Relax permission requirement for sending broadcasts to other users (8bf06eda) · Commits · e / os / android_frameworks_base

services/java/com/android/server/am/ActivityManagerService.java

+20 −22

Original line number	Diff line number	Diff line
		@@ -10988,7 +10988,7 @@ public final class ActivityManagerService extends ActivityManagerNative
		BroadcastQueue queue = broadcastQueueForIntent(intent);
		BroadcastRecord r = new BroadcastRecord(queue, intent, null,
		null, -1, -1, null, receivers, null, 0, null, null,
		false, true, true, false, -1);
		false, true, true, -1);
		queue.enqueueParallelBroadcastLocked(r);
		queue.scheduleBroadcastsLocked();
		}
		@@ -11081,21 +11081,16 @@ public final class ActivityManagerService extends ActivityManagerNative
		Slog.w(TAG, "Broadcast " + intent + " not ordered but result callback requested!");
		}

		boolean onlySendToCaller = false;

		// If the caller is trying to send this broadcast to a different
		// user, verify that is allowed.
		if (UserHandle.getUserId(callingUid) != userId) {
		if (checkComponentPermission(
		android.Manifest.permission.INTERACT_ACROSS_USERS,
		callingPid, callingUid, -1, true) != PackageManager.PERMISSION_GRANTED
		&& checkComponentPermission(
		android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
		callingPid, callingUid, -1, true)
		!= PackageManager.PERMISSION_GRANTED) {
		if (checkComponentPermission(
		android.Manifest.permission.INTERACT_ACROSS_USERS,
		callingPid, callingUid, -1, true)
		== PackageManager.PERMISSION_GRANTED) {
		onlySendToCaller = true;
		} else {
		String msg = "Permission Denial: " + intent.getAction()
		+ " broadcast from " + callerPackage
		+ " asks to send as user " + userId
		@@ -11104,6 +11099,9 @@ public final class ActivityManagerService extends ActivityManagerNative
		+ android.Manifest.permission.INTERACT_ACROSS_USERS;
		Slog.w(TAG, msg);
		throw new SecurityException(msg);
		} else {
		if (userId == UserHandle.USER_CURRENT) {
		userId = mCurrentUserId;
		}
		}
		}
		@@ -11294,7 +11292,7 @@ public final class ActivityManagerService extends ActivityManagerNative
		BroadcastRecord r = new BroadcastRecord(queue, intent, callerApp,
		callerPackage, callingPid, callingUid, requiredPermission,
		registeredReceivers, resultTo, resultCode, resultData, map,
		ordered, sticky, false, onlySendToCaller, userId);
		ordered, sticky, false, userId);
		if (DEBUG_BROADCAST) Slog.v(
		TAG, "Enqueueing parallel broadcast " + r);
		final boolean replaced = replacePending && queue.replaceParallelBroadcastLocked(r);
		@@ -11384,7 +11382,7 @@ public final class ActivityManagerService extends ActivityManagerNative
		BroadcastRecord r = new BroadcastRecord(queue, intent, callerApp,
		callerPackage, callingPid, callingUid, requiredPermission,
		receivers, resultTo, resultCode, resultData, map, ordered,
		sticky, false, onlySendToCaller, userId);
		sticky, false, userId);
		if (DEBUG_BROADCAST) Slog.v(
		TAG, "Enqueueing ordered broadcast " + r
		+ ": prev had " + queue.mOrderedBroadcasts.size());

services/java/com/android/server/am/BroadcastQueue.java

+1 −23

Original line number	Diff line number	Diff line
		@@ -372,17 +372,7 @@ public class BroadcastQueue {
		private final void deliverToRegisteredReceiverLocked(BroadcastRecord r,
		BroadcastFilter filter, boolean ordered) {
		boolean skip = false;
		if (r.onlySendToCaller) {
		if (!UserHandle.isSameApp(r.callingUid, filter.owningUid)) {
		Slog.w(TAG, "Permission Denial: broadcasting "
		+ r.intent.toString()
		+ " from " + r.callerPackage + " (pid="
		+ r.callingPid + ", uid=" + r.callingUid + ")"
		+ " not allowed to go to different app " + filter.owningUid);
		skip = true;
		}
		}
		if (!skip && filter.requiredPermission != null) {
		if (filter.requiredPermission != null) {
		int perm = mService.checkComponentPermission(filter.requiredPermission,
		r.callingPid, r.callingUid, -1, true);
		if (perm != PackageManager.PERMISSION_GRANTED) {
		@@ -667,18 +657,6 @@ public class BroadcastQueue {
		info.activityInfo.name);

		boolean skip = false;
		if (r.onlySendToCaller) {
		if (!UserHandle.isSameApp(r.callingUid, info.activityInfo.applicationInfo.uid)) {
		Slog.w(TAG, "Permission Denial: broadcasting "
		+ r.intent.toString()
		+ " from " + r.callerPackage + " (pid="
		+ r.callingPid + ", uid=" + r.callingUid + ")"
		+ " to " + component.flattenToShortString()
		+ " not allowed to go to different app "
		+ info.activityInfo.applicationInfo.uid);
		skip = true;
		}
		}
		int perm = mService.checkComponentPermission(info.activityInfo.permission,
		r.callingPid, r.callingUid, info.activityInfo.applicationInfo.uid,
		info.activityInfo.exported);

services/java/com/android/server/am/BroadcastRecord.java

+1 −3

Original line number	Diff line number	Diff line
		@@ -44,7 +44,6 @@ class BroadcastRecord extends Binder {
		final boolean ordered; // serialize the send to receivers?
		final boolean sticky; // originated from existing sticky data?
		final boolean initialSticky; // initial broadcast from register to sticky?
		final boolean onlySendToCaller; // only allow receipt by sender's components?
		final int userId; // user id this broadcast was for
		final String requiredPermission; // a permission the caller has required
		final List receivers; // contains BroadcastFilter and ResolveInfo
		@@ -170,7 +169,7 @@ class BroadcastRecord extends Binder {
		int _callingPid, int _callingUid, String _requiredPermission,
		List _receivers, IIntentReceiver _resultTo, int _resultCode,
		String _resultData, Bundle _resultExtras, boolean _serialized,
		boolean _sticky, boolean _initialSticky, boolean _onlySendToCaller,
		boolean _sticky, boolean _initialSticky,
		int _userId) {
		queue = _queue;
		intent = _intent;
		@@ -187,7 +186,6 @@ class BroadcastRecord extends Binder {
		ordered = _serialized;
		sticky = _sticky;
		initialSticky = _initialSticky;
		onlySendToCaller = _onlySendToCaller;
		userId = _userId;
		nextReceiver = 0;
		state = IDLE;