In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1", "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89", "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-217c27d0", "source": "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-3443ebf8", "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-ea2fd65d", "source": "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "fixes": [ "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1", "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89", "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-1e92855e", "source": "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-5f20fe37", "source": "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-f0b72546", "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "fixes": [ "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1", "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89", "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-1e421d4f", "source": "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-56eeb89b", "source": "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-89c32a17", "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "fixes": [ "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1", "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89", "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-1433fec6", "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-bedcce21", "source": "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "26708729099211957372007850238875196453", "298307091307253877753515377986473208398", "303296711729030685135651464016046123052" ] }, "id": "ASB-A-129476618-c6c55255", "source": "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766", "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b", "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b" ], "spl": "2020-07-01", "severity": "High", "types": [ "EoP" ] }