| commit | aa9091916d007ecd387a20ebff99b2cfc5c13999 | [log] [tgz] |
|---|---|---|
| author | ykhung <ykhung@google.com> | Thu Sep 23 23:47:47 2021 +0800 |
| committer | YUKAI HUNG <ykhung@google.com> | Thu Sep 23 15:54:53 2021 +0000 |
| tree | 21f48bc7834da6485978025bc363d85fed4a2aba | |
| parent | 9de5fe158d1f5114c8e59ece8830c4d8d11c399b [diff] |
[Security] resolve CRLF attack on RequestIgnoreBatteryOptimizations 1. refer the proposed solution in the b/198783395 2. similar concept is applied in the https://source.corp.google.com/sc-dev/packages/modules/Permission/PermissionController/src/com/android/permissioncontroller/permission/model/legacy/PermissionGroups.java;l=118 Bug: 198783395 Test: make SettingsRoboTests Change-Id: I838825e31b98e62d2683995e59dbf4388f5684fc
diff --git a/src/com/android/settings/fuelgauge/RequestIgnoreBatteryOptimizations.java b/src/com/android/settings/fuelgauge/RequestIgnoreBatteryOptimizations.java index 7caad60..c6cdcf2 100644 --- a/src/com/android/settings/fuelgauge/RequestIgnoreBatteryOptimizations.java +++ b/src/com/android/settings/fuelgauge/RequestIgnoreBatteryOptimizations.java
@@ -19,6 +19,7 @@ import android.Manifest; import android.content.DialogInterface; import android.content.pm.ApplicationInfo; +import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.net.Uri; import android.os.Bundle; @@ -85,8 +86,11 @@ } final AlertController.AlertParams p = mAlertParams; + final CharSequence appLabel = ai.loadSafeLabel(getPackageManager(), + PackageItemInfo.DEFAULT_MAX_LABEL_SIZE_PX, PackageItemInfo.SAFE_LABEL_FLAG_TRIM + | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE); p.mTitle = getText(R.string.high_power_prompt_title); - p.mMessage = getString(R.string.high_power_prompt_body, ai.loadLabel(getPackageManager())); + p.mMessage = getString(R.string.high_power_prompt_body, appLabel); p.mPositiveButtonText = getText(R.string.allow); p.mNegativeButtonText = getText(R.string.deny); p.mPositiveButtonListener = this;