Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98dca140 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Remove permissin check from provider service process" into udc-dev am: f806e9d7 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/22914021



Change-Id: Ib1880d8d57fa70b88a3bd23a8ffbf6046743cd7d
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 99bafcde f806e9d7

core/java/android/service/credentials/CredentialProviderInfoFactory.java

+12 −10
Original line number Diff line number Diff line
@@ -80,7 +80,8 @@ public final class CredentialProviderInfoFactory { 
     * @param userId           the android userId for which the current process is running

     * @param isSystemProvider whether this provider is a system provider

     * @throws PackageManager.NameNotFoundException If provider service is not found

     * @throws SecurityException If provider does not require the relevant permission

     * @throws SecurityException                    If provider does not require the relevant

     *                                              permission

     */

    public static CredentialProviderInfo create(

            @NonNull Context context,
@@ -100,11 +101,13 @@ public final class CredentialProviderInfoFactory { 
     * Constructs an information instance of the credential provider.

     *

     * @param context                              the context object

     * @param serviceInfo the service info for the provider app. This must be retrieved from the

     * @param serviceInfo                          the service info for the provider app. This must

     *                                             be retrieved from the

     *                                             {@code PackageManager}

     * @param isSystemProvider                     whether the provider app is a system provider

     * @param disableSystemAppVerificationForTests whether to disable system app permission

     *     verification so that tests can install system providers

     *                                             verification so that tests can install system

     *                                             providers

     * @param isEnabled                            whether the user enabled this provider

     * @throws SecurityException If provider does not require the relevant permission

     */
@@ -374,7 +377,6 @@ public final class CredentialProviderInfoFactory { 
                if (appInfo == null || serviceInfo == null) {

                    continue;

                }



                services.add(serviceInfo);

            } catch (SecurityException | PackageManager.NameNotFoundException e) {

                Slog.e(TAG, "Error getting info for " + serviceInfo, e);

core/java/android/service/credentials/CredentialProviderService.java

+2 −22
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package android.service.credentials; 


import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage;



import android.Manifest;

import android.annotation.CallSuper;

import android.annotation.NonNull;

import android.annotation.SdkConstant;
@@ -35,7 +34,7 @@ import android.os.ICancellationSignal; 
import android.os.Looper;

import android.os.OutcomeReceiver;

import android.os.RemoteException;

import android.util.Log;

import android.util.Slog;



import java.util.Objects;
@@ -226,7 +225,7 @@ public abstract class CredentialProviderService extends Service { 
        if (SERVICE_INTERFACE.equals(intent.getAction())) {

            return mInterface.asBinder();

        }

        Log.d(TAG, "Failed to bind with intent: " + intent);

        Slog.w(TAG, "Failed to bind with intent: " + intent);

        return null;

    }
@@ -252,11 +251,6 @@ public abstract class CredentialProviderService extends Service { 
                            GetCredentialException>() {

                        @Override

                        public void onResult(BeginGetCredentialResponse result) {

                            // If provider service does not possess the HYBRID permission, this

                            // check will throw an exception in the provider process.

                            if (result.getRemoteCredentialEntry() != null) {

                                enforceRemoteEntryPermission();

                            }

                            try {

                                callback.onSuccess(result);

                            } catch (RemoteException e) {
@@ -274,15 +268,6 @@ public abstract class CredentialProviderService extends Service { 
                    }

            ));

        }

        private void enforceRemoteEntryPermission() {

            String permission =

                    Manifest.permission.PROVIDE_REMOTE_CREDENTIALS;

            getApplicationContext().enforceCallingOrSelfPermission(

                    permission,

                    String.format("Provider must have %s, in order to set a "

                            + "remote entry", permission)

            );

        }



        @Override

        public void onBeginCreateCredential(BeginCreateCredentialRequest request,
@@ -305,11 +290,6 @@ public abstract class CredentialProviderService extends Service { 
                            BeginCreateCredentialResponse, CreateCredentialException>() {

                        @Override

                        public void onResult(BeginCreateCredentialResponse result) {

                            // If provider service does not possess the HYBRID permission, this

                            // check will throw an exception in the provider process.

                            if (result.getRemoteCreateEntry() != null) {

                                enforceRemoteEntryPermission();

                            }

                            try {

                                callback.onSuccess(result);

                            } catch (RemoteException e) {

services/credentials/java/com/android/server/credentials/ProviderGetSession.java

+0 −3
Original line number Diff line number Diff line
@@ -40,7 +40,6 @@ import android.service.credentials.CredentialEntry; 
import android.service.credentials.CredentialProviderService;

import android.service.credentials.GetCredentialRequest;

import android.service.credentials.RemoteEntry;

import android.util.Log;

import android.util.Pair;

import android.util.Slog;
@@ -413,11 +412,9 @@ public final class ProviderGetSession extends ProviderSession<BeginGetCredential 
     */

    private boolean onAuthenticationEntrySelected(

            @Nullable ProviderPendingIntentResponse providerPendingIntentResponse) {

        Log.i(TAG, "onAuthenticationEntrySelected");

        // Authentication entry is expected to have a BeginGetCredentialResponse instance. If it

        // does not have it, we remove the authentication entry and do not add any more content.

        if (providerPendingIntentResponse == null) {

            Log.i(TAG, "providerPendingIntentResponse is null");

            // Nothing received. This is equivalent to no content received.

            return false;

        }

services/credentials/java/com/android/server/credentials/ProviderSession.java

+1 −4
Original line number Diff line number Diff line
@@ -268,12 +268,9 @@ public abstract class ProviderSession<T, R> 
                    /*pId=*/-1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) {

                return true;

            }

        } catch (SecurityException e) {

        } catch (SecurityException | PackageManager.NameNotFoundException e) {

            Slog.e(TAG, "Error getting info for " + mComponentName.flattenToString(), e);

            return false;

        } catch (PackageManager.NameNotFoundException e) {

            Slog.i(TAG, "Error getting info for " + mComponentName.flattenToString(), e);

            return false;

        }

        return false;

    }