diff options
| author | James O'Leary <jamesoleary@google.com> | 2021-10-05 12:59:26 -0400 |
|---|---|---|
| committer | James O'Leary <jamesoleary@google.com> | 2021-10-05 17:07:56 +0000 |
| commit | 5451c68cf02d4f3fa9ff169fcc1916930d60eb2b (patch) | |
| tree | a1ba30f16bfd06b0a6a0f758c04ce698031331fe /core/java/android/inputmethodservice/InputMethodService.java | |
| parent | 1d3b8a30a41eeee451bc1992ca4334984ea4437c (diff) | |
WallpaperManagerService - avoid leaking whether a package is installed
An app can detect if an another app is installed, without holding the
appropriate permission, due to a difference in control flow. Catching
exceptions avoids a difference in control flow, and specifically
mitigates the bug report: a SecurityException thrown several steps
down the call chain is no longer thrown or logged.
The vulnerability took advantage of a difference in control flow
in WallpaperManagerService - if the calling app doesn't have the
READ_WALLPAPER_INTERNAL permission, WallpaperManagerService then checks
if the app has the READ_EXTERNAL_STORAGE/OP_READ_EXTERNAL_STORAGE
permission. If the app doesn't, a SecurityException is thrown several
levels down the call stack. The malicious app can check the text of that
exception, recognize it is a SecurityException, and recognize that the
exception text only occurs if there is no installed package name
with that package name.
Bug: 194105703
Test: Install test APK from Security. Verify it detects Gmail is
installed (com.google.android.gm). Apply patch. Verify it can no longer
detect Gmail is installed.
Change-Id: I4556f6cf367ec8b5a03d04d436dc0b7f93694d3a
Diffstat (limited to 'core/java/android/inputmethodservice/InputMethodService.java')
0 files changed, 0 insertions, 0 deletions