Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android / packages / apps / Settings / 263592e3dd2cba5769bdede8cc11244de94f4fd9
commit263592e3dd2cba5769bdede8cc11244de94f4fd9[log] [tgz]
authorArc Wang <arcwang@google.com>Thu Jan 06 10:58:58 2022 +0800
committerArc Wang <arcwang@google.com>Tue Apr 26 18:15:17 2022 +0800
tree439b32a47f418aa254ed41ed7b5b0b93b66ed28b
parentfd7153ed39362bd0f1d1da71492e151c0e5cf36f [diff]
Prevent side channel package installation enumeration

From Android 11, apps need the permission QUERY_ALL_PACKAGES
to probe existence of arbitrary installed packages.

However, an Activity which declares android:scheme="package
in intent-filter may be vulnerable and attacker app can
use it to probe installed packages.

This change add permission QUERY_ALL_PACKAGES to protect
vulnerable Activity.

Bug: 185477439
Test: Install POC and check if it can probe installed packages
      by each vulnerable Activity.
Change-Id: I521545436102f72f2e0c5053e30fd03bd6bc756f
1 file changed
tree: 439b32a47f418aa254ed41ed7b5b0b93b66ed28b
  1. libs/
  2. protos/
  3. res/
  4. src/
  5. tests/
  6. .gitignore
  7. Android.bp
  8. AndroidManifest.xml
  9. CleanSpec.mk
  10. color-check-baseline.xml
  11. NOTICE
  12. OWNERS
  13. PREUPLOAD.cfg
  14. proguard.flags
  15. TEST_MAPPING
  16. wrap_alpha.py