Mark more Bundles as being defusable.
They're destined for the system, so they're okay to look inside.
Bug: 27726127
Change-Id: Ic85c308a8efe6f9b8652952717c72b3c663d328a
diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java
index 1c3f45c..bc2d788 100644
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -394,6 +394,7 @@
@Override
public Bundle call(
String callingPkg, String method, @Nullable String arg, @Nullable Bundle extras) {
+ Bundle.setDefusable(extras, true);
final String original = setCallingPackage(callingPkg);
try {
return ContentProvider.this.call(method, arg, extras);
@@ -412,6 +413,7 @@
@Override
public AssetFileDescriptor openTypedAssetFile(String callingPkg, Uri uri, String mimeType,
Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException {
+ Bundle.setDefusable(opts, true);
validateIncomingUri(uri);
uri = getUriWithoutUserId(uri);
enforceFilePermission(callingPkg, uri, "r", null);