Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0b7fe812 authored by Evan Severson's avatar Evan Severson
Browse files

Check the proxied app for appop delegation 

Test: WtsWearServicesRemoteEventsTestCases
Bug: 336370313
Flag: EXEMPT bug fix
Change-Id: I99d77096670ad1cc5f43570b854229bdd2b5e9c5
parent 88f1c7e6

services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java

+27 −17
Original line number Diff line number Diff line
@@ -375,25 +375,35 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe 
                @Nullable String message, boolean shouldCollectMessage, boolean skiProxyOperation,

                @NonNull HexFunction<Integer, AttributionSource, Boolean, String, Boolean,

                        Boolean, SyncNotedAppOp> superImpl) {

            if (attributionSource.getUid() == mDelegateAndOwnerUid && isDelegateOp(code)) {

            if (!isDelegateOp(code)) {

                return superImpl.apply(code, attributionSource, shouldCollectAsyncNotedOp,

                        message, shouldCollectMessage, skiProxyOperation);

            }



            final int shellUid = UserHandle.getUid(

                    UserHandle.getUserId(attributionSource.getUid()), Process.SHELL_UID);

                final long identity = Binder.clearCallingIdentity();

                try {

                    return superImpl.apply(code,

                            new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG,

            AttributionSource next = attributionSource.getNext();

            if (next != null && next.getUid() == mDelegateAndOwnerUid) {

                next = new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG,

                        next.getAttributionTag(), next.getToken(), /*renouncedPermissions*/ null,

                        next.getDeviceId(), next.getNext());

                attributionSource = new AttributionSource(attributionSource, next);

            }

            if (attributionSource.getUid() == mDelegateAndOwnerUid) {

                attributionSource = new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG,

                        attributionSource.getAttributionTag(),

                        attributionSource.getToken(), /*renouncedPermissions*/ null,

                                    attributionSource.getDeviceId(), attributionSource.getNext()),

                        attributionSource.getDeviceId(), attributionSource.getNext());

            }

            final long identity = Binder.clearCallingIdentity();

            try {

                return superImpl.apply(code, attributionSource,

                        shouldCollectAsyncNotedOp, message, shouldCollectMessage,

                        skiProxyOperation);

            } finally {

                Binder.restoreCallingIdentity(identity);

            }

        }

            return superImpl.apply(code, attributionSource, shouldCollectAsyncNotedOp,

                    message, shouldCollectMessage, skiProxyOperation);

        }



        @Override

        public SyncNotedAppOp startOperation(@NonNull IBinder token, int code, int uid,