Merge "Address SessionCommitReceiver vulnerability by validating intent." into ub-launcher3-qt-future-dev

am: 992cfbf63d Change-Id: Id80274e147008bd00aeb581d637fcd82938c034f
2026-03-04 09:56:49 +00:00 · 2019-11-08 13:59:11 -08:00
parent f59803e708 992cfbf63d
commit 238343a65b
1 changed files with 6 additions and 1 deletions
--- a/src/com/android/launcher3/SessionCommitReceiver.java
+++ b/src/com/android/launcher3/SessionCommitReceiver.java
@@ -71,8 +71,13 @@ public class SessionCommitReceiver extends BroadcastReceiver {

        SessionInfo info = intent.getParcelableExtra(PackageInstaller.EXTRA_SESSION);
        UserHandle user = intent.getParcelableExtra(Intent.EXTRA_USER);
-        PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
+        if (!PackageInstaller.ACTION_SESSION_COMMITTED.equals(intent.getAction())
+                || info == null || user == null) {
+            // Invalid intent.
+            return;
+        }

+        PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
        if (TextUtils.isEmpty(info.getAppPackageName())
                || info.getInstallReason() != PackageManager.INSTALL_REASON_USER
                || packageInstallerCompat.promiseIconAddedForId(info.getSessionId())) {