Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a6b7d977 authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Don't allow sdk sandbox processes to register/unregister CPs 

We are going to limit how sdk sandbox processes can interact with
content providers. This change adds blanket deny rule for the things
that we definitely don't want sdk sandbox to do (e.g. register content
providers).

Accessing CPs is a little bit more nuanced, since we at least should
give sdk sandboxes an option to access CPs defined in the WebView.
Effort to add additional restrictions on getContentProvider method for
sdk sandbox processes is tracked in b/226318628, in this change we
simply log the warning saying that access will be removed.

Bug: 217538253
Bug: 226318628
Test: presubmit
Change-Id: I766fff8288bb60acec9e9bf6dee14edfc99b30fb
parent 923eb82c

services/core/java/com/android/server/am/ContentProviderHelper.java

+9 −2
Original line number Diff line number Diff line
@@ -112,6 +112,13 @@ public class ContentProviderHelper { 
    ContentProviderHolder getContentProvider(IApplicationThread caller, String callingPackage,

            String name, int userId, boolean stable) {

        mService.enforceNotIsolatedCaller("getContentProvider");

        if (Process.isSdkSandboxUid(Binder.getCallingUid())) {

            // TODO(b/226318628): for sdk sandbox processes only allow accessing CPs registered by

            //  the WebView apk.

            Slog.w(TAG, "Sdk sandbox process " + Binder.getCallingUid()

                    + " is accessing content provider " + name

                    + ". This access will most likely be blocked in the future");

        }

        if (caller == null) {

            String msg = "null IApplicationThread when getting content provider " + name;

            Slog.w(TAG, msg);
@@ -630,7 +637,7 @@ public class ContentProviderHelper { 
            return;

        }



        mService.enforceNotIsolatedCaller("publishContentProviders");

        mService.enforceNotIsolatedOrSdkSandboxCaller("publishContentProviders");

        synchronized (mService) {

            final ProcessRecord r = mService.getRecordForAppLOSP(caller);

            if (DEBUG_MU) {
@@ -717,7 +724,7 @@ public class ContentProviderHelper { 
     * Drop a content provider from a ProcessRecord's bookkeeping

     */

    void removeContentProvider(IBinder connection, boolean stable) {

        mService.enforceNotIsolatedCaller("removeContentProvider");

        mService.enforceNotIsolatedOrSdkSandboxCaller("removeContentProvider");

        final long ident = Binder.clearCallingIdentity();

        try {

            ContentProviderConnection conn;