Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 290e5788 authored by Bryce Lee's avatar Bryce Lee
Browse files

Limit getRunningServices to calling uid's services. 

Previously all running services for the user were returned when calling
ActivityManager#getRunningServices. This changelist enforces restrictions
similar to getRunningTasks, where only the user services with a matching
uid will be returned.

Fixes: 34274345
Test: manual with sample app
Test: make -j32 cts; cts-tradefed; run cts --module CtsAppTestCases
      --test android.app.cts.ServiceTest#testRunningServices
Change-Id: I2a13328424d3741fec6076f45ba638bb754d19c5
parent 11bbd9e2

services/core/java/com/android/server/am/ActiveServices.java

+14 −10
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package com.android.server.am;



import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;

import static com.android.server.am.ActivityManagerDebugConfig.*;



import java.io.FileDescriptor;
@@ -1391,8 +1393,7 @@ public final class ActiveServices { 
        }

        if (r != null) {

            if (mAm.checkComponentPermission(r.permission,

                    callingPid, callingUid, r.appInfo.uid, r.exported)

                    != PackageManager.PERMISSION_GRANTED) {

                    callingPid, callingUid, r.appInfo.uid, r.exported) != PERMISSION_GRANTED) {

                if (!r.exported) {

                    Slog.w(TAG, "Permission Denial: Accessing service " + r.name

                            + " from pid=" + callingPid
@@ -2775,16 +2776,15 @@ public final class ActiveServices { 
        return info;

    }



    List<ActivityManager.RunningServiceInfo> getRunningServiceInfoLocked(int maxNum, int flags) {

    List<ActivityManager.RunningServiceInfo> getRunningServiceInfoLocked(int maxNum, int flags,

        int callingUid, boolean allowed) {

        ArrayList<ActivityManager.RunningServiceInfo> res

                = new ArrayList<ActivityManager.RunningServiceInfo>();



        final int uid = Binder.getCallingUid();

        final long ident = Binder.clearCallingIdentity();

        try {

            if (ActivityManager.checkUidPermission(

                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                    uid) == PackageManager.PERMISSION_GRANTED) {

            if (ActivityManager.checkUidPermission(INTERACT_ACROSS_USERS_FULL, callingUid)

                == PERMISSION_GRANTED) {

                int[] users = mAm.mUserController.getUsers();

                for (int ui=0; ui<users.length && res.size() < maxNum; ui++) {

                    ArrayMap<ComponentName, ServiceRecord> alls = getServicesLocked(users[ui]);
@@ -2802,16 +2802,20 @@ public final class ActiveServices { 
                    res.add(info);

                }

            } else {

                int userId = UserHandle.getUserId(uid);

                int userId = UserHandle.getUserId(callingUid);

                ArrayMap<ComponentName, ServiceRecord> alls = getServicesLocked(userId);

                for (int i=0; i<alls.size() && res.size() < maxNum; i++) {

                    ServiceRecord sr = alls.valueAt(i);



                    if (allowed || (sr.app != null && sr.app.uid == callingUid)) {

                        res.add(makeRunningServiceInfoLocked(sr));

                    }

                }



                for (int i=0; i<mRestartingServices.size() && res.size() < maxNum; i++) {

                    ServiceRecord r = mRestartingServices.get(i);

                    if (r.userId == userId) {

                    if (r.userId == userId

                        && (allowed || (r.app != null && r.app.uid == callingUid))) {

                        ActivityManager.RunningServiceInfo info =

                                makeRunningServiceInfoLocked(r);

                        info.restarting = r.nextRestartTime;

services/core/java/com/android/server/am/ActivityManagerService.java

+5 −1
Original line number Diff line number Diff line
@@ -17467,7 +17467,11 @@ public class ActivityManagerService extends IActivityManager.Stub 
            int flags) {

        enforceNotIsolatedCaller("getServices");

        synchronized (this) {

            return mServices.getRunningServiceInfoLocked(maxNum, flags);

            final int callingUid = Binder.getCallingUid();

            final boolean allowed = isGetTasksAllowed("getServices", Binder.getCallingPid(),

                callingUid);













            return mServices.getRunningServiceInfoLocked(maxNum, flags, callingUid, allowed);















        }















    }