Loading apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java +20 −4 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ import android.annotation.IntDef; import android.annotation.NonNull; import android.content.Context; import android.content.pm.PackageManager; import android.os.Binder; import android.os.UserHandle; import android.util.ArraySet; import android.util.Base64; import android.util.DebugUtils; Loading Loading @@ -100,20 +102,21 @@ class BlobAccessMode { } boolean isAccessAllowedForCaller(Context context, @NonNull String callingPackage, @NonNull String committerPackage) { @NonNull String callingPackage, int callingUid, int committerUid) { if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) { return true; } final PackageManager pm = context.getPackageManager(); if ((mAccessType & ACCESS_TYPE_SAME_SIGNATURE) != 0) { if (pm.checkSignatures(committerPackage, callingPackage) == PackageManager.SIGNATURE_MATCH) { if (checkSignatures(context, callingUid, committerUid)) { return true; } } if ((mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) { final UserHandle callingUser = UserHandle.of(UserHandle.getUserId(callingUid)); final PackageManager pm = context.createContextAsUser(callingUser, 0 /* flags */).getPackageManager(); for (int i = 0; i < mAllowedPackages.size(); ++i) { final PackageIdentifier packageIdentifier = mAllowedPackages.valueAt(i); if (packageIdentifier.packageName.equals(callingPackage) Loading @@ -127,6 +130,19 @@ class BlobAccessMode { return false; } /** * Compare signatures for two packages of different users. */ private boolean checkSignatures(Context context, int uid1, int uid2) { final long token = Binder.clearCallingIdentity(); try { return context.getPackageManager().checkSignatures(uid1, uid2) == PackageManager.SIGNATURE_MATCH; } finally { Binder.restoreCallingIdentity(token); } } int getAccessType() { return mAccessType; } Loading apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java +2 −2 Original line number Diff line number Diff line Loading @@ -293,7 +293,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, callingPackage, committer.packageName)) { callingPackage, callingUid, committer.uid)) { return true; } } Loading @@ -316,7 +316,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, callingPackage, committer.packageName)) { callingPackage, callingUid, committer.uid)) { return true; } } Loading Loading
apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java +20 −4 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ import android.annotation.IntDef; import android.annotation.NonNull; import android.content.Context; import android.content.pm.PackageManager; import android.os.Binder; import android.os.UserHandle; import android.util.ArraySet; import android.util.Base64; import android.util.DebugUtils; Loading Loading @@ -100,20 +102,21 @@ class BlobAccessMode { } boolean isAccessAllowedForCaller(Context context, @NonNull String callingPackage, @NonNull String committerPackage) { @NonNull String callingPackage, int callingUid, int committerUid) { if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) { return true; } final PackageManager pm = context.getPackageManager(); if ((mAccessType & ACCESS_TYPE_SAME_SIGNATURE) != 0) { if (pm.checkSignatures(committerPackage, callingPackage) == PackageManager.SIGNATURE_MATCH) { if (checkSignatures(context, callingUid, committerUid)) { return true; } } if ((mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) { final UserHandle callingUser = UserHandle.of(UserHandle.getUserId(callingUid)); final PackageManager pm = context.createContextAsUser(callingUser, 0 /* flags */).getPackageManager(); for (int i = 0; i < mAllowedPackages.size(); ++i) { final PackageIdentifier packageIdentifier = mAllowedPackages.valueAt(i); if (packageIdentifier.packageName.equals(callingPackage) Loading @@ -127,6 +130,19 @@ class BlobAccessMode { return false; } /** * Compare signatures for two packages of different users. */ private boolean checkSignatures(Context context, int uid1, int uid2) { final long token = Binder.clearCallingIdentity(); try { return context.getPackageManager().checkSignatures(uid1, uid2) == PackageManager.SIGNATURE_MATCH; } finally { Binder.restoreCallingIdentity(token); } } int getAccessType() { return mAccessType; } Loading
apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java +2 −2 Original line number Diff line number Diff line Loading @@ -293,7 +293,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, callingPackage, committer.packageName)) { callingPackage, callingUid, committer.uid)) { return true; } } Loading @@ -316,7 +316,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, callingPackage, committer.packageName)) { callingPackage, callingUid, committer.uid)) { return true; } } Loading
