Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b4296af9 authored by Michael Bestas's avatar Michael Bestas
Browse files

Merge tag 'android-11.0.0_r27' into staging/lineage-18.1_merge-android-11.0.0_r27 

Android 11.0.0 release 27

* tag 'android-11.0.0_r27':
  Ignore GrantCredentials call with unexpected calling uid.
  Protect GrantCredentialsPermissionActivity against overlay.
  Hide overlays over uninstall confirm dialog
  Revoke permission on non-runtime -> runtime upgrade
  Ensure permissions are revoked on state changes
  RESTRICT AUTOMERGE Fix CDM package check
  remove sensitive pii from safetynet logging
  DO NOT MERGE Check fingerprint client against top activity in auth callback
  Enforce permission checks in getting app exit reasons
  Fix the issue provider can be wrong when requesting slice permission

Change-Id: Idc5f8b203d29905b1e0864158095ebd3879e542c
parents b0d54ee8 513c3b5c

core/java/android/accounts/GrantCredentialsPermissionActivity.java

+31 −6
Original line number Diff line number Diff line
@@ -16,16 +16,23 @@ 
package android.accounts;



import android.app.Activity;

import android.content.res.Resources;

import android.os.Bundle;

import android.widget.TextView;

import android.widget.LinearLayout;

import android.view.View;

import android.view.LayoutInflater;

import android.app.ActivityTaskManager;

import android.content.Context;

import android.content.Intent;

import android.content.pm.PackageManager;

import android.content.res.Resources;

import android.os.Bundle;

import android.os.IBinder;

import android.os.Process;

import android.os.RemoteException;

import android.os.UserHandle;

import android.text.TextUtils;

import android.util.Log;

import android.view.LayoutInflater;

import android.view.View;

import android.widget.LinearLayout;

import android.widget.TextView;



import com.android.internal.R;



import java.io.IOException;
@@ -42,11 +49,15 @@ public class GrantCredentialsPermissionActivity extends Activity implements View 
    private Account mAccount;

    private String mAuthTokenType;

    private int mUid;

    private int mCallingUid;

    private Bundle mResultBundle = null;

    protected LayoutInflater mInflater;



    protected void onCreate(Bundle savedInstanceState) {

        super.onCreate(savedInstanceState);

        getWindow().addSystemFlags(

                android.view.WindowManager.LayoutParams

                        .SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);

        setContentView(R.layout.grant_credentials_permission);

        setTitle(R.string.grant_permissions_header_text);
@@ -74,6 +85,20 @@ public class GrantCredentialsPermissionActivity extends Activity implements View 
            return;

        }



        try {

            IBinder activityToken = getActivityToken();

            mCallingUid = ActivityTaskManager.getService().getLaunchedFromUid(activityToken);

        } catch (RemoteException re) {

            // Couldn't figure out caller details

            Log.w(getClass().getSimpleName(), "Unable to get caller identity \n" + re);

        }



        if (!UserHandle.isSameApp(mCallingUid, Process.SYSTEM_UID) && mCallingUid != mUid) {

            setResult(Activity.RESULT_CANCELED);

            finish();

            return;

        }



        String accountTypeLabel;

        try {

            accountTypeLabel = getAccountLabel(mAccount);

core/java/android/app/slice/SliceProvider.java

+1 −0
Original line number Diff line number Diff line
@@ -153,6 +153,7 @@ public abstract class SliceProvider extends ContentProvider { 
     */

    public static final String EXTRA_PKG = "pkg";

    /**

     * @Deprecated provider pkg is now being extracted in SlicePermissionActivity

     * @hide

     */

    public static final String EXTRA_PROVIDER_PKG = "provider_pkg";

packages/PackageInstaller/src/com/android/packageinstaller/UninstallerActivity.java

+3 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
package com.android.packageinstaller;



import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;



import static com.android.packageinstaller.PackageUtil.getMaxTargetSdkVersionForUid;
@@ -87,6 +88,8 @@ public class UninstallerActivity extends Activity { 


    @Override

    public void onCreate(Bundle icicle) {

        getWindow().addSystemFlags(SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);



        // Never restore any state, esp. never create any fragments. The data in the fragment might

        // be stale, if e.g. the app was uninstalled while the activity was destroyed.

        super.onCreate(null);

packages/SystemUI/src/com/android/systemui/SlicePermissionActivity.java

+28 −1
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ package com.android.systemui; 


import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;



import android.annotation.Nullable;

import android.app.Activity;

import android.app.AlertDialog;

import android.app.slice.SliceManager;
@@ -29,6 +30,7 @@ import android.content.pm.PackageManager.NameNotFoundException; 
import android.net.Uri;

import android.os.Bundle;

import android.text.BidiFormatter;

import android.util.EventLog;

import android.util.Log;

import android.widget.CheckBox;

import android.widget.TextView;
@@ -50,10 +52,12 @@ public class SlicePermissionActivity extends Activity implements OnClickListener 


        mUri = getIntent().getParcelableExtra(SliceProvider.EXTRA_BIND_URI);

        mCallingPkg = getIntent().getStringExtra(SliceProvider.EXTRA_PKG);

        mProviderPkg = getIntent().getStringExtra(SliceProvider.EXTRA_PROVIDER_PKG);



        try {

            PackageManager pm = getPackageManager();

            mProviderPkg = pm.resolveContentProvider(mUri.getAuthority(),

                    PackageManager.GET_META_DATA).applicationInfo.packageName;

            verifyCallingPkg();

            CharSequence app1 = BidiFormatter.getInstance().unicodeWrap(pm.getApplicationInfo(

                    mCallingPkg, 0).loadSafeLabel(pm, PackageItemInfo.DEFAULT_MAX_LABEL_SIZE_PX,

                    PackageItemInfo.SAFE_LABEL_FLAG_TRIM
@@ -97,4 +101,27 @@ public class SlicePermissionActivity extends Activity implements OnClickListener 
    public void onDismiss(DialogInterface dialog) {

        finish();

    }



    private void verifyCallingPkg() {

        final String providerPkg = getIntent().getStringExtra(SliceProvider.EXTRA_PROVIDER_PKG);

        if (providerPkg == null || mProviderPkg.equals(providerPkg)) return;

        final String callingPkg = getCallingPkg();

        EventLog.writeEvent(0x534e4554, "159145361", getUid(callingPkg));

    }



    @Nullable

    private String getCallingPkg() {

        final Uri referrer = getReferrer();

        if (referrer == null) return null;

        return referrer.getHost();

    }



    private int getUid(@Nullable final String pkg) {

        if (pkg == null) return -1;

        try {

            return getPackageManager().getApplicationInfo(pkg, 0).uid;

        } catch (NameNotFoundException e) {

        }

        return -1;

    }

}

services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java

+4 −1
Original line number Diff line number Diff line
@@ -372,7 +372,10 @@ public class CompanionDeviceManagerService extends SystemService implements Bind 


            checkArgument(getCallingUserId() == userId,

                    "Must be called by either same user or system");

            mAppOpsManager.checkPackage(Binder.getCallingUid(), pkg);

            int callingUid = Binder.getCallingUid();

            if (mAppOpsManager.checkPackage(callingUid, pkg) != AppOpsManager.MODE_ALLOWED) {

                throw new SecurityException(pkg + " doesn't belong to uid " + callingUid);

            }

        }



        @Override