In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "303397910970066705896491300944181946482", "107077137157228741257530891295972398390", "255519706190375472030313648668539826357", "189132526608684497251116704625378001065", "281492569866441411632087628868213069251", "294820583194145437124690788142919088377", "156663210949067441502865218309804169029", "53179007912776764888647941729736017216", "200731722973408927217065866298300453506", "302152118199208000225373328115342342576", "30738369206559785790232722560622590233", "51015779955444135986342672355561960235", "98746580527231370175012943851094704963", "161511247687839254016800474012408059856", "296709997152946268295237337224672578530", "326638621028445559715170000516814952830", "272036735068376858103351293106501102177", "245417023728754938206837584092589112954", "333452105562182564437815523145894130694", "164782816622370270512480559658814585331", "195281663912556875979062488503937872127", "218128015004106724921233984986615229464", "51739894621726243908042174272835789979", "120889771494974528208766248083828502586", "129664160014023199976294285405804827373", "186662240011936204860880093132730583956", "76658740795350931991858143714776811768", "300087360388233962037417386027070455263", "37624612028320611871128132129089115222", "74937696441474105036399087037581923048", "51571010833889619433296549463567737992", "313711559079278452221147010102641314583", "103280463448448907621613706343906574061", "88608294677670291364421457773357202929", "293840213456862632469158131553547558402", "121564410619072817147228023091023237914" ] }, "id": "ASB-A-303871379-08d66c85", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "115773042374397725304054136865838307720", "43016498966660277235977443447744648400", "300858253448028045561033847365583665767", "161013414089286661090945709035473165407", "313186801087517929987222617281508692037", "221294796177690677149985420788888161539", "251592861531084697856671027394619778721", "305776141530431493684491295942136334852", "111048422099117603262734946830536935433", "297098700792149737523976802317347369628", "257315901175972132872290986055947977858", "209568428495451751262955975890599809213", "85394869002054256644937347747261106324", "5705443573018726295169318340970875110", "291352356509444640429537529900338080972" ] }, "id": "ASB-A-303871379-11c43bc8", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java" }, "signature_type": "Line" }, { "digest": { "length": 418.0, "function_hash": "114894399810740158583994061373834807549" }, "id": "ASB-A-303871379-11cdf29a", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java", "function": "getExtraDataReadRequests" }, "signature_type": "Function" }, { "digest": { "length": 4000.0, "function_hash": "30724966431946414589281216019393003224" }, "id": "ASB-A-303871379-195275a2", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java", "function": "readRecords" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "307607149100168818667515056801092756172", "239466008602587192012674704577849084739", "245607463741466935590695696572161162666", "254624107689754141862009810848411608136", "192817275534771030063274524070420943454", "336425509797542122420574727241735153700", "251694526878090107601285900634626848525", "18711381487436966386608229602984500334", "108509882596538886408848950389286844566", "148065690112658882141098821116934810399", "213122466022310564199251675800567937229", "251285000472269530802403331456969571645", "298568479426656644954053383038354866968", "83331934757146308473251065867058240087", "307677713301336964578669165266061567854", "38794395735819664722480248813227951313", "145394457726406417558424942368140586319", "61703870535056326136588237900867942991", "185407886430890193971359182928727458741", "4010821281863657499048334857443271515", "154330324999705213193693513973179947968", "35192062047302338584823327038497294730", "195316288831050560786172945036340881620", "43783905364404553803632750918508912660", "221237909218743271600722051664461021631", "18908953371903311735053000597217457195", "205776496907725795965535780692936532567", "263564158920384822925409691874439321999", "293233436011099509766860485539146291279", "218866428073236990774446973102680060606", "292545821377025716769705874806276700318", "131400259806753851958877759995334827118", "38634938285517710856421064475413379098", "336037305330910713069739705303735934256", "312251918841610012539820506614233138776", "282562684190912147301273755786029494478", "310489386291213959059819318860429557165", "131507795254000364886554575551653944106", "170144050462488967232490380044869922287", "243777524924001702719701594121654908477", "293709024606437967596678612613012782555", "328401038647635588621330362426562890597", "50103496386179712801431527511428037709", "58668015756155034569747034584444257500", "89905772886014332803626048520676240455", "301542558951637891334112236661693042633" ] }, "id": "ASB-A-303871379-44a77ebf", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "216622662008624389962562292455637054130", "144778414150245928660397262736564329566", "171871336850382938845512613681543935068", "310021049344923917852325132257722639648", "339512495903744524946367240936352667878", "179056564528285989694529957854448118587", "2103457581055546526476563375661324742", "108381999467508526470239385215239152788", "138033502511064400626725096753448118863", "37616110184084569528383645762994566275", "128570348222707372793397728255858383852", "197713465465816649153767596273200854182" ] }, "id": "ASB-A-303871379-44f5a964", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java" }, "signature_type": "Line" }, { "digest": { "length": 84.0, "function_hash": "55633498020479226693549024660886861785" }, "id": "ASB-A-303871379-681a27de", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java", "function": "getExtraDataReadRequests" }, "signature_type": "Function" }, { "digest": { "length": 261.0, "function_hash": "337090286334532094340003832202207077518" }, "id": "ASB-A-303871379-7b1f4caa", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java", "function": "ReadTransactionRequest" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "261876655572792055439130468996427437546", "106316643915755070678036351210257199689", "310478092011952943974622318786772371447", "150515948390854663390735514227214331550", "1261959798154896799739157349889800840", "192302277006309213272428280231167767684", "118352675439420908179836113844069935404", "155574099057581777376375761880853214655", "262611421518017625777898048370521415544", "324757256370290393879044897175907728281", "125587918527931544319580394460777908207", "175622377035366603556280343907468752107", "5676363857152462776625497270812035919", "207001789881660192535548033859928366989", "97423803509302047447906702040068173080", "144662091405191411777675945707086210000", "145248841579842207162450437731590209460", "291663246367929952061257884701255182701" ] }, "id": "ASB-A-303871379-88a25489", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java" }, "signature_type": "Line" }, { "digest": { "length": 1423.0, "function_hash": "192082415569888399400429002379035541035" }, "id": "ASB-A-303871379-8c9d329f", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java", "function": "toRecordInternal" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "322188533109300798593035108578781427989", "184634760747528273037251352924883106736", "62736856872061594056577457859154850083", "276433295572456466352745530416083614061", "324927055495563417452509288760058125323", "123560786500136795943866234408335508067", "93673601881214388693794286016314388151", "198368942389786071498763663014109128005" ] }, "id": "ASB-A-303871379-91b93dc2", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259742347465424858126965088649354661860", "313266793520816806867257727916338231289", "268840683687182057963682973263291100849", "93293804719988993413710598863699053469", "25955792841505998722623901527931126204", "197666473082436148547415428975927509288", "287907490831514730198769102742589993468", "225196001945180873421820788087647353008", "332776173753097792482620338452469736627", "222050889440854103523105990470239617772", "214269547419768092065050533525333794311", "113691281198056472403596186317624347818", "288338715146222141858383255153567465175", "245487779860001990815662883849719877662", "232029641380625607053338605942043153956", "16075427917053553277337186943676460466", "56557055817164003506349462305101908869", "175638435936127782502837518608719023139", "119449760395101584813169881232682527259", "250091004087946940666921344834319187294" ] }, "id": "ASB-A-303871379-9cd7637b", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java" }, "signature_type": "Line" }, { "digest": { "length": 376.0, "function_hash": "221406360895427184968068582716976961864" }, "id": "ASB-A-303871379-a0a297a6", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java", "function": "collectExtraReadPermissionToStateMapping" }, "signature_type": "Function" }, { "digest": { "length": 310.0, "function_hash": "252235924817649576655277788320679109785" }, "id": "ASB-A-303871379-b4c214df", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java", "function": "getReadTableRequest" }, "signature_type": "Function" }, { "digest": { "length": 2968.0, "function_hash": "5274421010706655786379510375869700528" }, "id": "ASB-A-303871379-e26384f7", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java", "function": "getChangeLogs" }, "signature_type": "Function" }, { "digest": { "length": 649.0, "function_hash": "327873478835764122202614632785821446158" }, "id": "ASB-A-303871379-e89a4d7f", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java", "function": "getExerciseSessionRecord" }, "signature_type": "Function" }, { "digest": { "length": 162.0, "function_hash": "91484500998150746351485296960406168484" }, "id": "ASB-A-303871379-ebf2a3c1", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java", "function": "getAppInfoId" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "92309067385354652491191766760604571544", "19309330688837905158963014011079654842", "251298821583317060630118167118361425015" ] }, "id": "ASB-A-303871379-f2082de7", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java" }, "signature_type": "Line" }, { "digest": { "length": 294.0, "function_hash": "150877185014473022801309137023511300991" }, "id": "ASB-A-303871379-fe28baac", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java", "function": "getExtraDataReadRequests" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3" ], "spl": "2024-03-01", "severity": "High", "types": [ "ID" ] }