Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3d67048 authored by Gavin Corkery's avatar Gavin Corkery
Browse files

Don't allow sandbox uids to call registerReceiver 

Adds a check to ensure that the uid that calls registerReceiver
is not an SDK sandbox uid. This will disallow the SDK sandbox from
dynamically registering to receive broadcasts.

Test: Manual. Set up sample SDK provider to receive TIME_TICK
      broadcasts. Note that broadcasts are received every minute
      without this change, and are not received with it.
Bug: 209770512
Change-Id: I2edec36d9579287e8458a3f13228b1bd1298cf41
parent b78bf4e4

services/core/java/com/android/server/am/ActivityManagerService.java

+24 −1
Original line number Diff line number Diff line
@@ -2911,12 +2911,35 @@ public class ActivityManagerService extends IActivityManager.Stub 
        return mAtmInternal.compatibilityInfoForPackage(ai);

    }













    /**













     * Enforces that the uid that calls a method is not an













     * {@link UserHandle#isIsolated(int) isolated} uid.













     *













     * @param caller the name of the method being called.













     * @throws SecurityException if the calling uid is an isolated uid.













     */















    /* package */ void enforceNotIsolatedCaller(String caller) {















        if (UserHandle.isIsolated(Binder.getCallingUid())) {















            throw new SecurityException("Isolated process not allowed to call " + caller);















        }















    }



























    /**













     * Enforces that the uid that calls a method is not an













     * {@link UserHandle#isIsolated(int) isolated} uid or an













     * {@link Process#isSdkSandboxUid(int) SDK sandbox} uid.













     *













     * @param caller the name of the method being called.













     * @throws SecurityException if the calling uid is an isolated uid or SDK sandbox uid.













     */













    void enforceNotIsolatedOrSdkSandboxCaller(String caller) {













        enforceNotIsolatedCaller(caller);

























        if (Process.isSdkSandboxUid(Binder.getCallingUid())) {













            throw new SecurityException("SDK sandbox process not allowed to call " + caller);













        }













    }



























    @Override















    public void setPackageScreenCompatMode(String packageName, int mode) {















        mActivityTaskManager.setPackageScreenCompatMode(packageName, mode);










@@ -12843,7 +12866,7 @@ public class ActivityManagerService extends IActivityManager.Stub













    public Intent registerReceiverWithFeature(IApplicationThread caller, String callerPackage,















            String callerFeatureId, String receiverId, IIntentReceiver receiver,















            IntentFilter filter, String permission, int userId, int flags) {













        enforceNotIsolatedCaller("registerReceiver");













        enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");















        ArrayList<Intent> stickyIntents = null;















        ProcessRecord callerApp = null;















        final boolean visibleToInstantApps