Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca643c5c authored by Soonil Nagarkar's avatar Soonil Nagarkar
Browse files

DO NOT MERGE Add permission checks before delivery 

PendingIntent.send() only checks permissions for broadcast intents, and
not for activity/service intents. In order to ensure permissions are
checked for all types of intents, we need to add permission checks
earlier in the process.

Bug: 161456367
Test: presubmits + manual
Change-Id: Ib56a382f4a2a8d25aa23a8230e0b82edf024a6fd
parent ccb263c9

services/core/java/com/android/server/location/AppOpsHelper.java

+30 −2
Original line number Diff line number Diff line
@@ -18,7 +18,9 @@ package com.android.server.location; 


import static android.app.AppOpsManager.OP_MONITOR_HIGH_POWER_LOCATION;

import static android.app.AppOpsManager.OP_MONITOR_LOCATION;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;



import static com.android.server.location.CallerIdentity.PERMISSION_NONE;

import static com.android.server.location.LocationManagerService.D;

import static com.android.server.location.LocationManagerService.TAG;
@@ -122,8 +124,18 @@ public class AppOpsHelper { 
            Preconditions.checkState(mAppOps != null);

        }



        if (callerIdentity.permissionLevel == PERMISSION_NONE) {

            return false;

        }



        long identity = Binder.clearCallingIdentity();

        try {

            if (mContext.checkPermission(

                    CallerIdentity.asPermission(callerIdentity.permissionLevel), callerIdentity.pid,

                    callerIdentity.uid) != PERMISSION_GRANTED) {

                return false;

            }



            return mAppOps.checkOpNoThrow(

                    CallerIdentity.asAppOp(callerIdentity.permissionLevel),

                    callerIdentity.uid,
@@ -138,8 +150,24 @@ public class AppOpsHelper { 
     * called right before a location is delivered, and if it returns false, the location should not

     * be delivered.

     */

    public boolean noteLocationAccess(CallerIdentity identity) {

        return noteOpNoThrow(CallerIdentity.asAppOp(identity.permissionLevel), identity);

    public boolean noteLocationAccess(CallerIdentity callerIdentity) {

        if (callerIdentity.permissionLevel == PERMISSION_NONE) {

            return false;

        }



        long identity = Binder.clearCallingIdentity();

        try {

            if (mContext.checkPermission(

                    CallerIdentity.asPermission(callerIdentity.permissionLevel), callerIdentity.pid,

                    callerIdentity.uid) != PERMISSION_GRANTED) {

                return false;

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }



        return noteOpNoThrow(CallerIdentity.asAppOp(callerIdentity.permissionLevel),

                callerIdentity);

    }



    /**