Prevent root from getting unverified attributions from non system apps (ab99cde4) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/appop/AppOpsService.java

+41 −22

Original line number	Original line	Diff line number	Diff line
	@@ -4374,30 +4374,40 @@ public class AppOpsService extends IAppOpsService.Stub {
	return null;		return null;
	}		}

	finishOperationUnchecked(clientId, code, proxiedUid, resolvedProxiedPackageName,		finishOperationUnchecked(clientId, code, proxyUid, resolvedProxyPackageName,
	proxiedAttributionTag, proxyVirtualDeviceId);		proxiedUid, resolvedProxiedPackageName, proxiedAttributionTag,
			proxyVirtualDeviceId);

	return null;		return null;
	}		}
			private void finishOperationUnchecked(IBinder clientId, int code, int uid,
			String packageName, String attributionTag, int virtualDeviceId) {
			finishOperationUnchecked(clientId, code, -1, null, uid, packageName, attributionTag,
			virtualDeviceId);
			}

	private void finishOperationUnchecked(IBinder clientId, int code, int uid, String packageName,		private void finishOperationUnchecked(IBinder clientId, int code, int proxyUid,
	String attributionTag, int virtualDeviceId) {		String proxyPackageName, int proxiedUid,
			String proxiedPackageName, String attributionTag,
			int virtualDeviceId) {
	PackageVerificationResult pvr;		PackageVerificationResult pvr;
	try {		try {
	pvr = verifyAndGetBypass(uid, packageName, attributionTag);		pvr = verifyAndGetBypass(proxiedUid, proxiedPackageName, attributionTag,
			proxyUid, proxyPackageName);
	if (!pvr.isAttributionTagValid) {		if (!pvr.isAttributionTagValid) {
	attributionTag = null;		attributionTag = null;
	}		}
	} catch (SecurityException e) {		} catch (SecurityException e) {
	logVerifyAndGetBypassFailure(uid, e, "finishOperation");		logVerifyAndGetBypassFailure(proxiedUid, e, "finishOperation");
	return;		return;
	}		}

	synchronized (this) {		synchronized (this) {
	Op op = getOpLocked(code, uid, packageName, attributionTag, pvr.isAttributionTagValid,		Op op = getOpLocked(code, proxiedUid, proxiedPackageName, attributionTag,
	pvr.bypass, /* edit */ true);		pvr.isAttributionTagValid, pvr.bypass, /* edit */ true);
	if (op == null) {		if (op == null) {
	Slog.e(TAG, "Operation not found: uid=" + uid + " pkg=" + packageName + "("		Slog.e(TAG, "Operation not found: uid=" + proxiedUid + " pkg=" + proxiedPackageName
			+ "("
	+ attributionTag + ") op=" + AppOpsManager.opToName(code));		+ attributionTag + ") op=" + AppOpsManager.opToName(code));
	return;		return;
	}		}
	@@ -4406,7 +4416,8 @@ public class AppOpsService extends IAppOpsService.Stub {
	getPersistentDeviceIdForOp(virtualDeviceId, code),		getPersistentDeviceIdForOp(virtualDeviceId, code),
	new ArrayMap<>()).get(attributionTag);		new ArrayMap<>()).get(attributionTag);
	if (attributedOp == null) {		if (attributedOp == null) {
	Slog.e(TAG, "Attribution not found: uid=" + uid + " pkg=" + packageName + "("		Slog.e(TAG, "Attribution not found: uid=" + proxiedUid
			+ " pkg=" + proxiedPackageName + "("
	+ attributionTag + ") op=" + AppOpsManager.opToName(code));		+ attributionTag + ") op=" + AppOpsManager.opToName(code));
	return;		return;
	}		}
	@@ -4414,7 +4425,8 @@ public class AppOpsService extends IAppOpsService.Stub {
	if (attributedOp.isRunning() \|\| attributedOp.isPaused()) {		if (attributedOp.isRunning() \|\| attributedOp.isPaused()) {
	attributedOp.finished(clientId);		attributedOp.finished(clientId);
	} else {		} else {
	Slog.e(TAG, "Operation not started: uid=" + uid + " pkg=" + packageName + "("		Slog.e(TAG, "Operation not started: uid=" + proxiedUid
			+ " pkg=" + proxiedPackageName + "("
	+ attributionTag + ") op=" + AppOpsManager.opToName(code));		+ attributionTag + ") op=" + AppOpsManager.opToName(code));
	}		}
	}		}
	@@ -4894,9 +4906,13 @@ public class AppOpsService extends IAppOpsService.Stub {
	@Nullable String attributionTag, int proxyUid, @Nullable String proxyPackageName,		@Nullable String attributionTag, int proxyUid, @Nullable String proxyPackageName,
	boolean suppressErrorLogs) {		boolean suppressErrorLogs) {
	if (uid == Process.ROOT_UID) {		if (uid == Process.ROOT_UID) {
	// For backwards compatibility, don't check package name for root UID.		// For backwards compatibility, don't check package name for root UID, unless someone
			// is claiming to be a proxy for root, which should never happen in normal usage.
			// We only allow bypassing the attribution tag verification if the proxy is a
			// system app (or is null), in order to prevent abusive apps clogging the appops
			// system with unlimited attribution tags via proxy calls.
	return new PackageVerificationResult(null,		return new PackageVerificationResult(null,
	/* isAttributionTagValid */ true);		/* isAttributionTagValid */ isPackageNullOrSystem(proxyPackageName, proxyUid));
	}		}
	if (Process.isSdkSandboxUid(uid)) {		if (Process.isSdkSandboxUid(uid)) {
	// SDK sandbox processes run in their own UID range, but their associated		// SDK sandbox processes run in their own UID range, but their associated
	@@ -4959,16 +4975,8 @@ public class AppOpsService extends IAppOpsService.Stub {
	// We only allow bypassing the attribution tag verification if the proxy is a		// We only allow bypassing the attribution tag verification if the proxy is a
	// system app (or is null), in order to prevent abusive apps clogging the appops		// system app (or is null), in order to prevent abusive apps clogging the appops
	// system with unlimited attribution tags via proxy calls.		// system with unlimited attribution tags via proxy calls.
	boolean proxyIsSystemAppOrNull = true;
	if (proxyPackageName != null) {
	int proxyAppId = UserHandle.getAppId(proxyUid);
	if (proxyAppId >= Process.FIRST_APPLICATION_UID) {
	proxyIsSystemAppOrNull =
	mPackageManagerInternal.isSystemPackage(proxyPackageName);
	}
	}
	return new PackageVerificationResult(RestrictionBypass.UNRESTRICTED,		return new PackageVerificationResult(RestrictionBypass.UNRESTRICTED,
	/* isAttributionTagValid */ proxyIsSystemAppOrNull);		/* isAttributionTagValid */ isPackageNullOrSystem(proxyPackageName, proxyUid));
	}		}

	int userId = UserHandle.getUserId(uid);		int userId = UserHandle.getUserId(uid);
	@@ -5033,6 +5041,17 @@ public class AppOpsService extends IAppOpsService.Stub {
	return new PackageVerificationResult(bypass, isAttributionTagValid);		return new PackageVerificationResult(bypass, isAttributionTagValid);
	}		}

			private boolean isPackageNullOrSystem(String packageName, int uid) {
			if (packageName == null) {
			return true;
			}
			int appId = UserHandle.getAppId(uid);
			if (appId > 0 && appId < Process.FIRST_APPLICATION_UID) {
			return true;
			}
			return mPackageManagerInternal.isSystemPackage(packageName);
			}

	private boolean isAttributionInPackage(@Nullable AndroidPackage pkg,		private boolean isAttributionInPackage(@Nullable AndroidPackage pkg,
	@Nullable String attributionTag) {		@Nullable String attributionTag) {
	if (pkg == null) {		if (pkg == null) {