ASB-A-318497672

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-318497672.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-318497672
Aliases
  • A-318497672
  • CVE-2024-31326
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:30:07.143050Z
Summary
[U] [Coexistence] [Regression] Fix certain policies not being migrated properly on policy engine migration
Details

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other

14-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/470c1eabca9f341e163a38a2327615e8fa3126ae",
        "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other

14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1630.0,
                "function_hash": "941022955090147328617971135909179441"
            },
            "id": "ASB-A-318497672-0c673431",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
                "function": "writeInner"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 593.0,
                "function_hash": "302457281645800546569209868106266580084"
            },
            "id": "ASB-A-318497672-181e38b2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "migratePoliciesToDevicePolicyEngine"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2044.0,
                "function_hash": "274388886422873482377926766904248692632"
            },
            "id": "ASB-A-318497672-226a16e7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
                "function": "readInner"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 949.0,
                "function_hash": "337955550426776696120192532837262119825"
            },
            "id": "ASB-A-318497672-29413889",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "migrateScreenCapturePolicyLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 266.0,
                "function_hash": "120706833936606757114808406047948092498"
            },
            "id": "ASB-A-318497672-34f7580c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "triggerDevicePolicyEngineMigration"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 247.0,
                "function_hash": "46704564127751426655116032120886291201"
            },
            "id": "ASB-A-318497672-40b9349b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "migratePoliciesPostUpgradeToDevicePolicyEngineLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 476.0,
                "function_hash": "116841737777930290662226125949727638361"
            },
            "id": "ASB-A-318497672-4a1cb5a2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "systemReady"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 901.0,
                "function_hash": "84186293594805191071000863849945523866"
            },
            "id": "ASB-A-318497672-565034b7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
                "function": "setBackwardCompatibleUserRestriction"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153588125183344527029659955600401235599",
                    "314421979308298915767712301697322892982",
                    "332481353864046304853309661740527949578",
                    "23659876419306554628179686522737251945",
                    "49815070887135304574256045370402252526",
                    "5752165342168614949813639055325622958",
                    "89936995750045119611999969406285607791",
                    "112948567500860286891248937248445440151",
                    "329087416334997937591169790422660424286",
                    "83882034580862187874598518993795926425",
                    "209122525558987665381422482584962478637",
                    "179835102533879863257283899425080393477",
                    "312533106523090103228947450126741554543",
                    "270725991022197284664827335340857666136",
                    "98405777471760371730465372378614534588",
                    "87039131989343026630417963576485805794",
                    "24211896328908772415530476677668961817",
                    "159567087418440786194464685001022865370",
                    "172901608034740654360735312400005192194",
                    "181063440757589573557854208076031911856",
                    "134361493354078268788667468624427064451",
                    "74623802972889298020257291913521208962",
                    "229728156687503102580696584155405970163",
                    "178307671998169340562657972604530707442",
                    "290612966454005197292496435799010986546",
                    "71311735278296823958535072845501881445",
                    "65251705684510299454749634853030932618",
                    "145172117273194427075783897234993794015",
                    "222243568567061119056117465201422928885",
                    "278563461188179253981920360721536567459",
                    "187464518540547686419579178352074268052",
                    "49310482068298898092470386084419010150",
                    "161669351487487503028623631855307572549"
                ]
            },
            "id": "ASB-A-318497672-5809d3d0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90199854906249541083708861741888569402",
                    "271759697865731046844078506501178494425",
                    "247240428940576947290752410153305847925"
                ]
            },
            "id": "ASB-A-318497672-7cc02fd3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/Owners.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "50699759590227761783815922960665465061",
                    "71073223685601930878124177551041160144",
                    "124112749914602327105690195329445536803",
                    "174074013925349525148049990868866965252",
                    "142477545901143670830700784327351583747",
                    "275707431970236846117352027454107920873",
                    "113208399291404589571724379396368472250",
                    "250406124488338237781553613054247334879",
                    "84304403071380449668640318571051553826",
                    "255109626617302659990368063925920639496",
                    "52532764251426443105485079093636943105",
                    "65493729999490975915788905988812558635",
                    "116346789254857830899333464679556792624",
                    "189074888190909733039643637737147530273",
                    "15598106601146800897536586816883841125",
                    "125442281906485219756672105533539315591",
                    "12384118064849644697200118606686041144",
                    "157778894341868446419813769681320813677",
                    "201628909126243165621774428819656617297",
                    "217971561308029675694889531142985351794",
                    "200179134562603550355792653684030956970",
                    "103521245193409829349936911577712319128",
                    "263468838454507771129484567223650526442",
                    "178039204388984617910670629715230388897",
                    "295747577431459138783214723720080232905",
                    "46586927259348287448215477604619069123",
                    "315746589325900581318993504810409920229",
                    "85911361021838849427153047908860830623",
                    "38738072481728445368352428008389677464",
                    "138265914951383547045658420452169404283",
                    "304096654412745923872600209637805337416",
                    "76901675059906925014231087703536115874"
                ]
            },
            "id": "ASB-A-318497672-98d8b331",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288705447172926954021515709648398181742",
                    "80758562862756248821251646045382977599",
                    "119596498911745720182207544856721700203",
                    "260780052023465177957778270536777186804",
                    "152062440606049321185883825388179347548",
                    "235006009379857325702518349208775135864",
                    "324300492033503771272757492227108611829",
                    "53789487844998066806761666380756357637",
                    "166170550422294906358242709973951933661",
                    "236120844029322885250617870495907689448",
                    "172194234382733676358822842005413139702",
                    "287729996107601370131550422716443884435",
                    "34581504997475248457077109168411333215",
                    "75698102600900706989092434601224419676"
                ]
            },
            "id": "ASB-A-318497672-ea1d4e8d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
        "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}