Address SessionCommitReceiver vulnerability by validating intent. Bug: 144081762 Change-Id: I28699d26abefc716e57c281c15699f15003229b2

commit: 7e04887e5945c193bd5abf92ec6092b3a2295a04 [log] [tgz]
author: Jon Miranda <jonmiranda@google.com> Fri Nov 08 13:02:52 2019 -0800
committer: Jon Miranda <jonmiranda@google.com> Fri Nov 08 13:02:52 2019 -0800
tree: 77707efe3acae116c429caf7982aece6c8ae6813
parent: f788bbb0c43dfecdf46d0dda2f74c1131bd549ff [diff]
diff --git a/src/com/android/launcher3/SessionCommitReceiver.java b/src/com/android/launcher3/SessionCommitReceiver.java
index 6853bf6..a87c446 100644
--- a/src/com/android/launcher3/SessionCommitReceiver.java
+++ b/src/com/android/launcher3/SessionCommitReceiver.java

@@ -71,8 +71,13 @@
 
         SessionInfo info = intent.getParcelableExtra(PackageInstaller.EXTRA_SESSION);
         UserHandle user = intent.getParcelableExtra(Intent.EXTRA_USER);
-        PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
+        if (!PackageInstaller.ACTION_SESSION_COMMITTED.equals(intent.getAction())
+                || info == null || user == null) {
+            // Invalid intent.
+            return;
+        }
 
+        PackageInstallerCompat packageInstallerCompat = PackageInstallerCompat.getInstance(context);
         if (TextUtils.isEmpty(info.getAppPackageName())
                 || info.getInstallReason() != PackageManager.INSTALL_REASON_USER
                 || packageInstallerCompat.promiseIconAddedForId(info.getSessionId())) {
commit	7e04887e5945c193bd5abf92ec6092b3a2295a04	[log] [tgz]
author	Jon Miranda <jonmiranda@google.com>	Fri Nov 08 13:02:52 2019 -0800
committer	Jon Miranda <jonmiranda@google.com>	Fri Nov 08 13:02:52 2019 -0800
tree	77707efe3acae116c429caf7982aece6c8ae6813
parent	f788bbb0c43dfecdf46d0dda2f74c1131bd549ff [diff]