Fix security hole in GateKeeperResponse am: 5d2176df69 Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/17343385 Change-Id: I25eac3659a0c3b0d7c3bf3c53c7e3f503966031f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 8feea3a1866ef493b2517610bb16d0a7b4c96f83 [log] [tgz]
author: Ayush Sharma <ayushsha@google.com> Fri Mar 25 12:34:16 2022 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Fri Mar 25 12:34:16 2022 +0000
tree: 79bd2df14a389dc2b3df67c7760be142f8fe3f48
parent: 7a6a1427d7a1cf7ceddae77f063bcf53e55ba00b [diff]
parent: 5d2176df6923a8984e2b81d8eb4b728f01f1c760 [diff]
diff --git a/core/java/android/service/gatekeeper/GateKeeperResponse.java b/core/java/android/service/gatekeeper/GateKeeperResponse.java
index 7ed733c..9d648a6 100644
--- a/core/java/android/service/gatekeeper/GateKeeperResponse.java
+++ b/core/java/android/service/gatekeeper/GateKeeperResponse.java

@@ -105,7 +105,7 @@
             dest.writeInt(mTimeout);
         } else if (mResponseCode == RESPONSE_OK) {
             dest.writeInt(mShouldReEnroll ? 1 : 0);
-            if (mPayload != null) {
+            if (mPayload != null && mPayload.length > 0) {
                 dest.writeInt(mPayload.length);
                 dest.writeByteArray(mPayload);
             } else {
commit	8feea3a1866ef493b2517610bb16d0a7b4c96f83	[log] [tgz]
author	Ayush Sharma <ayushsha@google.com>	Fri Mar 25 12:34:16 2022 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Fri Mar 25 12:34:16 2022 +0000
tree	79bd2df14a389dc2b3df67c7760be142f8fe3f48
parent	7a6a1427d7a1cf7ceddae77f063bcf53e55ba00b [diff]
parent	5d2176df6923a8984e2b81d8eb4b728f01f1c760 [diff]