Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ea76aa7 authored by Michael Groover's avatar Michael Groover
Browse files

Only allow root/system UIDs to send broadcast to unexported receiver 

Android T introduced new flags to specify whether a runtime receiver
should be exported to other apps on the device. Initially, an unexported
runtime receiver could receive broadcasts from any app with a UID
that passed the Process#isCoreUid check, but this behavior differs
from that of unexported manifest receivers which can only receive
broadcasts from the system and root UIDs. This commit updates the
behavior of runtime receivers registered with the RECEIVER_NOT_EXPORTED
flag to only allow broadcasts to be sent from the local app, system, and
root UIDs.

Bug: 225999840
Test: atest ContextTest
Change-Id: Idc2c42dda58d54859e9beb8bd8baf3810aeabefc
parent 27e35ec6

services/core/java/com/android/server/am/BroadcastQueue.java

+3 −3
Original line number Diff line number Diff line
@@ -869,9 +869,9 @@ public final class BroadcastQueue { 


        // Ensure that broadcasts are only sent to other apps if they are explicitly marked as

        // exported, or are System level broadcasts

        if (!skip && !filter.exported && !Process.isCoreUid(r.callingUid)

                && filter.receiverList.uid != r.callingUid) {



        if (!skip && !filter.exported && mService.checkComponentPermission(null, r.callingPid,

                r.callingUid, filter.receiverList.uid, filter.exported)

                != PackageManager.PERMISSION_GRANTED) {

            Slog.w(TAG, "Exported Denial: sending "

                    + r.intent.toString()

                    + ", action: " + r.intent.getAction()