Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ac18c3df authored by Pinyao Ting's avatar Pinyao Ting Committed by Android Build Coastguard Worker
Browse files

Verify caller before auto granting slice permission 

Currently SliceManagerService#checkSlicePermission does not verify the
caller's identity. This leads to a security vulnerability because
checkSlicePermission does more than checking the permission as opposed
to simply return a boolean value -- it additionally grants slice access
under a certain condition. A malicious app can spoof the calling package
to acquire slice access.

This CL verifies the caller before granting slice access.

Bug: 208232850, 179699767
Test: manual
Change-Id: I2539c9ff5ea977c91bb58185c95280b4d533a520
Merged-In: I2539c9ff5ea977c91bb58185c95280b4d533a520
(cherry picked from commit 5bd2196c)
(cherry picked from commit 3c92d74d)
Merged-In: I2539c9ff5ea977c91bb58185c95280b4d533a520
parent cccb7d5d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment