Fix permanent denial of service via apis with illegal intent filter (f98c2232) · Commits · e / os / android_frameworks_base

core/java/android/content/IntentFilter.java

+23 −0

Original line number	Diff line number	Diff line
		@@ -2405,6 +2405,29 @@ public class IntentFilter implements Parcelable {
		*/
		}

		/**
		* Perform a check on data paths and scheme specific parts of the intent filter.
		* Return true if it passed.
		* @hide
		*/
		public boolean checkDataPathAndSchemeSpecificParts() {
		final int numDataPath = mDataPaths == null
		? 0 : mDataPaths.size();
		final int numDataSchemeSpecificParts = mDataSchemeSpecificParts == null
		? 0 : mDataSchemeSpecificParts.size();
		for (int i = 0; i < numDataPath; i++) {
		if (!mDataPaths.get(i).check()) {
		return false;
		}
		}
		for (int i = 0; i < numDataSchemeSpecificParts; i++) {
		if (!mDataSchemeSpecificParts.get(i).check()) {
		return false;
		}
		}
		return true;
		}

		/** @hide */
		public IntentFilter(Parcel source) {
		mActions = new ArrayList<String>();

+18 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package android.os;

		import android.util.Log;
		import android.util.proto.ProtoOutputStream;

		import java.util.Arrays;
		@@ -151,6 +152,23 @@ public class PatternMatcher implements Parcelable {
		proto.end(token);
		}

		/**
		* Perform a check on the matcher for the pattern type of {@link #PATTERN_ADVANCED_GLOB}.
		* Return true if it passed.
		* @hide
		*/
		public boolean check() {
		try {
		if (mType == PATTERN_ADVANCED_GLOB) {
		return Arrays.equals(mParsedPattern, parseAndVerifyAdvancedPattern(mPattern));
		}
		} catch (IllegalArgumentException e) {
		Log.w(TAG, "Failed to verify advanced pattern: " + e.getMessage());
		return false;
		}
		return true;
		}

		public int describeContents() {
		return 0;
		}

+5 −0

Original line number	Diff line number	Diff line
		@@ -3373,6 +3373,11 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		enforceOwnerRights(snapshot, ownerPackage, callingUid);
		PackageManagerServiceUtils.enforceShellRestriction(mInjector.getUserManagerInternal(),
		UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, sourceUserId);
		if (!intentFilter.checkDataPathAndSchemeSpecificParts()) {
		EventLog.writeEvent(0x534e4554, "246749936", callingUid);
		throw new IllegalArgumentException("Invalid intent data paths or scheme specific parts"
		+ " in the filter.");
		}
		if (intentFilter.countActions() == 0) {
		Slog.w(TAG, "Cannot set a crossProfile intent filter with no filter actions");
		return;

+6 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,7 @@ import android.os.Build;
		import android.os.Process;
		import android.os.UserHandle;
		import android.text.TextUtils;
		import android.util.EventLog;
		import android.util.Log;
		import android.util.LogPrinter;
		import android.util.PrintStreamPrinter;
		@@ -388,6 +389,11 @@ final class PreferredActivityHelper {
		throw new SecurityException(
		"addPersistentPreferredActivity can only be run by the system");
		}
		if (!filter.checkDataPathAndSchemeSpecificParts()) {
		EventLog.writeEvent(0x534e4554, "246749702", callingUid);
		throw new IllegalArgumentException("Invalid intent data paths or scheme specific parts"
		+ " in the filter.");
		}
		if (filter.countActions() == 0) {
		Slog.w(TAG, "Cannot set a preferred activity with no filter actions");
		return;

+7 −0

Original line number	Diff line number	Diff line
		@@ -670,6 +670,13 @@ public class WatchedIntentFilter
		return mFilter.debugCheck();
		}

		/**
		* @see IntentFilter#checkDataPathAndSchemeSpecificParts()
		*/
		public boolean checkDataPathAndSchemeSpecificParts() {
		return mFilter.checkDataPathAndSchemeSpecificParts();
		}

		/**
		* @see IntentFilter#getHostsList()
		*/