Google Git
Sign in
android / platform / packages / modules / AppSearch / e272ad00529243f766c6ebd4e976549bd4fff4fb
commite272ad00529243f766c6ebd4e976549bd4fff4fb[log] [tgz]
authorTony Mak <tonymak@google.com>Thu Mar 27 14:59:44 2025 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Wed Apr 09 21:42:59 2025 -0700
tree71f7e4ecede5f7edca51e75021c3e877c13f9016
parent5776d8d321cc3525886ff4b507eb7b448b865951 [diff]
Throw in AppSearchManager.executeAppFunction

There is a security issue reported in this code path.
This API was never supposed to be launched and guarded behind a flag.
However, an attacker can still invoke the hidden API and exploit
the bug. Throwing an exception for that case.

In main, we already removed the code, but need to fix this in Android 15
and so this change.


Bug: 392614489
Test: Presubmit
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b1d2fcc8b39be70b99e783ee90428d4958231bc9)
Merged-In: Ia5bf6a6133aac5f83c5ec062ccd25662bd29a8b0
Change-Id: Ia5bf6a6133aac5f83c5ec062ccd25662bd29a8b0
1 file changed
tree: 71f7e4ecede5f7edca51e75021c3e877c13f9016
  1. apk/
  2. flags/
  3. framework/
  4. safeparcel-processor/
  5. service/
  6. testing/
  7. .gitignore
  8. Android.bp
  9. apex_manifest.json
  10. com.android.appsearch.avbpubkey
  11. com.android.appsearch.pem
  12. com.android.appsearch.pk8
  13. com.android.appsearch.x509.pem
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. synced_jetpack_sha.txt
  18. TEST_MAPPING