Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7583ae4 authored by Adnan Begovic's avatar Adnan Begovic Committed by Gerrit Code Review
Browse files

am: Handle unchecked activity starts for protected components. 

  Previously if you received a notification from a protected app,
  since AM would state that the calling package was also the target
  package, the protected apps implementation would allow you to
  launch into the application. Mitigate this by hooking into
  the unchecked activity start stack (pending intent launches)
  globally.

Change-Id: I0371593ade9e4af2554962873d89a0f82a639b57
TICKET: PAELLA-216 FEIJ-160 FEIJ-177
parent 2da425ef

core/java/android/app/ApplicationPackageManager.java

+4 −2
Original line number Diff line number Diff line
@@ -2048,9 +2048,11 @@ final class ApplicationPackageManager extends PackageManager { 


    /** @hide */

    @Override

    public boolean isComponentProtected(String callingPackage, ComponentName componentName) {

    public boolean isComponentProtected(String callingPackage, int callingUid,

            ComponentName componentName) {

        try {

            return mPM.isComponentProtected(callingPackage, componentName, mContext.getUserId());

            return mPM.isComponentProtected(callingPackage, callingUid, componentName,

                    mContext.getUserId());

        } catch (RemoteException re) {

            Log.e(TAG, "Failed to get component protected setting", re);

            return false;

core/java/android/content/pm/IPackageManager.aidl

+2 −2
Original line number Diff line number Diff line
@@ -521,6 +521,6 @@ interface IPackageManager { 
    int processThemeResources(String themePkgName);



    /** Protected Apps */

    boolean isComponentProtected(in String callingPackage, in ComponentName componentName,

            int userId);

    boolean isComponentProtected(in String callingPackage, in int callingUid,

    in ComponentName componentName, int userId);

}

core/java/android/content/pm/PackageManager.java

+1 −1
Original line number Diff line number Diff line
@@ -4564,7 +4564,7 @@ public abstract class PackageManager { 
     * Return whether or not a specific component is protected

     * @hide

     */

    public abstract boolean isComponentProtected(String callingPackage,

    public abstract boolean isComponentProtected(String callingPackage, int callingUid,

            ComponentName componentName);



    /**

services/core/java/com/android/server/am/ActivityStackSupervisor.java

+25 −1
Original line number Diff line number Diff line
@@ -961,7 +961,8 @@ public final class ActivityStackSupervisor implements DisplayListener { 
                //TODO: This needs to be a flushed out API in the future.

                boolean isProtected = intent.getComponent() != null

                        && AppGlobals.getPackageManager()

                        .isComponentProtected(callingPackage, intent.getComponent(), userId) &&

                        .isComponentProtected(callingPackage, callingUid,

                                intent.getComponent(), userId) &&

                        (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;



                if (isProtected) {
@@ -977,6 +978,7 @@ public final class ActivityStackSupervisor implements DisplayListener { 
            } catch (RemoteException e) {

                e.printStackTrace();

            }



            final int realCallingPid = Binder.getCallingPid();

            final int realCallingUid = Binder.getCallingUid();

            int callingPid;
@@ -1873,6 +1875,28 @@ public final class ActivityStackSupervisor implements DisplayListener { 
            inTask = null;

        }



        try {

            //TODO: This needs to be a flushed out API in the future.

            boolean isProtected = intent.getComponent() != null

                    && AppGlobals.getPackageManager()

                    .isComponentProtected(null, r.launchedFromUid,

                            intent.getComponent(), r.userId) &&

                    (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;



            if (isProtected) {

                Message msg = mService.mHandler.obtainMessage(

                        ActivityManagerService.POST_COMPONENT_PROTECTED_MSG);

                //Store start flags, userid

                intent.setFlags(startFlags);

                intent.putExtra("com.android.settings.PROTECTED_APPS_USER_ID", r.userId);

                msg.obj = intent;

                mService.mHandler.sendMessage(msg);

                return ActivityManager.START_NOT_CURRENT_USER_ACTIVITY;

            }

        } catch (RemoteException e) {

            e.printStackTrace();

        }



        final boolean launchSingleTop = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TOP;

        final boolean launchSingleInstance = r.launchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE;

        final boolean launchSingleTask = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TASK;

services/core/java/com/android/server/pm/PackageManagerService.java

+21 −3
Original line number Diff line number Diff line
@@ -17265,10 +17265,12 @@ public class PackageManagerService extends IPackageManager.Stub { 
    }















    @Override













    public boolean isComponentProtected(String callingPackage,













    public boolean isComponentProtected(String callingPackage, int callingUid,















            ComponentName componentName, int userId) {















        if (DEBUG_PROTECTED) Log.d(TAG, "Checking if component is protected "













                + componentName.flattenToShortString() + " from calling package " + callingPackage);













                + componentName.flattenToShortString() + " from calling package " + callingPackage













                + " and callinguid " + callingUid);



























        enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "set protected");





























        //Allow managers full access









@@ -17289,8 +17291,24 @@ public class PackageManagerService extends IPackageManager.Stub {













            return false;















        }



























        //If this component is launched from a validation component, allow it.















        if (TextUtils.equals(PROTECTED_APPS_TARGET_VALIDATION_COMPONENT,













                componentName.flattenToString())) {













                componentName.flattenToString()) && callingUid == Process.SYSTEM_UID) {













            return false;













        }

























        //If this component is launched from the system or a uid of a protected component, allow it.













        boolean fromProtectedComponentUid = false;













        for (String protectedComponentManager : protectedComponentManagers) {













            if (callingUid == getPackageUid(protectedComponentManager, userId)) {













                fromProtectedComponentUid = true;













            }













        }

























        if (callingPackage == null && (callingUid == Process.SYSTEM_UID













                || fromProtectedComponentUid)) {













            if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " +













                    "protected manager, allow");















            return false;















        }