Android CTS 7.0 Release 13 (4305468)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWa83MgAKCRDorT+BmrEO
eNKWAJ9DLxz3Pwypmn0jT937JTKn6tYe1gCeNsmpa0WsZaQlD2fKhtqHT2idmQg=
=l1+M
-----END PGP SIGNATURE-----
Limit account id and id to longs

The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).

Tested/verified error is logged using the reported attack.

BUG=30745403

Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
1 file changed