Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 69d7b553 authored by Reema Bajwa's avatar Reema Bajwa
Browse files

Remove permissin check from provider service process 

Test: built & deployed locally
Bug: 279961205

Change-Id: Id09bf424574b17507a62558e225f9c780da4b00e
parent f0a411d6

core/java/android/service/credentials/CredentialProviderInfoFactory.java

+12 −10
Original line number Diff line number Diff line
@@ -80,7 +80,8 @@ public final class CredentialProviderInfoFactory { 
     * @param userId           the android userId for which the current process is running

     * @param isSystemProvider whether this provider is a system provider

     * @throws PackageManager.NameNotFoundException If provider service is not found

     * @throws SecurityException If provider does not require the relevant permission

     * @throws SecurityException                    If provider does not require the relevant

     *                                              permission

     */

    public static CredentialProviderInfo create(

            @NonNull Context context,
@@ -100,11 +101,13 @@ public final class CredentialProviderInfoFactory { 
     * Constructs an information instance of the credential provider.

     *

     * @param context                              the context object

     * @param serviceInfo the service info for the provider app. This must be retrieved from the

     * @param serviceInfo                          the service info for the provider app. This must

     *                                             be retrieved from the

     *                                             {@code PackageManager}

     * @param isSystemProvider                     whether the provider app is a system provider

     * @param disableSystemAppVerificationForTests whether to disable system app permission

     *     verification so that tests can install system providers

     *                                             verification so that tests can install system

     *                                             providers

     * @param isEnabled                            whether the user enabled this provider

     * @throws SecurityException If provider does not require the relevant permission

     */
@@ -374,7 +377,6 @@ public final class CredentialProviderInfoFactory { 
                if (appInfo == null || serviceInfo == null) {

                    continue;

                }



                services.add(serviceInfo);

            } catch (SecurityException | PackageManager.NameNotFoundException e) {

                Slog.e(TAG, "Error getting info for " + serviceInfo, e);

core/java/android/service/credentials/CredentialProviderService.java

+2 −22
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package android.service.credentials; 


import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage;



import android.Manifest;

import android.annotation.CallSuper;

import android.annotation.NonNull;

import android.annotation.SdkConstant;
@@ -35,7 +34,7 @@ import android.os.ICancellationSignal; 
import android.os.Looper;

import android.os.OutcomeReceiver;

import android.os.RemoteException;

import android.util.Log;

import android.util.Slog;



import java.util.Objects;
@@ -226,7 +225,7 @@ public abstract class CredentialProviderService extends Service { 
        if (SERVICE_INTERFACE.equals(intent.getAction())) {

            return mInterface.asBinder();

        }

        Log.d(TAG, "Failed to bind with intent: " + intent);

        Slog.w(TAG, "Failed to bind with intent: " + intent);

        return null;

    }
@@ -252,11 +251,6 @@ public abstract class CredentialProviderService extends Service { 
                            GetCredentialException>() {

                        @Override

                        public void onResult(BeginGetCredentialResponse result) {

                            // If provider service does not possess the HYBRID permission, this

                            // check will throw an exception in the provider process.

                            if (result.getRemoteCredentialEntry() != null) {

                                enforceRemoteEntryPermission();

                            }

                            try {

                                callback.onSuccess(result);

                            } catch (RemoteException e) {
@@ -274,15 +268,6 @@ public abstract class CredentialProviderService extends Service { 
                    }

            ));

        }

        private void enforceRemoteEntryPermission() {

            String permission =

                    Manifest.permission.PROVIDE_REMOTE_CREDENTIALS;

            getApplicationContext().enforceCallingOrSelfPermission(

                    permission,

                    String.format("Provider must have %s, in order to set a "

                            + "remote entry", permission)

            );

        }



        @Override

        public void onBeginCreateCredential(BeginCreateCredentialRequest request,
@@ -305,11 +290,6 @@ public abstract class CredentialProviderService extends Service { 
                            BeginCreateCredentialResponse, CreateCredentialException>() {

                        @Override

                        public void onResult(BeginCreateCredentialResponse result) {

                            // If provider service does not possess the HYBRID permission, this

                            // check will throw an exception in the provider process.

                            if (result.getRemoteCreateEntry() != null) {

                                enforceRemoteEntryPermission();

                            }

                            try {

                                callback.onSuccess(result);

                            } catch (RemoteException e) {

services/credentials/java/com/android/server/credentials/ProviderGetSession.java

+0 −3
Original line number Diff line number Diff line
@@ -40,7 +40,6 @@ import android.service.credentials.CredentialEntry; 
import android.service.credentials.CredentialProviderService;

import android.service.credentials.GetCredentialRequest;

import android.service.credentials.RemoteEntry;

import android.util.Log;

import android.util.Pair;

import android.util.Slog;
@@ -413,11 +412,9 @@ public final class ProviderGetSession extends ProviderSession<BeginGetCredential 
     */

    private boolean onAuthenticationEntrySelected(

            @Nullable ProviderPendingIntentResponse providerPendingIntentResponse) {

        Log.i(TAG, "onAuthenticationEntrySelected");

        // Authentication entry is expected to have a BeginGetCredentialResponse instance. If it

        // does not have it, we remove the authentication entry and do not add any more content.

        if (providerPendingIntentResponse == null) {

            Log.i(TAG, "providerPendingIntentResponse is null");

            // Nothing received. This is equivalent to no content received.

            return false;

        }

services/credentials/java/com/android/server/credentials/ProviderSession.java

+1 −4
Original line number Diff line number Diff line
@@ -268,12 +268,9 @@ public abstract class ProviderSession<T, R> 
                    /*pId=*/-1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) {

                return true;

            }

        } catch (SecurityException e) {

        } catch (SecurityException | PackageManager.NameNotFoundException e) {

            Slog.e(TAG, "Error getting info for " + mComponentName.flattenToString(), e);

            return false;

        } catch (PackageManager.NameNotFoundException e) {

            Slog.i(TAG, "Error getting info for " + mComponentName.flattenToString(), e);

            return false;

        }

        return false;

    }