commit a04c7a7c6442b8c6f87f5dd11fc5659cdb92decc
author Jeff Sharkey <jsharkey@android.com> Fri Mar 18 12:20:36 2016 -0600
committer Jeff Sharkey <jsharkey@android.com> Fri Mar 18 12:20:39 2016 -0600
tree 5039b2f994821a82b73ac03d21a37116d57111c1
parent 885b742bb66660947d8335e9a4f5a4eef2e45ff9

Mark more Bundles as being defusable.

They're destined for the system, so they're okay to look inside.

Bug: 27726127
Change-Id: Ic85c308a8efe6f9b8652952717c72b3c663d328a

core/java/android/content/ContentProvider.java

diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java
index 1c3f45c..bc2d788 100644
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -394,6 +394,7 @@
         @Override
         public Bundle call(
                 String callingPkg, String method, @Nullable String arg, @Nullable Bundle extras) {
+            Bundle.setDefusable(extras, true);
             final String original = setCallingPackage(callingPkg);
             try {
                 return ContentProvider.this.call(method, arg, extras);
@@ -412,6 +413,7 @@
         @Override
         public AssetFileDescriptor openTypedAssetFile(String callingPkg, Uri uri, String mimeType,
                 Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException {
+            Bundle.setDefusable(opts, true);
             validateIncomingUri(uri);
             uri = getUriWithoutUserId(uri);
             enforceFilePermission(callingPkg, uri, "r", null);