Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 61792c47 authored by Fabian Kozynski's avatar Fabian Kozynski
Browse files

Add extra security checks for TileService API 

When requesting a tile to be added, the TileService should be exported.
Also, the requesting application should be in the foreground, so the
user cannot get unexpected requests.

Test: CTS tests
Test: manual
Fixes: 199770909

Change-Id: I2e131bf2fd3de91767e7604768bc0141ef3cd427
parent c511e019

core/api/current.txt

+2 −1
Original line number Diff line number Diff line
@@ -6699,10 +6699,11 @@ package android.app { 














  public class StatusBarManager {















    method public void requestAddTileService(@NonNull android.content.ComponentName, @NonNull CharSequence, @NonNull android.graphics.drawable.Icon, @NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Integer>);













    field public static final int TILE_ADD_REQUEST_ERROR_APP_NOT_IN_FOREGROUND = 1004; // 0x3ec















    field public static final int TILE_ADD_REQUEST_ERROR_BAD_COMPONENT = 1002; // 0x3ea















    field public static final int TILE_ADD_REQUEST_ERROR_MISMATCHED_PACKAGE = 1000; // 0x3e8















    field public static final int TILE_ADD_REQUEST_ERROR_NOT_CURRENT_USER = 1003; // 0x3eb













    field public static final int TILE_ADD_REQUEST_ERROR_NO_STATUS_BAR_SERVICE = 1004; // 0x3ec













    field public static final int TILE_ADD_REQUEST_ERROR_NO_STATUS_BAR_SERVICE = 1005; // 0x3ed















    field public static final int TILE_ADD_REQUEST_ERROR_REQUEST_IN_PROGRESS = 1001; // 0x3e9















    field public static final int TILE_ADD_REQUEST_RESULT_TILE_ADDED = 2; // 0x2















    field public static final int TILE_ADD_REQUEST_RESULT_TILE_ALREADY_ADDED = 1; // 0x1

























core/java/android/app/StatusBarManager.java



+11
−3




























Original line number
Diff line number
Diff line








@@ -245,7 +245,7 @@ public class StatusBarManager {













    public static final int TILE_ADD_REQUEST_ERROR_REQUEST_IN_PROGRESS =















            TILE_ADD_REQUEST_FIRST_ERROR_CODE + 1;















    /**













     * Indicates that the component does not match an enabled













     * Indicates that the component does not match an enabled exported















     * {@link android.service.quicksettings.TileService} for the current user.















     */















    public static final int TILE_ADD_REQUEST_ERROR_BAD_COMPONENT =









@@ -255,12 +255,17 @@ public class StatusBarManager {













     */















    public static final int TILE_ADD_REQUEST_ERROR_NOT_CURRENT_USER =















            TILE_ADD_REQUEST_FIRST_ERROR_CODE + 3;













    /**













     * Indicates that the requesting application is not in the foreground.













     */













    public static final int TILE_ADD_REQUEST_ERROR_APP_NOT_IN_FOREGROUND =













            TILE_ADD_REQUEST_FIRST_ERROR_CODE + 4;















    /**















     * The request could not be processed because no fulfilling service was found. This could be















     * a temporary issue (for example, SystemUI has crashed).















     */















    public static final int TILE_ADD_REQUEST_ERROR_NO_STATUS_BAR_SERVICE =













            TILE_ADD_REQUEST_FIRST_ERROR_CODE + 4;













            TILE_ADD_REQUEST_FIRST_ERROR_CODE + 5;































    /** @hide */















    @IntDef(prefix = {"TILE_ADD_REQUEST"}, value = {









@@ -271,6 +276,7 @@ public class StatusBarManager {













            TILE_ADD_REQUEST_ERROR_REQUEST_IN_PROGRESS,















            TILE_ADD_REQUEST_ERROR_BAD_COMPONENT,















            TILE_ADD_REQUEST_ERROR_NOT_CURRENT_USER,













            TILE_ADD_REQUEST_ERROR_APP_NOT_IN_FOREGROUND,















            TILE_ADD_REQUEST_ERROR_NO_STATUS_BAR_SERVICE















    })















    @Retention(RetentionPolicy.SOURCE)










@@ -616,7 +622,9 @@ public class StatusBarManager {













     * </ul>















     * <p>















     * The user for which this will be added is determined from the {@link Context} used to retrieve













     * this service, and must match the current user.













     * this service, and must match the current user. The requesting application must be in the













     * foreground ({@link ActivityManager.RunningAppProcessInfo#IMPORTANCE_FOREGROUND}













     * and the {@link android.service.quicksettings.TileService} must be exported.















     *















     * @param tileServiceComponentName {@link ComponentName} of the















     *        {@link android.service.quicksettings.TileService} for the request.

































services/core/java/com/android/server/statusbar/StatusBarManagerService.java



+14
−1




























Original line number
Diff line number
Diff line








@@ -23,6 +23,7 @@ import static android.view.Display.DEFAULT_DISPLAY;













import android.Manifest;















import android.annotation.NonNull;















import android.annotation.Nullable;













import android.app.ActivityManager;















import android.app.ActivityManagerInternal;















import android.app.ActivityThread;















import android.app.ITransientNotificationCallback;










@@ -1720,7 +1721,7 @@ public class StatusBarManagerService extends IStatusBarService.Stub implements D





























        // We've checked that the package, component name and uid all match.















        ResolveInfo r = isComponentValidTileService(componentName, userId);













        if (r == null) {













        if (r == null || !r.serviceInfo.exported) {















            try {















                callback.onTileRequest(StatusBarManager.TILE_ADD_REQUEST_ERROR_BAD_COMPONENT);















            } catch (RemoteException e) {









@@ -1729,6 +1730,18 @@ public class StatusBarManagerService extends IStatusBarService.Stub implements D













            return;















        }





























        final int procState = mActivityManagerInternal.getUidProcessState(callingUid);













        if (ActivityManager.RunningAppProcessInfo.procStateToImportance(procState)













                != ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND) {













            try {













                callback.onTileRequest(













                        StatusBarManager.TILE_ADD_REQUEST_ERROR_APP_NOT_IN_FOREGROUND);













            } catch (RemoteException e) {













                Slog.e(TAG, "requestAddTile", e);













            }













            return;













        }





























        IAddTileResultCallback proxyCallback = new IAddTileResultCallback.Stub() {















            @Override















            public void onTileRequest(int i) throws RemoteException {