Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b6107b0 authored by Amit Mahajan's avatar Amit Mahajan
Browse files

Update exception logging to avoid revealing if a pkg is installed. 

Test: manual
Bug: 178189576
Change-Id: I06444e282c4676f685ea3d3fd6acfdb7dd92168d
parent 8f48e656

src/java/com/android/internal/telephony/SmsUsageMonitor.java

+7 −4
Original line number Diff line number Diff line
@@ -592,16 +592,19 @@ public class SmsUsageMonitor { 
        if (appId == Process.SYSTEM_UID || appId == Process.PHONE_UID || uid == 0) {

            return;

        }

        // log string should be same in both exception scenarios below, otherwise it can be used to

        // detect if a package is installed on the device which is a privacy/security issue

        String errorLog = "Calling uid " + uid + " gave package " + pkg + " which is either "

                + "unknown or owned by another uid";

        try {

            ApplicationInfo ai = mContext.getPackageManager().getApplicationInfoAsUser(

                    pkg, 0, UserHandle.getUserHandleForUid(uid));



            if (UserHandle.getAppId(ai.uid) != UserHandle.getAppId(uid)) {

                throw new SecurityException("Calling uid " + uid + " gave package"

                        + pkg + " which is owned by uid " + ai.uid);

                throw new SecurityException(errorLog);

            }

        } catch (NameNotFoundException ex) {

            throw new SecurityException("Unknown package " + pkg + "\n" + ex);

            throw new SecurityException(errorLog);

        }

    }