In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13-next" ], "digest": { "length": 652.0, "function_hash": "262177455744649713965041940107689486103" }, "id": "ASB-A-217981062-05f08dcf", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "onPackageInactiveLocked" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "236372106392534550075247906089023957386", "307247114792838062714439681874703201226", "256515224769792466904130624532881460893", "204430130395585172189181335797633636023", "305101942680744393990779820323387302500" ] }, "id": "ASB-A-217981062-176d6e2b", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/permission/PermissionManager.java" }, "signature_type": "Line" }, { "digest": { "length": 1088.0, "function_hash": "300193093006589020031572499346344960847" }, "id": "ASB-A-217981062-2b6fa4f3", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "onImportanceChanged" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "329010514890073230910635612165487968737", "188308762197123203580373194055122361914", "46570511062259192817873692276073630803", "315996790781852268175444203737713396776", "215026514835020104964338117058768706931", "186190212679313701681360984908886291114", "249075278512829168754042795387518813750", "152348210449657701163535036774322631078", "301850467042262512060567681851835014545", "57971878308889911443932513913268109098", "88235540550696939515167325506671932971", "202370850073863279558839009764982924364", "22902947355259126671009709076059961889", "10692428277984463690879292689649573572", "40304317654985263445363140909905276411", "271467930262864899002698847958780464444", "325397289639554791790211850476606417120", "73701241284383550845001967465851500086", "206445242595375333826832230502231254488", "248600828976062004453058268500734822927", "148351976810249850511660987098064881586", "98334475026697115045083866088752932493", "124265686300912970004798785638996242533", "5344082695028313010885193627008999225", "277191462211910187297411298314442502391", "293000891466247350198945818671076496616", "302055504992043946375377676195033178636", "65284449544141391812436491227955920654", "126602258118316711148053432688874292656", "35036165735131350815390767196816797950", "212424483620261597236769943604998701674", "192703313803006376949419251540882074888", "129169499080237835975589664009887729471", "252846737014030306442313629128522525185", "145830619589082068904121981405102669098", "54358825009186917940983597509166484368", "268681247155928390093626537288726938579", "291796249953377707390872263658154425647", "320858437723614410188401530778133963549", "198842759972837721717791684113426691481", "194179101713998309154064863112735758233", "297453298737788327025622204294637775836", "216532191857375517675543532839676374272", "247598240571679535837105672224907039663", "32241951762857898333154754760199306770", "154456723431162682041466795394611762829", "322851898410107059787248756404400463357", "45511965373481967323935400690990054353", "52164637552837339216640965289222111101", "304914480049946901280376733035032607440", "74895119355155344474619530436782695643", "329838494062425261259438398695512661865", "269076006621504917002834967887202971224", "281764555970111739502462893228471242158", "338950975244036035774044095857499625308", "206577512977903946755007363154149046683", "146522233030979618249713002507642318136", "318045091597976171149274855887499029443", "64339660847244280809898768529676476666", "26726611426104544370491295876855842254", "45555633119213340624607855870608143925", "77329604228860253329418210139549159518", "239606889232418341572311935773184533945", "276707213312298550985116591748982602345", "10865387116926167926663826328862254932", "246713967252407739183195036326275564782", "214984096274320851478461007095665051204", "204511798177720576454382664920343072108", "104254053062557499301171067178813554583", "140390054390159588329281730778035254985", "147121907857989245803295178627476598840", "106015462930005282694791649572702012562", "131734149031025755001590467822514387785", "231816903898589216770276231261098108132", "192411772982855138271810504300148763660", "60337351243315150647731741774268626303", "261658873656264149423779473006180328755", "317142494633199943679234774693318752221", "44779937291636070210385885229131676484", "321172882453018582863875854997444010956", "322464303656666224728587772151905424500", "107240683262931888870179943582987499412", "190499521555805250633759227531776537492", "58277021399387983201670748804762095323", "3839470524806906559908081482377588055", "156865681122239762065010540461270609777", "119212879331563884474009557303460987010", "113137301501910297828450190082579353423", "98110300569873460697480439530156145640", "127849921242871809827160227995187266871", "101213244401953543721749062141336202083", "138483933371525194991283784691799409978", "260415563395082902266585055032111753058", "183879052699686626780393252487770681296", "52738735710591633773712166701780409516", "140418760552872065126829049095027125372", "200241783490875758791718429149513678615", "184646852503101410873456037863226559121", "60690103063766423067869910908718647845", "132019303283888379624631723235438277644", "207873941489607853758683333883802100537", "120060734149056401956926632396934392448", "279633090711957444266921832592886181294", "119610505280419227567879163646216608226", "65118063578986062696975633879319154688", "102211528207245762317808501166677502107", "62113831576036604543563899588966688055", "117682547505303445397855015648062118899", "106929566966948305516261912491167161493", "159469704603099773043579432831678644615", "198524409334162053811849846233063441836", "54679929357101466759588894715630071533", "82253560241911189410298000581066876261", "180919715534144287152305519111798610614", "84514814046224771223755023999124127934", "310428405229709418066922145667043843766", "220045130293589159713735904599062094204", "28000278480231016223585031169322418945", "30658615955463828724832103150862564212", "160875778581616166054204240224962877730", "60793015025112992885070953339097605954", "300499829305641290429628445483963019670", "171959621315994275712540967527803186441", "103279147476907789524697300493585701655", "289479021114218218721428013451328139596", "178205343324109629767301139392451531448", "215175334324846740826050310081399724232", "133034801781552444510241830387587873909", "230453346869096178429272582523937612595", "281817920229829290537427707692587625468", "318384989774962710804336725029894054602", "26626808744802253761152096305724556613", "112546662800851905248702942933383678339", "27903232270200638631512977677408489045", "121012789752193501917467417692038991040", "187917680699332387175964749721942790456", "24024197233050808870784769459969019074", "143982240264289573646438778931505458921", "296028705346286339178236287320000921270", "267275392312860124902467163160987260451", "23609821288709251608869508737388403347", "148712208241547478035047623638145650517", "17772244463922945703190295294457655185", "24302365316337153956170201921591995907", "318905069631341661881506423153282223217", "3577310800015734397035018230439763707", "187608992955503622395691850467033248110", "225486957493069070302780410695417950230", "333476334674693478839784415245985738115", "189663046483341203288188405525488883051", "252864441418806175828463009121533678122", "125855566545014844910030659147253455945", "181890230128644151397756873163100421172", "189037776112333219611882223755760202926", "295324206418322973320313594162777926014", "307462722225997990106683900586176796673", "256555592020352718501505381219848839093", "339179121530039882230950800265848879486", "316344779593975353098240716241117132701" ] }, "id": "ASB-A-217981062-6c2c7e54", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java" }, "signature_type": "Line" }, { "digest": { "length": 663.0, "function_hash": "306211592687635283489049427055240847955" }, "id": "ASB-A-217981062-881b286f", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "cancel" }, "signature_type": "Function" }, { "digest": { "length": 580.0, "function_hash": "27568147029650874809591408909253111262" }, "id": "ASB-A-217981062-947b43c5", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "startPackageOneTimeSession" }, "signature_type": "Function" }, { "digest": { "length": 884.0, "function_hash": "120155399254451098084048922442093491709" }, "id": "ASB-A-217981062-b2be5cd8", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "updateSessionParameters" }, "signature_type": "Function" }, { "digest": { "length": 411.0, "function_hash": "338026197976468735685794796646642827872" }, "id": "ASB-A-217981062-bc5ba0f9", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/permission/PermissionManager.java", "function": "startOneTimePermissionSession" }, "signature_type": "Function" }, { "digest": { "length": 516.0, "function_hash": "323936479588282750550212086572808523737" }, "id": "ASB-A-217981062-bfefc4d7", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function": "startOneTimePermissionSession" }, "signature_type": "Function" }, { "digest": { "length": 293.0, "function_hash": "67831269125196222971576101487289028259" }, "id": "ASB-A-217981062-c105338c", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "OneTimePermissionUserManager" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "124984188650801904087611237979594912791", "62128213443046698427853644906579516690", "113128249603620197046670341459521483398", "60624604761342446319278911192895542772", "228518967230375904134676524735152958974", "109203765283192268947736026891942587803", "299660551185585204425693747755296390979", "330395822921161203850037283909143752640", "83798788614576465769311163329752439569", "65911189483895334602449375487107015828" ] }, "id": "ASB-A-217981062-ce3a77b0", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1162.0, "function_hash": "225112567366864870552946259801205578458" }, "id": "ASB-A-217981062-ed61d123", "source": "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "PackageInactivityListener" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/618641451d724572597024cd5ced7e46fc801c2c" ], "spl": "2023-07-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 516.0, "function_hash": "323936479588282750550212086572808523737" }, "id": "ASB-A-217981062-27f78a96", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function": "startOneTimePermissionSession" }, "signature_type": "Function" }, { "match_only_versions": [ "13" ], "digest": { "length": 268.0, "function_hash": "136428920916616970539006691207759698715" }, "id": "ASB-A-217981062-47241f82", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "OneTimePermissionUserManager" }, "signature_type": "Function" }, { "digest": { "length": 1162.0, "function_hash": "225112567366864870552946259801205578458" }, "id": "ASB-A-217981062-4d341228", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "PackageInactivityListener" }, "signature_type": "Function" }, { "digest": { "length": 411.0, "function_hash": "338026197976468735685794796646642827872" }, "id": "ASB-A-217981062-5570312d", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/permission/PermissionManager.java", "function": "startOneTimePermissionSession" }, "signature_type": "Function" }, { "digest": { "length": 884.0, "function_hash": "120155399254451098084048922442093491709" }, "id": "ASB-A-217981062-6548ad6a", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "updateSessionParameters" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "236372106392534550075247906089023957386", "307247114792838062714439681874703201226", "256515224769792466904130624532881460893", "204430130395585172189181335797633636023", "305101942680744393990779820323387302500" ] }, "id": "ASB-A-217981062-8bb075d8", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/permission/PermissionManager.java" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "length": 652.0, "function_hash": "262177455744649713965041940107689486103" }, "id": "ASB-A-217981062-aa010cc5", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "onPackageInactiveLocked" }, "signature_type": "Function" }, { "digest": { "length": 580.0, "function_hash": "27568147029650874809591408909253111262" }, "id": "ASB-A-217981062-b6bff370", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "startPackageOneTimeSession" }, "signature_type": "Function" }, { "digest": { "length": 663.0, "function_hash": "306211592687635283489049427055240847955" }, "id": "ASB-A-217981062-b79461eb", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "cancel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "124984188650801904087611237979594912791", "62128213443046698427853644906579516690", "113128249603620197046670341459521483398", "60624604761342446319278911192895542772", "228518967230375904134676524735152958974", "109203765283192268947736026891942587803", "299660551185585204425693747755296390979", "330395822921161203850037283909143752640", "83798788614576465769311163329752439569", "65911189483895334602449375487107015828" ] }, "id": "ASB-A-217981062-cca91ef0", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1088.0, "function_hash": "300193093006589020031572499346344960847" }, "id": "ASB-A-217981062-dee2ad11", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "function": "onImportanceChanged" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "329010514890073230910635612165487968737", "188308762197123203580373194055122361914", "46570511062259192817873692276073630803", "315996790781852268175444203737713396776", "215026514835020104964338117058768706931", "186190212679313701681360984908886291114", "249075278512829168754042795387518813750", "152348210449657701163535036774322631078", "301850467042262512060567681851835014545", "57971878308889911443932513913268109098", "88235540550696939515167325506671932971", "202370850073863279558839009764982924364", "22902947355259126671009709076059961889", "10692428277984463690879292689649573572", "40304317654985263445363140909905276411", "271467930262864899002698847958780464444", "325397289639554791790211850476606417120", "334153031854272855565459250092441182825", "117034793421465911049959398133762780702", "122694673489643667753895426295931655109", "203954959242402352508607623501840457948", "124265686300912970004798785638996242533", "5344082695028313010885193627008999225", "277191462211910187297411298314442502391", "293000891466247350198945818671076496616", "302055504992043946375377676195033178636", "65284449544141391812436491227955920654", "126602258118316711148053432688874292656", "35036165735131350815390767196816797950", "212424483620261597236769943604998701674", "192703313803006376949419251540882074888", "129169499080237835975589664009887729471", "252846737014030306442313629128522525185", "145830619589082068904121981405102669098", "54358825009186917940983597509166484368", "268681247155928390093626537288726938579", "291796249953377707390872263658154425647", "320858437723614410188401530778133963549", "198842759972837721717791684113426691481", "194179101713998309154064863112735758233", "297453298737788327025622204294637775836", "216532191857375517675543532839676374272", "247598240571679535837105672224907039663", "32241951762857898333154754760199306770", "154456723431162682041466795394611762829", "322851898410107059787248756404400463357", "45511965373481967323935400690990054353", "52164637552837339216640965289222111101", "304914480049946901280376733035032607440", "74895119355155344474619530436782695643", "329838494062425261259438398695512661865", "269076006621504917002834967887202971224", "281764555970111739502462893228471242158", "338950975244036035774044095857499625308", "206577512977903946755007363154149046683", "146522233030979618249713002507642318136", "318045091597976171149274855887499029443", "64339660847244280809898768529676476666", "26726611426104544370491295876855842254", "45555633119213340624607855870608143925", "77329604228860253329418210139549159518", "239606889232418341572311935773184533945", "276707213312298550985116591748982602345", "10865387116926167926663826328862254932", "246713967252407739183195036326275564782", "214984096274320851478461007095665051204", "204511798177720576454382664920343072108", "104254053062557499301171067178813554583", "140390054390159588329281730778035254985", "147121907857989245803295178627476598840", "106015462930005282694791649572702012562", "131734149031025755001590467822514387785", "231816903898589216770276231261098108132", "192411772982855138271810504300148763660", "60337351243315150647731741774268626303", "261658873656264149423779473006180328755", "317142494633199943679234774693318752221", "44779937291636070210385885229131676484", "321172882453018582863875854997444010956", "322464303656666224728587772151905424500", "107240683262931888870179943582987499412", "190499521555805250633759227531776537492", "58277021399387983201670748804762095323", "3839470524806906559908081482377588055", "156865681122239762065010540461270609777", "119212879331563884474009557303460987010", "113137301501910297828450190082579353423", "98110300569873460697480439530156145640", "127849921242871809827160227995187266871", "101213244401953543721749062141336202083", "138483933371525194991283784691799409978", "260415563395082902266585055032111753058", "183879052699686626780393252487770681296", "52738735710591633773712166701780409516", "140418760552872065126829049095027125372", "200241783490875758791718429149513678615", "184646852503101410873456037863226559121", "60690103063766423067869910908718647845", "132019303283888379624631723235438277644", "207873941489607853758683333883802100537", "120060734149056401956926632396934392448", "279633090711957444266921832592886181294", "119610505280419227567879163646216608226", "65118063578986062696975633879319154688", "102211528207245762317808501166677502107", "62113831576036604543563899588966688055", "117682547505303445397855015648062118899", "106929566966948305516261912491167161493", "159469704603099773043579432831678644615", "198524409334162053811849846233063441836", "54679929357101466759588894715630071533", "82253560241911189410298000581066876261", "180919715534144287152305519111798610614", "84514814046224771223755023999124127934", "310428405229709418066922145667043843766", "220045130293589159713735904599062094204", "28000278480231016223585031169322418945", "30658615955463828724832103150862564212", "160875778581616166054204240224962877730", "60793015025112992885070953339097605954", "300499829305641290429628445483963019670", "171959621315994275712540967527803186441", "103279147476907789524697300493585701655", "289479021114218218721428013451328139596", "178205343324109629767301139392451531448", "215175334324846740826050310081399724232", "133034801781552444510241830387587873909", "230453346869096178429272582523937612595", "281817920229829290537427707692587625468", "318384989774962710804336725029894054602", "26626808744802253761152096305724556613", "112546662800851905248702942933383678339", "27903232270200638631512977677408489045", "121012789752193501917467417692038991040", "187917680699332387175964749721942790456", "24024197233050808870784769459969019074", "143982240264289573646438778931505458921", "296028705346286339178236287320000921270", "267275392312860124902467163160987260451", "23609821288709251608869508737388403347", "148712208241547478035047623638145650517", "17772244463922945703190295294457655185", "24302365316337153956170201921591995907", "318905069631341661881506423153282223217", "3577310800015734397035018230439763707", "187608992955503622395691850467033248110", "225486957493069070302780410695417950230", "333476334674693478839784415245985738115", "189663046483341203288188405525488883051", "252864441418806175828463009121533678122", "125855566545014844910030659147253455945", "181890230128644151397756873163100421172", "189037776112333219611882223755760202926", "295324206418322973320313594162777926014", "307462722225997990106683900586176796673", "256555592020352718501505381219848839093", "339179121530039882230950800265848879486", "316344779593975353098240716241117132701" ] }, "id": "ASB-A-217981062-f04e77e5", "source": "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0be78fbbf7d92bf29858aa0c48b171045ab5057f" ], "spl": "2023-07-01", "severity": "High", "types": [ "ID" ] }