Skip to content
Commit 1d6bc4e1 authored by Riddle Hsu's avatar Riddle Hsu
Browse files

Restrict the getter of where the app launched from 

It may reveal the package name and user behavior. Though the methods
are hidden, the app can still bypass the guard of hidden api and
use reflection to invoke the methods.

Currently the methods are only used by system, Settings, Nfc, SystemUI,
CertInstaller and PackageInstaller. So by enforcing platform signature,
most of cases are protected. Except PackageInstaller can be signed with
different key, hence there is a special case to check it.

Bug: 191954233
Test: Use reflection to call the methods from an app without
      platform signature.
Change-Id: I69a1774e8db63baca4e0d05c238911208b4cd1e9
parent ed4eb3c1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment