Merge "Validate userId when publishing shortcuts" into rvc-dev am: 72aee14094 am: fedf1c8c14 am: 4934f58cc8 am: 782e7bc3e2 am: 4a0b42a72c am: 63fe378e16 Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/24182288 Change-Id: I3ca2b49f8cac1fac3f0c4d1da93bf49e1e81b3d4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 2828a742bce64a92630c7a007f7ec8be080a890f [log] [tgz]
author: Pinyao Ting <pinyaoting@google.com> Mon Oct 02 22:39:09 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Oct 02 22:39:09 2023 +0000
tree: 4852623c77d47902343c471ff4ba7dc924ff8a6c
parent: 3307ef05ee62444a994e2aa28b36866b73cbeac8 [diff]
parent: 63fe378e1609b1cad2949e39f7dc738f57fee158 [diff]
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 937f0d9..63a6328 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java

@@ -1729,6 +1729,10 @@
             android.util.EventLog.writeEvent(0x534e4554, "109824443", -1, "");
             throw new SecurityException("Shortcut package name mismatch");
         }
+        final int callingUid = injectBinderCallingUid();
+        if (UserHandle.getUserId(callingUid) != si.getUserId()) {
+            throw new SecurityException("User-ID in shortcut doesn't match the caller");
+        }
     }
 
     private void verifyShortcutInfoPackages(
commit	2828a742bce64a92630c7a007f7ec8be080a890f	[log] [tgz]
author	Pinyao Ting <pinyaoting@google.com>	Mon Oct 02 22:39:09 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Oct 02 22:39:09 2023 +0000
tree	4852623c77d47902343c471ff4ba7dc924ff8a6c
parent	3307ef05ee62444a994e2aa28b36866b73cbeac8 [diff]
parent	63fe378e1609b1cad2949e39f7dc738f57fee158 [diff]