Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8ecaa01 authored by Austin Borger's avatar Austin Borger Committed by Automerger Merge Worker
Browse files

Merge "Fix vulnerability in AttributionSource due to incorrect Binder call"... 

Merge "Fix vulnerability in AttributionSource due to incorrect Binder call" into udc-dev am: 1a03b253

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/21497448



Change-Id: I4f63285efed6d08d02bebfce8a6fff6e1de07290
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents c5cbe35d 1a03b253

core/java/android/content/AttributionSource.java

+5 −0
Original line number Diff line number Diff line
@@ -155,6 +155,11 @@ public final class AttributionSource implements Parcelable { 
    AttributionSource(@NonNull Parcel in) {

        this(AttributionSourceState.CREATOR.createFromParcel(in));



        if (!Binder.isDirectlyHandlingTransaction()) {

            throw new SecurityException("AttributionSource should be unparceled during a binder "

                    + "transaction for proper verification.");

        }



        // Since we just unpacked this object as part of it transiting a Binder

        // call, this is the perfect time to enforce that its UID and PID can be trusted

        enforceCallingUidAndPid();