diff options
| author | Christopher Tate <ctate@google.com> | 2016-06-13 15:17:54 -0700 |
|---|---|---|
| committer | The Android Automerger <android-build@android.com> | 2016-06-24 16:52:27 -0700 |
| commit | e7cf91a198de995c7440b3b64352effd2e309906 (patch) | |
| tree | f6c9eec88214774ba2314a789d251c5348d41caa /core | |
| parent | 9b8c6d2df35455ce9e67907edded1e4a2ecb9e28 (diff) | |
| download | frameworks_base-e7cf91a198de995c7440b3b64352effd2e309906.zip frameworks_base-e7cf91a198de995c7440b3b64352effd2e309906.tar.gz frameworks_base-e7cf91a198de995c7440b3b64352effd2e309906.tar.bz2 | |
Don't trust callers to supply app info to bindBackupAgent()
Get the canonical identity and metadata about the package from the
Package Manager at time of usage rather than rely on the caller to
have gotten things right, even when the caller has the system uid.
Bug 28795098
Change-Id: I215786bc894dedf7ca28e9c80cefabd0e40ca877
Merge conflict resolution for ag/1133474 (referencing ag/1148862)
- directly to mnc-mr2-release
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/app/ActivityManagerNative.java | 10 | ||||
| -rw-r--r-- | core/java/android/app/IActivityManager.java | 2 |
2 files changed, 7 insertions, 5 deletions
diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java index f6e0735..b9d2595 100644 --- a/core/java/android/app/ActivityManagerNative.java +++ b/core/java/android/app/ActivityManagerNative.java @@ -1582,9 +1582,10 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM case START_BACKUP_AGENT_TRANSACTION: { data.enforceInterface(IActivityManager.descriptor); - ApplicationInfo info = ApplicationInfo.CREATOR.createFromParcel(data); + String packageName = data.readString(); int backupRestoreMode = data.readInt(); - boolean success = bindBackupAgent(info, backupRestoreMode); + int userId = data.readInt(); + boolean success = bindBackupAgent(packageName, backupRestoreMode, userId); reply.writeNoException(); reply.writeInt(success ? 1 : 0); return true; @@ -3831,13 +3832,14 @@ class ActivityManagerProxy implements IActivityManager return binder; } - public boolean bindBackupAgent(ApplicationInfo app, int backupRestoreMode) + public boolean bindBackupAgent(String packageName, int backupRestoreMode, int userId) throws RemoteException { Parcel data = Parcel.obtain(); Parcel reply = Parcel.obtain(); data.writeInterfaceToken(IActivityManager.descriptor); - app.writeToParcel(data, 0); + data.writeString(packageName); data.writeInt(backupRestoreMode); + data.writeInt(userId); mRemote.transact(START_BACKUP_AGENT_TRANSACTION, data, reply, 0); reply.readException(); boolean success = reply.readInt() != 0; diff --git a/core/java/android/app/IActivityManager.java b/core/java/android/app/IActivityManager.java index ef121ce..5ed839e 100644 --- a/core/java/android/app/IActivityManager.java +++ b/core/java/android/app/IActivityManager.java @@ -182,7 +182,7 @@ public interface IActivityManager extends IInterface { public IBinder peekService(Intent service, String resolvedType, String callingPackage) throws RemoteException; - public boolean bindBackupAgent(ApplicationInfo appInfo, int backupRestoreMode) + public boolean bindBackupAgent(String packageName, int backupRestoreMode, int userId) throws RemoteException; public void clearPendingBackup() throws RemoteException; public void backupAgentCreated(String packageName, IBinder agent) throws RemoteException; |