Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 36772b6d authored by Android Build Coastguard Worker's avatar Android Build Coastguard Worker
Browse files

Merge cherrypicks of ['googleplex-android-review.googlesource.com/20251403',... 

Merge cherrypicks of ['googleplex-android-review.googlesource.com/20251403', 'googleplex-android-review.googlesource.com/20828778', 'googleplex-android-review.googlesource.com/20641928', 'googleplex-android-review.googlesource.com/20709903', 'googleplex-android-review.googlesource.com/20898477', 'googleplex-android-review.googlesource.com/20924743', 'googleplex-android-review.googlesource.com/20322501', 'googleplex-android-review.googlesource.com/20953243', 'googleplex-android-review.googlesource.com/21080663', 'googleplex-android-review.googlesource.com/21129647', 'googleplex-android-review.googlesource.com/21005178'] into security-aosp-tm-release.

Change-Id: Ib3858bd1496148308083cf847c58da0f54aad3a5
parents 023eb116 fcced371

core/java/android/content/Intent.java

+1 −1
Original line number Diff line number Diff line
@@ -11433,7 +11433,7 @@ public class Intent implements Parcelable, Cloneable { 
    private void toUriInner(StringBuilder uri, String scheme, String defAction,

            String defPackage, int flags) {

        if (scheme != null) {

            uri.append("scheme=").append(scheme).append(';');

            uri.append("scheme=").append(Uri.encode(scheme)).append(';');

        }

        if (mAction != null && !mAction.equals(defAction)) {

            uri.append("action=").append(Uri.encode(mAction)).append(';');

core/java/android/content/IntentSender.java

+39 −2
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package android.content; 
import android.annotation.Nullable;

import android.app.ActivityManager;

import android.app.ActivityManager.PendingIntentInfo;

import android.app.ActivityOptions;

import android.compat.annotation.UnsupportedAppUsage;

import android.os.Bundle;

import android.os.Handler;
@@ -158,7 +159,7 @@ public class IntentSender implements Parcelable { 
     */

    public void sendIntent(Context context, int code, Intent intent,

            OnFinished onFinished, Handler handler) throws SendIntentException {

        sendIntent(context, code, intent, onFinished, handler, null);

        sendIntent(context, code, intent, onFinished, handler, null, null /* options */);

    }



    /**
@@ -190,6 +191,42 @@ public class IntentSender implements Parcelable { 
    public void sendIntent(Context context, int code, Intent intent,

            OnFinished onFinished, Handler handler, String requiredPermission)

            throws SendIntentException {

        sendIntent(context, code, intent, onFinished, handler, requiredPermission,

                null /* options */);

    }



    /**

     * Perform the operation associated with this IntentSender, allowing the

     * caller to specify information about the Intent to use and be notified

     * when the send has completed.

     *

     * @param context The Context of the caller.  This may be null if

     * <var>intent</var> is also null.

     * @param code Result code to supply back to the IntentSender's target.

     * @param intent Additional Intent data.  See {@link Intent#fillIn

     * Intent.fillIn()} for information on how this is applied to the

     * original Intent.  Use null to not modify the original Intent.

     * @param onFinished The object to call back on when the send has

     * completed, or null for no callback.

     * @param handler Handler identifying the thread on which the callback

     * should happen.  If null, the callback will happen from the thread

     * pool of the process.

     * @param requiredPermission Name of permission that a recipient of the PendingIntent

     * is required to hold.  This is only valid for broadcast intents, and

     * corresponds to the permission argument in

     * {@link Context#sendBroadcast(Intent, String) Context.sendOrderedBroadcast(Intent, String)}.

     * If null, no permission is required.

     * @param options Additional options the caller would like to provide to modify the sending

     * behavior.  May be built from an {@link ActivityOptions} to apply to an activity start.

     *

     * @throws SendIntentException Throws CanceledIntentException if the IntentSender

     * is no longer allowing more intents to be sent through it.

     * @hide

     */

    public void sendIntent(Context context, int code, Intent intent,

            OnFinished onFinished, Handler handler, String requiredPermission,

            @Nullable Bundle options)

            throws SendIntentException {

        try {

            String resolvedType = intent != null ?

                    intent.resolveTypeIfNeeded(context.getContentResolver())
@@ -199,7 +236,7 @@ public class IntentSender implements Parcelable { 
                    onFinished != null

                            ? new FinishedDispatcher(this, onFinished, handler)

                            : null,

                    requiredPermission, null);

                    requiredPermission, options);

            if (res < 0) {

                throw new SendIntentException();

            }

services/core/java/com/android/server/accounts/AccountManagerService.java

+12 −8
Original line number Diff line number Diff line
@@ -3091,7 +3091,7 @@ public class AccountManagerService 
                            }

                        }



                        Intent intent = result.getParcelable(AccountManager.KEY_INTENT);

                        Intent intent = result.getParcelable(AccountManager.KEY_INTENT, Intent.class);

                        if (intent != null && notifyOnAuthFailure && !customTokens) {

                            /*

                             * Make sure that the supplied intent is owned by the authenticator
@@ -3516,8 +3516,7 @@ public class AccountManagerService 
            Bundle.setDefusable(result, true);

            mNumResults++;

            Intent intent = null;

            if (result != null

                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {

            if (result != null) {

                if (!checkKeyIntent(

                        Binder.getCallingUid(),

                        result)) {
@@ -4876,8 +4875,10 @@ public class AccountManagerService 
            	EventLog.writeEvent(0x534e4554, "250588548", authUid, "");

                return false;

            }



            Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT, Intent.class);

            if (intent == null) {

                return true;

            }

            // Explicitly set an empty ClipData to ensure that we don't offer to

            // promote any Uris contained inside for granting purposes

            if (intent.getClipData() == null) {
@@ -4927,8 +4928,12 @@ public class AccountManagerService 
            Bundle simulateBundle = p.readBundle();

            p.recycle();

            Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT, Intent.class);

            return (intent.filterEquals(simulateBundle.getParcelable(AccountManager.KEY_INTENT,

                Intent.class)));

            Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT,

                    Intent.class);

            if (intent == null) {

                return (simulateIntent == null);

            }

            return intent.filterEquals(simulateIntent);

        }



        private boolean isExportedSystemActivity(ActivityInfo activityInfo) {
@@ -5073,8 +5078,7 @@ public class AccountManagerService 
                    }

                }

            }

            if (result != null

                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {

            if (result != null) {

                if (!checkKeyIntent(

                        Binder.getCallingUid(),

                        result)) {

services/core/java/com/android/server/am/ActiveServices.java

+5 −0
Original line number Diff line number Diff line
@@ -3411,6 +3411,11 @@ public final class ActiveServices { 
                            throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "

                                    + className + " is not an isolatedProcess");

                        }

                        if (AppGlobals.getPackageManager().getPackageUid(callingPackage,

                                0, userId) != callingUid) {

                            throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "

                                    + "calling package not owned by calling UID ");

                        }

                        // Run the service under the calling package's application.

                        ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo(

                                callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId);

services/core/java/com/android/server/am/ActivityManagerService.java

+34 −0
Original line number Diff line number Diff line
@@ -14605,6 +14605,17 @@ public class ActivityManagerService extends IActivityManager.Stub 
                    throw new SecurityException(msg);

                }

            }

            if (!Build.IS_DEBUGGABLE && callingUid != ROOT_UID && callingUid != SHELL_UID

                    && callingUid != SYSTEM_UID && !hasActiveInstrumentationLocked(callingPid)) {

                // If it's not debug build and not called from root/shell/system uid, reject it.

                final String msg = "Permission Denial: instrumentation test "

                        + className + " from pid=" + callingPid + ", uid=" + callingUid

                        + ", pkgName=" + getPackageNameByPid(callingPid)

                        + " not allowed because it's not started from SHELL";

                Slog.wtfQuiet(TAG, msg);

                reportStartInstrumentationFailureLocked(watcher, className, msg);

                throw new SecurityException(msg);

            }









            boolean disableHiddenApiChecks = ai.usesNonSdkApi()









                    || (flags & INSTR_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;








@@ -14827,6 +14838,29 @@ public class ActivityManagerService extends IActivityManager.Stub







        }









    }

















    @GuardedBy("this")









    private boolean hasActiveInstrumentationLocked(int pid) {









        if (pid == 0) {









            return false;









        }









        synchronized (mPidsSelfLocked) {









            ProcessRecord process = mPidsSelfLocked.get(pid);









            return process != null && process.getActiveInstrumentation() != null;









        }









    }

















    private String getPackageNameByPid(int pid) {









        synchronized (mPidsSelfLocked) {









            final ProcessRecord app = mPidsSelfLocked.get(pid);

















            if (app != null && app.info != null) {









                return app.info.packageName;









            }

















            return null;









        }









    }

















    private boolean isCallerShell() {









        final int callingUid = Binder.getCallingUid();









        return callingUid == SHELL_UID || callingUid == ROOT_UID;