Loading core/java/android/content/res/Element.java +6 −24 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ public class Element { public static final int MAX_ATTR_LEN_PATH = 4000; public static final int MAX_ATTR_LEN_DATA_VALUE = 4000; private static final String BAD_COMPONENT_NAME_CHARS = ";,[](){}:?-%^*|/\\"; private static final String TAG = "PackageParsing"; protected static final String TAG_ACTION = "action"; protected static final String TAG_ACTIVITY = "activity"; Loading Loading @@ -790,34 +792,14 @@ public class Element { } void validateComponentName(CharSequence name) { int i = 0; if (name.charAt(0) == '.') { i = 1; } boolean isStart = true; for (; i < name.length(); i++) { if (name.charAt(i) == '.') { if (isStart) { break; } isStart = true; } else { if (isStart) { if (Character.isJavaIdentifierStart(name.charAt(i))) { isStart = false; } else { break; } } else if (!Character.isJavaIdentifierPart(name.charAt(i))) { break; } } } if ((i < name.length()) || (name.charAt(name.length() - 1) == '.')) { for (int i = 0; i < name.length(); i++) { if (BAD_COMPONENT_NAME_CHARS.indexOf(name.charAt(i)) >= 0) { Slog.e(TAG, name + " is not a valid Java class name"); throw new SecurityException(name + " is not a valid Java class name"); } } } void validateStrAttr(String attrName, String attrValue) { if (attrValue != null && attrValue.length() > getAttrStrMaxLen(attrName)) { Loading services/tests/servicestests/src/com/android/server/pm/parsing/AndroidPackageParsingValidationTest.kt +20 −2 Original line number Diff line number Diff line Loading @@ -518,8 +518,26 @@ class AndroidPackageParsingValidationTest { } } val failNames = arrayOf("com.android.TestClass:", "-TestClass", "TestClass.", ".", "..") for (name in failNames) { val badNames = arrayOf( ";", ",", "[", "]", "(", ")", "{", "}", ":", "?", "-", "%", "^", "*", "|", "/", "\\" ) for (name in badNames) { val xml = "<$tag $attr=\"$name\" />" pullParser.setInput(ByteArrayInputStream(xml.toByteArray()), null) val validator = Validator() Loading Loading
core/java/android/content/res/Element.java +6 −24 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ public class Element { public static final int MAX_ATTR_LEN_PATH = 4000; public static final int MAX_ATTR_LEN_DATA_VALUE = 4000; private static final String BAD_COMPONENT_NAME_CHARS = ";,[](){}:?-%^*|/\\"; private static final String TAG = "PackageParsing"; protected static final String TAG_ACTION = "action"; protected static final String TAG_ACTIVITY = "activity"; Loading Loading @@ -790,34 +792,14 @@ public class Element { } void validateComponentName(CharSequence name) { int i = 0; if (name.charAt(0) == '.') { i = 1; } boolean isStart = true; for (; i < name.length(); i++) { if (name.charAt(i) == '.') { if (isStart) { break; } isStart = true; } else { if (isStart) { if (Character.isJavaIdentifierStart(name.charAt(i))) { isStart = false; } else { break; } } else if (!Character.isJavaIdentifierPart(name.charAt(i))) { break; } } } if ((i < name.length()) || (name.charAt(name.length() - 1) == '.')) { for (int i = 0; i < name.length(); i++) { if (BAD_COMPONENT_NAME_CHARS.indexOf(name.charAt(i)) >= 0) { Slog.e(TAG, name + " is not a valid Java class name"); throw new SecurityException(name + " is not a valid Java class name"); } } } void validateStrAttr(String attrName, String attrValue) { if (attrValue != null && attrValue.length() > getAttrStrMaxLen(attrName)) { Loading
services/tests/servicestests/src/com/android/server/pm/parsing/AndroidPackageParsingValidationTest.kt +20 −2 Original line number Diff line number Diff line Loading @@ -518,8 +518,26 @@ class AndroidPackageParsingValidationTest { } } val failNames = arrayOf("com.android.TestClass:", "-TestClass", "TestClass.", ".", "..") for (name in failNames) { val badNames = arrayOf( ";", ",", "[", "]", "(", ")", "{", "}", ":", "?", "-", "%", "^", "*", "|", "/", "\\" ) for (name in badNames) { val xml = "<$tag $attr=\"$name\" />" pullParser.setInput(ByteArrayInputStream(xml.toByteArray()), null) val validator = Validator() Loading
