Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 571a97ad authored by Daniel's avatar Daniel
Browse files

Verify caller is cred autofill service 

Flag: android.credentials.flags.safeguard_candidate_credentials_api_caller
Bug: 370477460
Test: atest CtsAutoFillServiceTestCases:android.autofillservice.cts.inline.InlineLoginMixedCredentialActivityTest
Change-Id: I35f3cf616669a6879fd353876029152e3ce327f1
parent ab6ce1d8

services/credentials/java/com/android/server/credentials/CredentialManagerService.java

+30 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ import android.content.ContentResolver; 
import android.content.Context;

import android.content.pm.PackageInfo;

import android.content.pm.PackageManager;

import android.content.res.Resources;

import android.credentials.ClearCredentialStateRequest;

import android.credentials.CreateCredentialException;

import android.credentials.CreateCredentialRequest;
@@ -50,6 +51,7 @@ import android.credentials.ISetEnabledProvidersCallback; 
import android.credentials.PrepareGetCredentialResponseInternal;

import android.credentials.RegisterCredentialDescriptionRequest;

import android.credentials.UnregisterCredentialDescriptionRequest;

import android.credentials.flags.Flags;

import android.os.Binder;

import android.os.CancellationSignal;

import android.os.IBinder;
@@ -79,6 +81,7 @@ import java.util.HashSet; 
import java.util.LinkedHashSet;

import java.util.List;

import java.util.Map;

import java.util.Objects;

import java.util.Set;

import java.util.function.Consumer;

import java.util.stream.Collectors;
@@ -535,6 +538,33 @@ public final class CredentialManagerService 


            final int userId = UserHandle.getCallingUserId();

            final int callingUid = Binder.getCallingUid();

            if (Flags.safeguardCandidateCredentialsApiCaller()) {

                try {

                    String credentialManagerAutofillCompName = mContext.getResources().getString(

                            R.string.config_defaultCredentialManagerAutofillService);

                    ComponentName componentName = ComponentName.unflattenFromString(

                            credentialManagerAutofillCompName);

                    if (componentName == null) {

                        throw new SecurityException(

                                "Credential Autofill service does not exist on this device.");

                    }

                    PackageManager pm = mContext.createContextAsUser(

                            UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager();

                    String callingProcessPackage = pm.getNameForUid(callingUid);

                    if (callingProcessPackage == null) {

                        throw new SecurityException(

                                "Couldn't determine the identity of the caller.");

                    }

                    if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) {

                        throw new SecurityException(callingProcessPackage

                                + " is not the device's credential autofill package.");

                    }

                } catch (Resources.NotFoundException e) {

                    throw new SecurityException(

                            "Credential Autofill service does not exist on this device.");

                }

            }





            // New request session, scoped for this request only.

            final GetCandidateRequestSession session =