Loading Android.mk +4 −0 Original line number Diff line number Diff line Loading @@ -286,6 +286,10 @@ LOCAL_SRC_FILES += \ packages/services/Proxy/com/android/net/IProxyCallback.aidl \ packages/services/Proxy/com/android/net/IProxyPortListener.aidl \ LOCAL_SRC_FILES += \ security-bridge/src/com/android/services/SecurityBridge/api/PackageManagerMonitor.java \ security-bridge/src/com/android/services/SecurityBridge/api/ClipboardManagerMonitor.java # FRAMEWORKS_BASE_JAVA_SRC_DIRS comes from build/core/pathmap.mk LOCAL_AIDL_INCLUDES += $(FRAMEWORKS_BASE_JAVA_SRC_DIRS) Loading security-bridge/src/com/android/services/SecurityBridge/api/ClipboardManagerMonitor.java 0 → 100644 +60 −0 Original line number Diff line number Diff line /* * Copyright (c) 2013, Linux Foundation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of The Linux Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package com.android.services.SecurityBridge.api; import android.content.ClipData; /** * This class defines an interface to a clipboard manager security bridge */ public class ClipboardManagerMonitor { /** * This method handles request approval for the clipboard paste event * @param appID Paste appliaction UID * @param clipData The clip data structure * @return true if it is allowed to continue pasting. otherwise - false. * @hide */ public boolean approvePasteRequest(int appID, final ClipData clipData) { return true; } /** * This method handles notification for the clipboard copy event * @param appID Copy appliaction UID * @param clipData The clip data structure * @return none * @hide */ public void notifyCopy(int appID, final ClipData clipData) { } } security-bridge/src/com/android/services/SecurityBridge/api/PackageManagerMonitor.java 0 → 100644 +47 −0 Original line number Diff line number Diff line /* * Copyright (c) 2013, Linux Foundation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of The Linux Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package com.android.services.SecurityBridge.api; /** * This class defines an interface to a package manager security bridge. */ public class PackageManagerMonitor { /** * This method handles approval requests for APK installations * @param apkFilePath Package APK file path * @param originalAPKFilePath Original package APK file path * @return true if it is allowed to continue with the installation. otherwise - false. * @hide */ public boolean approveAppInstallRequest(String apkFilePath, String originalAPKFilePath) { return true; } } services/java/com/android/server/AlarmManagerService.java +10 −16 Original line number Diff line number Diff line Loading @@ -439,8 +439,10 @@ class AlarmManagerService extends IAlarmManager.Stub { final Pair<String, ComponentName> mTarget; final BroadcastStats mBroadcastStats; final FilterStats mFilterStats; final int mUid; InFlight(AlarmManagerService service, PendingIntent pendingIntent, WorkSource workSource) { InFlight(AlarmManagerService service, PendingIntent pendingIntent, WorkSource workSource, int uid) { mPendingIntent = pendingIntent; mWorkSource = workSource; Intent intent = pendingIntent.getIntent(); Loading @@ -454,6 +456,7 @@ class AlarmManagerService extends IAlarmManager.Stub { mBroadcastStats.filterStats.put(mTarget, fs); } mFilterStats = fs; mUid = uid; } } Loading Loading @@ -1350,7 +1353,7 @@ class AlarmManagerService extends IAlarmManager.Stub { mWakeLock.acquire(); } final InFlight inflight = new InFlight(AlarmManagerService.this, alarm.operation, alarm.workSource); alarm.operation, alarm.workSource, alarm.uid); mInFlight.add(inflight); mBroadcastRefCount++; mTriggeredUids.add(new Integer(alarm.uid)); Loading Loading @@ -1604,9 +1607,11 @@ class AlarmManagerService extends IAlarmManager.Stub { public void onSendFinished(PendingIntent pi, Intent intent, int resultCode, String resultData, Bundle resultExtras) { synchronized (mLock) { int uid = 0; InFlight inflight = null; for (int i=0; i<mInFlight.size(); i++) { if (mInFlight.get(i).mPendingIntent == pi) { uid = mInFlight.get(i).mUid; inflight = mInFlight.remove(i); break; } Loading @@ -1628,18 +1633,7 @@ class AlarmManagerService extends IAlarmManager.Stub { } else { mLog.w("No in-flight alarm for " + pi + " " + intent); } String pkg = null; int uid = 0; try { pkg = pi.getTargetPackage(); final PackageManager pm = mContext.getPackageManager(); ApplicationInfo appInfo = pm.getApplicationInfo(pkg, PackageManager.GET_META_DATA); uid = appInfo.uid; mTriggeredUids.remove(new Integer(uid)); } catch (PackageManager.NameNotFoundException ex) { Slog.w(TAG, "onSendFinished NameNotFoundException Pkg = " + pkg); } if(mBlockedUids.contains(new Integer(uid))) { mBlockedUids.remove(new Integer(uid)); } else { Loading services/java/com/android/server/ClipboardService.java +34 −2 Original line number Diff line number Diff line Loading @@ -46,6 +46,8 @@ import android.util.SparseArray; import java.util.HashSet; import com.android.services.SecurityBridge.api.ClipboardManagerMonitor; /** * Implementation of the clipboard for copy and paste. */ Loading @@ -59,6 +61,9 @@ public class ClipboardService extends IClipboard.Stub { private final AppOpsManager mAppOps; private final IBinder mPermissionOwner; private static final String SECURITY_BRIDGE_NAME = "com.android.services.SecurityBridge.core.ClipboardManagerSB"; private ClipboardManagerMonitor mSecurityBridge; private class ListenerInfo { final int mUid; final String mPackageName; Loading Loading @@ -114,6 +119,22 @@ public class ClipboardService extends IClipboard.Stub { } } }, userFilter); Object bridgeObject; try { /* * load and create the security bridge */ bridgeObject = getClass().getClassLoader().loadClass(SECURITY_BRIDGE_NAME).newInstance(); mSecurityBridge = (ClipboardManagerMonitor)bridgeObject; } catch (Exception e){ Slog.w(TAG, "No security bridge jar found, using default"); mSecurityBridge = new ClipboardManagerMonitor(); } } @Override Loading Loading @@ -165,6 +186,7 @@ public class ClipboardService extends IClipboard.Stub { clearActiveOwnersLocked(); PerUserClipboard clipboard = getClipboard(); clipboard.primaryClip = clip; mSecurityBridge.notifyCopy(Binder.getCallingUid(), clip); final long ident = Binder.clearCallingIdentity(); final int n = clipboard.primaryClipListeners.beginBroadcast(); try { Loading Loading @@ -196,7 +218,13 @@ public class ClipboardService extends IClipboard.Stub { return null; } addActiveOwnerLocked(Binder.getCallingUid(), pkg); return getClipboard().primaryClip; ClipData clip = getClipboard().primaryClip; if(clip != null) { if (true != mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), clip)) { clip = null; } } return clip; } } Loading @@ -217,7 +245,11 @@ public class ClipboardService extends IClipboard.Stub { callingPackage) != AppOpsManager.MODE_ALLOWED) { return false; } return getClipboard().primaryClip != null; boolean hasClip = false; if(getClipboard().primaryClip != null) { hasClip = mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), getClipboard().primaryClip); } return hasClip; } } Loading Loading
Android.mk +4 −0 Original line number Diff line number Diff line Loading @@ -286,6 +286,10 @@ LOCAL_SRC_FILES += \ packages/services/Proxy/com/android/net/IProxyCallback.aidl \ packages/services/Proxy/com/android/net/IProxyPortListener.aidl \ LOCAL_SRC_FILES += \ security-bridge/src/com/android/services/SecurityBridge/api/PackageManagerMonitor.java \ security-bridge/src/com/android/services/SecurityBridge/api/ClipboardManagerMonitor.java # FRAMEWORKS_BASE_JAVA_SRC_DIRS comes from build/core/pathmap.mk LOCAL_AIDL_INCLUDES += $(FRAMEWORKS_BASE_JAVA_SRC_DIRS) Loading
security-bridge/src/com/android/services/SecurityBridge/api/ClipboardManagerMonitor.java 0 → 100644 +60 −0 Original line number Diff line number Diff line /* * Copyright (c) 2013, Linux Foundation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of The Linux Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package com.android.services.SecurityBridge.api; import android.content.ClipData; /** * This class defines an interface to a clipboard manager security bridge */ public class ClipboardManagerMonitor { /** * This method handles request approval for the clipboard paste event * @param appID Paste appliaction UID * @param clipData The clip data structure * @return true if it is allowed to continue pasting. otherwise - false. * @hide */ public boolean approvePasteRequest(int appID, final ClipData clipData) { return true; } /** * This method handles notification for the clipboard copy event * @param appID Copy appliaction UID * @param clipData The clip data structure * @return none * @hide */ public void notifyCopy(int appID, final ClipData clipData) { } }
security-bridge/src/com/android/services/SecurityBridge/api/PackageManagerMonitor.java 0 → 100644 +47 −0 Original line number Diff line number Diff line /* * Copyright (c) 2013, Linux Foundation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of The Linux Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package com.android.services.SecurityBridge.api; /** * This class defines an interface to a package manager security bridge. */ public class PackageManagerMonitor { /** * This method handles approval requests for APK installations * @param apkFilePath Package APK file path * @param originalAPKFilePath Original package APK file path * @return true if it is allowed to continue with the installation. otherwise - false. * @hide */ public boolean approveAppInstallRequest(String apkFilePath, String originalAPKFilePath) { return true; } }
services/java/com/android/server/AlarmManagerService.java +10 −16 Original line number Diff line number Diff line Loading @@ -439,8 +439,10 @@ class AlarmManagerService extends IAlarmManager.Stub { final Pair<String, ComponentName> mTarget; final BroadcastStats mBroadcastStats; final FilterStats mFilterStats; final int mUid; InFlight(AlarmManagerService service, PendingIntent pendingIntent, WorkSource workSource) { InFlight(AlarmManagerService service, PendingIntent pendingIntent, WorkSource workSource, int uid) { mPendingIntent = pendingIntent; mWorkSource = workSource; Intent intent = pendingIntent.getIntent(); Loading @@ -454,6 +456,7 @@ class AlarmManagerService extends IAlarmManager.Stub { mBroadcastStats.filterStats.put(mTarget, fs); } mFilterStats = fs; mUid = uid; } } Loading Loading @@ -1350,7 +1353,7 @@ class AlarmManagerService extends IAlarmManager.Stub { mWakeLock.acquire(); } final InFlight inflight = new InFlight(AlarmManagerService.this, alarm.operation, alarm.workSource); alarm.operation, alarm.workSource, alarm.uid); mInFlight.add(inflight); mBroadcastRefCount++; mTriggeredUids.add(new Integer(alarm.uid)); Loading Loading @@ -1604,9 +1607,11 @@ class AlarmManagerService extends IAlarmManager.Stub { public void onSendFinished(PendingIntent pi, Intent intent, int resultCode, String resultData, Bundle resultExtras) { synchronized (mLock) { int uid = 0; InFlight inflight = null; for (int i=0; i<mInFlight.size(); i++) { if (mInFlight.get(i).mPendingIntent == pi) { uid = mInFlight.get(i).mUid; inflight = mInFlight.remove(i); break; } Loading @@ -1628,18 +1633,7 @@ class AlarmManagerService extends IAlarmManager.Stub { } else { mLog.w("No in-flight alarm for " + pi + " " + intent); } String pkg = null; int uid = 0; try { pkg = pi.getTargetPackage(); final PackageManager pm = mContext.getPackageManager(); ApplicationInfo appInfo = pm.getApplicationInfo(pkg, PackageManager.GET_META_DATA); uid = appInfo.uid; mTriggeredUids.remove(new Integer(uid)); } catch (PackageManager.NameNotFoundException ex) { Slog.w(TAG, "onSendFinished NameNotFoundException Pkg = " + pkg); } if(mBlockedUids.contains(new Integer(uid))) { mBlockedUids.remove(new Integer(uid)); } else { Loading
services/java/com/android/server/ClipboardService.java +34 −2 Original line number Diff line number Diff line Loading @@ -46,6 +46,8 @@ import android.util.SparseArray; import java.util.HashSet; import com.android.services.SecurityBridge.api.ClipboardManagerMonitor; /** * Implementation of the clipboard for copy and paste. */ Loading @@ -59,6 +61,9 @@ public class ClipboardService extends IClipboard.Stub { private final AppOpsManager mAppOps; private final IBinder mPermissionOwner; private static final String SECURITY_BRIDGE_NAME = "com.android.services.SecurityBridge.core.ClipboardManagerSB"; private ClipboardManagerMonitor mSecurityBridge; private class ListenerInfo { final int mUid; final String mPackageName; Loading Loading @@ -114,6 +119,22 @@ public class ClipboardService extends IClipboard.Stub { } } }, userFilter); Object bridgeObject; try { /* * load and create the security bridge */ bridgeObject = getClass().getClassLoader().loadClass(SECURITY_BRIDGE_NAME).newInstance(); mSecurityBridge = (ClipboardManagerMonitor)bridgeObject; } catch (Exception e){ Slog.w(TAG, "No security bridge jar found, using default"); mSecurityBridge = new ClipboardManagerMonitor(); } } @Override Loading Loading @@ -165,6 +186,7 @@ public class ClipboardService extends IClipboard.Stub { clearActiveOwnersLocked(); PerUserClipboard clipboard = getClipboard(); clipboard.primaryClip = clip; mSecurityBridge.notifyCopy(Binder.getCallingUid(), clip); final long ident = Binder.clearCallingIdentity(); final int n = clipboard.primaryClipListeners.beginBroadcast(); try { Loading Loading @@ -196,7 +218,13 @@ public class ClipboardService extends IClipboard.Stub { return null; } addActiveOwnerLocked(Binder.getCallingUid(), pkg); return getClipboard().primaryClip; ClipData clip = getClipboard().primaryClip; if(clip != null) { if (true != mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), clip)) { clip = null; } } return clip; } } Loading @@ -217,7 +245,11 @@ public class ClipboardService extends IClipboard.Stub { callingPackage) != AppOpsManager.MODE_ALLOWED) { return false; } return getClipboard().primaryClip != null; boolean hasClip = false; if(getClipboard().primaryClip != null) { hasClip = mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), getClipboard().primaryClip); } return hasClip; } } Loading
