Google Git
Sign in
android / platform / frameworks / base / a4a8fca641b0671a8c1d2bb3857dc5fc40d01704
commita4a8fca641b0671a8c1d2bb3857dc5fc40d01704[log] [tgz]
authorVishnu Nair <vishnun@google.com>Tue Sep 17 10:00:39 2024 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Dec 11 17:43:47 2024 -0800
tree8b41c74e4fbb4f5f8a07869f49c45a0ba437ef3f
parent7946586c33503bc383403faec48ffcea39e365ac [diff]
Validate originating process for transferTouchGesture API

Addresses a security vulnerability where a malicious process could
potentially steal an active touch gesture from its host or embedded
process. The fix ensures that the requested is the owner of the
InputTransferToken. This adds an additional verification on top of
the existing  association checks between the transferFrom and
transferTo processes.

Flag: EXEMPT security fix
Bug: 364037868
Test: presubmit
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4089c359361d8703bab3be0ab0a29723db76b356)
Merged-In: I2654ccab807a62a341c8af69bf64bb33e56c4252
Change-Id: I2654ccab807a62a341c8af69bf64bb33e56c4252
2 files changed
tree: 8b41c74e4fbb4f5f8a07869f49c45a0ba437ef3f
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-junit/
  39. test-legacy/
  40. test-mock/
  41. test-runner/
  42. tests/
  43. tools/
  44. wifi/
  45. .clang-format
  46. .gitignore
  47. .mailmap
  48. AconfigFlags.bp
  49. ADPF_OWNERS
  50. Android.bp
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. lint-baseline.xml
  60. LSE_APP_COMPAT_OWNERS
  61. MEMORY_OWNERS
  62. METADATA
  63. MODULE_LICENSE_APACHE2
  64. MULTIUSER_OWNERS
  65. NOTICE
  66. OWNERS
  67. OWNERS.md
  68. PACKAGE_MANAGER_OWNERS
  69. pathmap.mk
  70. PERFORMANCE_OWNERS
  71. PREUPLOAD.cfg
  72. ProtoLibraries.bp
  73. Ravenwood.bp
  74. SECURITY_STATE_OWNERS
  75. SQLITE_OWNERS
  76. TEST_MAPPING
  77. TestProtoLibraries.bp
  78. THERMAL_OWNERS
  79. TRACE_OWNERS
  80. WEAR_OWNERS
  81. ZYGOTE_OWNERS