Fix permission bypasses to multiple methods
Researcher reports that some BT calls across Binder are validating only BT's own permissions and not the calling app's permissions. On investigation this seems to be due to a missing null check in several BT permissions checks, which allows a malicious app to pass in a null AttributionSource and therefore produce a stub AttributionSource chain which does not properly check for the caller's permissions. Add null checks. Bug: 242996380 Test: atest UtilsTest Test: researcher POC Tag: #security Ignore-AOSP-First: Security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ed63d97fd6537f539fdde1413bff86a30f80a7b5) Merged-In: I7a11e11257b85dc0752396490abfc79b1c383204 Change-Id: I7a11e11257b85dc0752396490abfc79b1c383204
Loading
Please register or sign in to comment