diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2018-02-27 14:38:04 -0700 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@google.com> | 2018-02-28 23:06:04 +0000 |
| commit | b0613dceb0db9d75edc19f104af4cd198745d991 (patch) | |
| tree | 40d06795612dbd57c457e739a56b7b81c861774b /core/java/android | |
| parent | d0f517b9df46926d803c7d9963c70791b2af1c01 (diff) | |
Force loading of safe labels in system_server.
It's too easy for code to accidentally use loadLabel() when building
strings for security sensitive contexts, so add ability for a process
to always force loading of safe strings.
Test: builds, boots
Bug: 73657770
Change-Id: I1c7645bd7bebed0cfb6bc3e5bfd36c8cb11d4838
Diffstat (limited to 'core/java/android')
| -rw-r--r-- | core/java/android/content/pm/PackageItemInfo.java | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/core/java/android/content/pm/PackageItemInfo.java b/core/java/android/content/pm/PackageItemInfo.java index 2c0c6ad0723e..53ffd55d5510 100644 --- a/core/java/android/content/pm/PackageItemInfo.java +++ b/core/java/android/content/pm/PackageItemInfo.java @@ -43,6 +43,14 @@ import java.util.Comparator; */ public class PackageItemInfo { private static final float MAX_LABEL_SIZE_PX = 500f; + + private static volatile boolean sForceSafeLabels = false; + + /** {@hide} */ + public static void setForceSafeLabels(boolean forceSafeLabels) { + sForceSafeLabels = forceSafeLabels; + } + /** * Public name of this item. From the "android:name" attribute. */ @@ -128,7 +136,16 @@ public class PackageItemInfo { * @return Returns a CharSequence containing the item's label. If the * item does not have a label, its name is returned. */ - public CharSequence loadLabel(PackageManager pm) { + public @NonNull CharSequence loadLabel(@NonNull PackageManager pm) { + if (sForceSafeLabels) { + return loadSafeLabel(pm); + } else { + return loadUnsafeLabel(pm); + } + } + + /** {@hide} */ + public CharSequence loadUnsafeLabel(PackageManager pm) { if (nonLocalizedLabel != null) { return nonLocalizedLabel; } @@ -163,7 +180,7 @@ public class PackageItemInfo { @SystemApi public @NonNull CharSequence loadSafeLabel(@NonNull PackageManager pm) { // loadLabel() always returns non-null - String label = loadLabel(pm).toString(); + String label = loadUnsafeLabel(pm).toString(); // strip HTML tags to avoid <br> and other tags overwriting original message String labelStr = Html.fromHtml(label).toString(); |