Skip to content
Commit e74cae8f authored by Charles He's avatar Charles He
Browse files

Fix security hole in GateKeeperResponse.

GateKeeperResponse has inconsistent writeToParcel() and
createFromParcel() methods, making it possible for a malicious app to
create a Bundle that changes contents after reserialization. Such
Bundles can be used to execute Intents with system privileges.

This CL changes writeToParcel() to make serialization and
deserialization consistent, thus fixing the issue.

Bug: 62998805
Test: use the debug app (see bug)
Change-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09
parent 111a2c79
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment