Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d7c8ffd0 authored by Eva Tsai's avatar Eva Tsai Committed by Automerger Merge Worker
Browse files

Merge "Revert "Validate package name passed to setApplicationRestrictions.""... 

Merge "Revert "Validate package name passed to setApplicationRestrictions."" into sc-v2-dev am: c448026a am: f2c91e4c am: 3b978d25

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/19816835



Change-Id: I1f2e1dd178163b4430a44af9c675aaae88cf3f12
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents fee22841 3b978d25

services/core/java/com/android/server/pm/UserManagerService.java

+0 −41
Original line number Diff line number Diff line
@@ -95,7 +95,6 @@ import android.text.TextUtils; 
import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.AtomicFile;

import android.util.EventLog;

import android.util.IndentingPrintWriter;

import android.util.IntArray;

import android.util.Slog;
@@ -4971,13 +4970,6 @@ public class UserManagerService extends IUserManager.Stub { 
    public void setApplicationRestrictions(String packageName, Bundle restrictions,

            @UserIdInt int userId) {

        checkSystemOrRoot("set application restrictions");

        String validationResult = validateName(packageName);

        if (validationResult != null) {

            if (packageName.contains("../")) {

                EventLog.writeEvent(0x534e4554, "239701237", -1, "");

            }

            throw new IllegalArgumentException("Invalid package name: " + validationResult);

        }

        if (restrictions != null) {

            restrictions.setDefusable(true);

        }
@@ -5004,39 +4996,6 @@ public class UserManagerService extends IUserManager.Stub { 
        mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId));

    }



    /**

     * Check if the given name is valid.

     *

     * Note: the logic is taken from FrameworkParsingPackageUtils in master, edited to remove

     * unnecessary parts. Copied here for a security fix.

     *

     * @param name The name to check.

     * @return null if it's valid, error message if not

     */

    @VisibleForTesting

    static String validateName(String name) {

        final int n = name.length();

        boolean front = true;

        for (int i = 0; i < n; i++) {

            final char c = name.charAt(i);

            if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) {

                front = false;

                continue;

            }

            if (!front) {

                if ((c >= '0' && c <= '9') || c == '_') {

                    continue;

                }

                if (c == '.') {

                    front = true;

                    continue;

                }

            }

            return "bad character '" + c + "'";

        }

        return null;

    }



    private int getUidForPackage(String packageName) {

        final long ident = Binder.clearCallingIdentity();

        try {

services/tests/servicestests/src/com/android/server/pm/UserManagerServiceTest.java

+0 −7
Original line number Diff line number Diff line
@@ -114,13 +114,6 @@ public class UserManagerServiceTest { 
        assertThat(result).isEmpty();

    }



    public void testValidateName() {

        assertNull(UserManagerService.validateName("android"));

        assertNull(UserManagerService.validateName("com.company.myapp"));

        assertNotNull(UserManagerService.validateName("/../../data"));

        assertNotNull(UserManagerService.validateName("/dir"));

    }



    private Bundle createBundle() {

        Bundle result = new Bundle();

        // Tests for 6 allowed types: Integer, Boolean, String, String[], Bundle and Parcelable[]