)]}'
{
  "commit": "cf628c4cda2c3b34407e63844e59ae6def03fa09",
  "tree": "b3e29a530d2ad7d93784b2a035d6634d86a5a953",
  "parents": [
    "e65f667f4421377fb842312c67f1f686caf8590e"
  ],
  "author": {
    "name": "Charles He",
    "email": "qiurui@google.com",
    "time": "Fri Jul 14 14:41:06 2017 +0100"
  },
  "committer": {
    "name": "android-build-team Robot",
    "email": "android-build-team-robot@google.com",
    "time": "Wed Sep 13 20:31:26 2017 +0000"
  },
  "message": "Fix security hole in GateKeeperResponse.\n\nGateKeeperResponse has inconsistent writeToParcel() and\ncreateFromParcel() methods, making it possible for a malicious app to\ncreate a Bundle that changes contents after reserialization. Such\nBundles can be used to execute Intents with system privileges.\n\nThis CL changes writeToParcel() to make serialization and\ndeserialization consistent, thus fixing the issue.\n\nBug: 62998805\nTest: use the debug app (see bug)\nChange-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09\n(cherry picked from commit e74cae8f7c3e6b12f2bf2b75427ee8f5b53eca3c)\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a512957d60407dc5d809101a9688da9e15c01005",
      "old_mode": 33188,
      "old_path": "core/java/android/service/gatekeeper/GateKeeperResponse.java",
      "new_id": "6ca6d8ac710097026b4d9af8dab2bd8e43819ce3",
      "new_mode": 33188,
      "new_path": "core/java/android/service/gatekeeper/GateKeeperResponse.java"
    }
  ]
}
