Skip to content
Commit 14d8d682 authored by Youngha Park's avatar Youngha Park
Browse files

Check intent action in OMS.PackageReceiver for secure coding 



NullPointerException occurs when OMS receives an intent with null action.
In constructor of OverlayManagerService, OMS.PackageReceiver is registered
with data scheme "package".
If a malicious app send broadcast intent only with data scheme "package",
NPE occurs because OMS.PackageReceiver does not check
whether intent.getAction() is null or not.
So add a logic to ignore intent with null action for secure coding.

Test: send broadcast without action like below.
 Intent intent = new Intent();
 Uri uri = Uri.parse("package:com.test");
 intent.setData(uri);
 intent.addFlags(0x01000000);
 sendBroadcast(intent);

Change-Id: I654f54a8a685de2ab985b87f53ad07c4e27db09d
Signed-off-by: default avatarYoungha Park <yh007.park@samsung.com>
parent 35ba945c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment