CVE-2023-35682

)]}’ { "commit": "09f8b0e52e45a0b39bab457534ba2e5ae91ffad0", "tree": "dbd3cd11150c6a5ea77d78e2afe420a578af4d1b", "parents": [ “4d098abb45aa38004cc5057b6dc382a148b56f01” ], "author": { "name": "Pinyao Ting", "email": "[email protected]", "time": “Thu Jun 01 18:12:44 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:31:09 2023 +0000” }, "message": "Fix permission issue in legacy shortcut\n\nWhen building legacy shortcut, Launcher calls\nPackageManager#resolveActivity to retrieve necessary permission to\nlaunch the intent.\n\nHowever, when the source app wraps an arbitrary intent within\nIntent#createChooser, the existing logic will fail because launching\nChooser doesn\u0027t require additional permission.\n\nThis CL fixes the security vulnerability by performing the permission\ncheck against the intent that is wrapped within.\n\nBug: 270152142\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c53818a16b4322a823497726ac7e7a44501b4442)\nMerged-In: If35344c08975e35085c7c2b9b814a3c457a144b0\nChange-Id: If35344c08975e35085c7c2b9b814a3c457a144b0\n", "tree_diff": [ { "type": "modify", "old_id": "f42d30453b1727a5155f1bf5c56329e2c097b696", "old_mode": 33188, "old_path": "src/com/android/launcher3/util/PackageManagerHelper.java", "new_id": "557d57e2d2d7efb4b310fe1bd1b8db50f9e86a71", "new_mode": 33188, "new_path": “src/com/android/launcher3/util/PackageManagerHelper.java” } ] }