Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8bda70f1 authored by Nate Myren's avatar Nate Myren
Browse files

Make AppOpsService verification error less informative 

Unless the hardcoded AppOpsService DEBUG flag is set to true, do not
include the resolved UID of a package in the verifyAndGetBypass
exception message, as this potentially leaks data to third party apps
that manage to bind to AppOpsService.

Bug: 184474751
Test: manual
Change-Id: Ifdcf2cce3e8f939ca9f206a4bf8ac0238000f4c0
parent 4f6232fa

services/core/java/com/android/server/appop/AppOpsService.java

+4 −2
Original line number Diff line number Diff line
@@ -4191,8 +4191,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
            // Special case for the shell which is a package but should be able

            // to bypass app attribution tag restrictions.

            if (pkgUid != UserHandle.getAppId(uid)) {

                String otherUidMessage = DEBUG ? " but it is really " + pkgUid : " but it is not";

                throw new SecurityException("Specified package " + packageName + " under uid "

                        +  UserHandle.getAppId(uid) + " but it is really " + pkgUid);

                        +  UserHandle.getAppId(uid) + otherUidMessage);

            }

            return RestrictionBypass.UNRESTRICTED;

        }
@@ -4240,8 +4241,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
        }



        if (pkgUid != uid) {

            String otherUidMessage = DEBUG ? " but it is really " + pkgUid : " but it is not";

            throw new SecurityException("Specified package " + packageName + " under uid " + uid

                    + " but it is really " + pkgUid);

                    + otherUidMessage);

        }



        return bypass;