Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6d51e19e authored by Danny Baumann's avatar Danny Baumann
Browse files

Fix setting connection status when switching profiles via 3rd party 

apps.

For switching Wifi and BT, the respective permissions are needed.
Currently, while switching profiles, the caller's identity isn't
cleared, thus the switching action runs under the permission level of
the caller, which is wrong, because the caller shouldn't need to care
about the side effects of profile switching.
To fix this, clear calling identity before profile switching. In order
to now allow clients to pass in profile subclasses with malicious code
in it (and as we don't properly support subclassing the profile classes
anyway), make the profile classes final.
parent d16dc993

core/java/android/app/ConnectionSettings.java

+1 −1
Original line number Diff line number Diff line
@@ -14,7 +14,7 @@ import org.xmlpull.v1.XmlPullParserException; 
import java.io.IOException;



/** @hide */

public class ConnectionSettings implements Parcelable {

public final class ConnectionSettings implements Parcelable {



    private int mConnectionId;

    private int mValue;

core/java/android/app/Profile.java

+1 −1
Original line number Diff line number Diff line
@@ -33,7 +33,7 @@ import java.util.HashMap; 
import java.util.Map;

import java.util.UUID;



public class Profile implements Parcelable {

public final class Profile implements Parcelable {



    private String mName;

    private int mNameResId;

core/java/android/app/ProfileGroup.java

+1 −1
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@ import android.util.Log; 
import java.io.IOException;

import java.util.UUID;



public class ProfileGroup implements Parcelable {

public final class ProfileGroup implements Parcelable {

    private static final String TAG = "ProfileGroup";



    private String mName;

core/java/android/app/StreamSettings.java

+1 −1
Original line number Diff line number Diff line
@@ -11,7 +11,7 @@ import android.os.Parcelable; 
import java.io.IOException;



/** @hide */

public class StreamSettings implements Parcelable{

public final class StreamSettings implements Parcelable{



    private int mStreamId;

    private int mValue;

services/java/com/android/server/ProfileManagerService.java

+8 −10
Original line number Diff line number Diff line
@@ -182,19 +182,16 @@ public class ProfileManagerService extends IProfileManager.Stub { 
            if (doinit) {

                if (LOCAL_LOGV) Log.v(TAG, "setActiveProfile(Profile, boolean) - Running init");



                // Call profile's "doSelect"

                mActiveProfile.doSelect(mContext);



                /*

                 * Clearing the calling identity AFTER the profile doSelect

                 * to reduce security risks based on an external class extending the

                 * Profile class and embedding malicious code to be executed with "system" rights.

                 * This isn't a fool-proof safety measure, but it's better than giving

                 * the child class system-level access by simply calling setActiveProfile.

                 *

                 * We need to clear the permissions to broadcast INTENT_ACTION_PROFILE_SELECTED.

                 * We need to clear the caller's identity in order to

                 * - allow the profile switch to execute actions not included in the caller's permissions

                 * - broadcast INTENT_ACTION_PROFILE_SELECTED

                 */

                long token = clearCallingIdentity();



                // Call profile's "doSelect"

                mActiveProfile.doSelect(mContext);



                // Notify other applications of newly selected profile.

                Intent broadcast = new Intent(INTENT_ACTION_PROFILE_SELECTED);

                broadcast.putExtra("name", mActiveProfile.getName());
@@ -202,6 +199,7 @@ public class ProfileManagerService extends IProfileManager.Stub { 
                broadcast.putExtra("lastName", lastProfile.getName());

                broadcast.putExtra("lastUuid", lastProfile.getUuid().toString());

                mContext.sendBroadcast(broadcast);



                restoreCallingIdentity(token);

                persistIfDirty();

            }