Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1565f0aa authored by Tom Chan's avatar Tom Chan
Browse files

Verify PFD received from app process openFile is read-only 

Bug: 331395522
Test: atest CtsWearableSensingServiceTestCases. It includes tests for
reading files.

Change-Id: I837b8baebd319b80e7598fa229f362f7caa376f0
parent beaca7ff

services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java

+27 −3
Original line number Diff line number Diff line
@@ -513,9 +513,33 @@ final class WearableSensingManagerPerUserService extends 
                    String filename,

                    AndroidFuture<ParcelFileDescriptor> futureFromWearableSensingService)

                    throws RemoteException {

                // TODO(b/331395522): Intercept the PFD received from the app process and verify it

                // is read-only

                callbackFromAppProcess.openFile(filename, futureFromWearableSensingService);

                AndroidFuture<ParcelFileDescriptor> futureFromSystemServer =

                        new AndroidFuture<ParcelFileDescriptor>()

                                .whenComplete(

                                        (pfdFromApp, throwable) -> {

                                            if (throwable != null) {

                                                Slog.e(

                                                        TAG,

                                                        "Error when reading file " + filename,

                                                        throwable);

                                                futureFromWearableSensingService.complete(null);

                                                return;

                                            }

                                            if (isReadOnly(pfdFromApp)) {

                                                futureFromWearableSensingService.complete(

                                                        pfdFromApp);

                                            } else {

                                                Slog.w(

                                                        TAG,

                                                        "Received writable ParcelFileDescriptor"

                                                            + " from app process. To prevent"

                                                            + " arbitrary data egress, sending null"

                                                            + " to WearableSensingService"

                                                            + " instead.");

                                                futureFromWearableSensingService.complete(null);

                                            }

                                        });

                callbackFromAppProcess.openFile(filename, futureFromSystemServer);

            }

        };

    }