Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c4ef7eec authored by William Loh's avatar William Loh
Browse files

Limit class name checks to bad characters 

Restricting component class names to only contain
Character.isJavaIdentifierPart was too strict and causing too many
existing apps to fail install.

Bug: 294158017
Bug: 259946410
Test: atest AndroidPackageParsingValidationTest
Change-Id: Ic8c53d333249c08e4f982c68820836cb81f4a03a
parent 84f5fa0b

core/java/android/content/res/Element.java

+6 −24
Original line number Diff line number Diff line
@@ -42,6 +42,8 @@ public class Element { 
    public static final int MAX_ATTR_LEN_PATH = 4000;

    public static final int MAX_ATTR_LEN_DATA_VALUE = 4000;



    private static final String BAD_COMPONENT_NAME_CHARS = ";,[](){}:?-%^*|/\\";



    private static final String TAG = "PackageParsing";

    protected static final String TAG_ACTION = "action";

    protected static final String TAG_ACTIVITY = "activity";
@@ -790,34 +792,14 @@ public class Element { 
    }



    void validateComponentName(CharSequence name) {

        int i = 0;

        if (name.charAt(0) == '.') {

            i = 1;

        }

        boolean isStart = true;

        for (; i < name.length(); i++) {

            if (name.charAt(i) == '.') {

                if (isStart) {

                    break;

                }

                isStart = true;

            } else {

                if (isStart) {

                    if (Character.isJavaIdentifierStart(name.charAt(i))) {

                        isStart = false;

                    } else {

                        break;

                    }

                } else if (!Character.isJavaIdentifierPart(name.charAt(i))) {

                    break;

                }

            }

        }

        if ((i < name.length()) || (name.charAt(name.length() - 1) == '.')) {

        for (int i = 0; i < name.length(); i++) {

            if (BAD_COMPONENT_NAME_CHARS.indexOf(name.charAt(i)) >= 0) {

                Slog.e(TAG, name + " is not a valid Java class name");

                throw new SecurityException(name + " is not a valid Java class name");

            }

        }

    }



    void validateStrAttr(String attrName, String attrValue) {

        if (attrValue != null && attrValue.length() > getAttrStrMaxLen(attrName)) {

services/tests/servicestests/src/com/android/server/pm/parsing/AndroidPackageParsingValidationTest.kt

+20 −2
Original line number Diff line number Diff line
@@ -518,8 +518,26 @@ class AndroidPackageParsingValidationTest { 
            }

        }



        val failNames = arrayOf("com.android.TestClass:", "-TestClass", "TestClass.", ".", "..")

        for (name in failNames) {

        val badNames = arrayOf(

            ";",

            ",",

            "[",

            "]",

            "(",

            ")",

            "{",

            "}",

            ":",

            "?",

            "-",

            "%",

            "^",

            "*",

            "|",

            "/",

            "\\"

        )

        for (name in badNames) {

            val xml = "<$tag $attr=\"$name\" />"

            pullParser.setInput(ByteArrayInputStream(xml.toByteArray()), null)

            val validator = Validator()