Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0613dce authored by Jeff Sharkey's avatar Jeff Sharkey Committed by Jeff Sharkey
Browse files

Force loading of safe labels in system_server. 

It's too easy for code to accidentally use loadLabel() when building
strings for security sensitive contexts, so add ability for a process
to always force loading of safe strings.

Test: builds, boots
Bug: 73657770
Change-Id: I1c7645bd7bebed0cfb6bc3e5bfd36c8cb11d4838
parent d0f517b9

core/java/android/content/pm/PackageItemInfo.java

+19 −2
Original line number Diff line number Diff line
@@ -43,6 +43,14 @@ import java.util.Comparator; 
 */

public class PackageItemInfo {

    private static final float MAX_LABEL_SIZE_PX = 500f;



    private static volatile boolean sForceSafeLabels = false;



    /** {@hide} */

    public static void setForceSafeLabels(boolean forceSafeLabels) {

        sForceSafeLabels = forceSafeLabels;

    }



    /**

     * Public name of this item. From the "android:name" attribute.

     */
@@ -128,7 +136,16 @@ public class PackageItemInfo { 
     * @return Returns a CharSequence containing the item's label.  If the

     * item does not have a label, its name is returned.

     */

    public CharSequence loadLabel(PackageManager pm) {

    public @NonNull CharSequence loadLabel(@NonNull PackageManager pm) {

        if (sForceSafeLabels) {

            return loadSafeLabel(pm);

        } else {

            return loadUnsafeLabel(pm);

        }

    }



    /** {@hide} */

    public CharSequence loadUnsafeLabel(PackageManager pm) {

        if (nonLocalizedLabel != null) {

            return nonLocalizedLabel;

        }
@@ -163,7 +180,7 @@ public class PackageItemInfo { 
    @SystemApi

    public @NonNull CharSequence loadSafeLabel(@NonNull PackageManager pm) {

        // loadLabel() always returns non-null

        String label = loadLabel(pm).toString();

        String label = loadUnsafeLabel(pm).toString();

        // strip HTML tags to avoid <br> and other tags overwriting original message

        String labelStr = Html.fromHtml(label).toString();

services/java/com/android/server/SystemServer.java

+3 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ import android.content.ComponentName; 
import android.content.ContentResolver;

import android.content.Context;

import android.content.Intent;

import android.content.pm.PackageItemInfo;

import android.content.pm.PackageManager;

import android.content.res.Configuration;

import android.content.res.Resources.Theme;
@@ -331,6 +332,8 @@ public final class SystemServer { 


            // The system server should never make non-oneway calls

            Binder.setWarnOnBlocking(true);

            // The system server should always load safe labels

            PackageItemInfo.setForceSafeLabels(true);

            // Deactivate SQLiteCompatibilityWalFlags until settings provider is initialized

            SQLiteCompatibilityWalFlags.init(null);