Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70668582 authored by Felipe Leme's avatar Felipe Leme
Browse files

Temporaly ignoring UID check when caller is a system app. 

The Settings app runs some of its activities in another process, which would
crash it in some cases due to a recent security fix on Autofill.

This CL temporarily fixes the problem by skipping the security check when the
caller is a system app.

Test: manual verification using System.out statements, as it cannot be
      reproduced by CTS because the CTS app is an user app.
Bug: 70506888

Change-Id: I08e8a370d93d3473ec5e025afaf3bc6f456e0ab9
parent e5634eeb

services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java

+5 −1
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ import android.os.Binder; 
import android.os.Bundle;

import android.os.IBinder;

import android.os.Looper;

import android.os.Process;

import android.os.RemoteCallbackList;

import android.os.RemoteException;

import android.os.SystemClock;
@@ -491,7 +492,10 @@ final class AutofillManagerServiceImpl { 
        } catch (NameNotFoundException e) {

            throw new SecurityException("Could not verify UID for " + componentName);

        }

        if (callingUid != packageUid) {

        // TODO(b/70506888): allow all system UIDs to call it is too broad, we should call

        // something like am.isActivityRunningInProcess(componentName, callingPid), but there is

        // no such API yet.

        if (callingUid != packageUid && Process.isApplicationUid(callingUid)) {

            final String[] packages = pm.getPackagesForUid(callingUid);

            final String callingPackage = packages != null ? packages[0] : "uid-" + callingUid;

            Slog.w(TAG, "App (package=" + callingPackage + ", UID=" + callingUid