git.osdn.net Git - android-x86/frameworks-base.git/commit

(root) / android-x86 / frameworks-base.git / commit

author	Carlos Valdivia <carlosvaldivia@google.com>
	Sun, 8 May 2016 04:46:15 +0000 (21:46 -0700)
committer	Carlos Valdivia <carlosvaldivia@google.com>
	Sun, 8 May 2016 04:46:15 +0000 (21:46 -0700)
commit	06329e5fb214ce6c2179b7fc7740c0fba41f084a
tree	94dfcf4983106c10ce8d50dcf3065d854878caed	tree \| snapshot
parent	dce92891df42d5ad8cdcb6ecade5b2801a14f090	commit \| diff

[Security] Prevent malicious notifications from AMS.

There was a hole in the getAuthToken logic that allowed notifications
resulting from getAuthToken requests using notifyOnAuthFailure=true to
launch arbitrary activites on the device. This is because the
getAuthToken session overrode onResult (unlike addAccount, updateCreds,
or confirmCreds).

Bug: 13787929
Change-Id: Ife1d48835f48416c2f0690f1413a076b69215190

services/core/java/com/android/server/accounts/AccountManagerService.java

diff | blob | history

frameworks/base

RSS Atom

About OSDN

Find Software

Develop Software

Help