diff options
author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-06-26 11:48:13 +0100 |
---|---|---|
committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-06-26 12:34:23 +0100 |
commit | 496764cae89759be0374bf5ed8bd05deb41b72ff (patch) | |
tree | cd5118fcf97dc3626fa6d169dc5b16c2832e9466 /services | |
parent | b14d53644cb4269adf4d0e344af5e7af3cd51974 (diff) | |
download | frameworks_base-496764cae89759be0374bf5ed8bd05deb41b72ff.zip frameworks_base-496764cae89759be0374bf5ed8bd05deb41b72ff.tar.gz frameworks_base-496764cae89759be0374bf5ed8bd05deb41b72ff.tar.bz2 |
AssetRedirectionManager: Accept redirections only for whitelisted resource types
Change-Id: Idf1ea739a81719b6a196f0114c9fc3b7c7ff428c
Diffstat (limited to 'services')
-rw-r--r-- | services/java/com/android/server/AssetRedirectionManagerService.java | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/services/java/com/android/server/AssetRedirectionManagerService.java b/services/java/com/android/server/AssetRedirectionManagerService.java index 3a62de0..ebe5a0f 100644 --- a/services/java/com/android/server/AssetRedirectionManagerService.java +++ b/services/java/com/android/server/AssetRedirectionManagerService.java @@ -375,14 +375,37 @@ public class AssetRedirectionManagerService extends IAssetRedirectionManager.Stu } } + /* Limit themeability to well-known visual resource types. Strings, booleans, integers, + and other resource types are very likely to be internal to applications or the system, + and should not be overridden */ + + private boolean checkAllowedResType(String name) { + String allowedResourceTypes[] = { "color", "dimen", "drawable", "mipmap", "style" }; + + for (String resType : allowedResourceTypes) { + if (name.startsWith(resType)) { + return true; + } + } + return false; + } + private void processItemTag() throws XmlPullParserException, IOException { XmlPullParser parser = mParser; String fromName = parser.getAttributeValue(null, "name"); + if (TextUtils.isEmpty(fromName)) { Log.w(TAG, "Missing android:name attribute on <item> tag at " + getResourceLabel() + " " + parser.getPositionDescription()); return; } + + if (!checkAllowedResType(fromName)) { + Log.w(TAG, "Attempting to redirect unauthorized resource " + fromName + " at " + getResourceLabel() + " " + + parser.getPositionDescription()); + return; + } + String toName = parser.nextText(); if (TextUtils.isEmpty(toName)) { Log.w(TAG, "Missing <item> text at " + getResourceLabel() + " " + |