Skip to content
Commit 5c72cd48 authored by Tim Yu's avatar Tim Yu
Browse files

[DO NOT MERGE] Verify URI Permissions in Autofill RemoteViews

Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.

This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.

Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
Test: atest CtsAutoFillServiceTestCases (added new tests)
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
parent d013fed9
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment