Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd7a0149 authored by Rubin Xu's avatar Rubin Xu
Browse files

Add missing permission check in MountService 

Protect MountService.getPassword() with ACCESS_KEYGUARD_SECURE_STORAGE
permission. Protect finishMediaUpdate() which is only called by
PackageManagerService. Also fix a lock issue in MountService.

Bug: 19961359
Change-Id: I50ec806fb37724ef239ef83f4e33265133b51d0b
parent cca7893f

services/core/java/com/android/server/MountService.java

+7 −2
Original line number Original line Diff line number Diff line
@@ -1714,6 +1714,9 @@ class MountService extends IMountService.Stub 




    @Override

    @Override

    public void finishMediaUpdate() {

    public void finishMediaUpdate() {

        if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) {

            throw new SecurityException("no permission to call finishMediaUpdate()");

        }

        if (mUnmountSignal != null) {

        if (mUnmountSignal != null) {

            mUnmountSignal.countDown();

            mUnmountSignal.countDown();

        } else {

        } else {
@@ -1747,7 +1750,7 @@ class MountService extends IMountService.Stub 
        warnOnNotMounted();

        warnOnNotMounted();





        final ObbState state;

        final ObbState state;

        synchronized (mObbPathToStateMap) {

        synchronized (mObbMounts) {

            state = mObbPathToStateMap.get(rawPath);

            state = mObbPathToStateMap.get(rawPath);

        }

        }

        if (state == null) {

        if (state == null) {
@@ -1799,7 +1802,7 @@ class MountService extends IMountService.Stub 
        Preconditions.checkNotNull(rawPath, "rawPath cannot be null");

        Preconditions.checkNotNull(rawPath, "rawPath cannot be null");





        final ObbState existingState;

        final ObbState existingState;

        synchronized (mObbPathToStateMap) {

        synchronized (mObbMounts) {

            existingState = mObbPathToStateMap.get(rawPath);

            existingState = mObbPathToStateMap.get(rawPath);

        }

        }
@@ -2049,6 +2052,8 @@ class MountService extends IMountService.Stub 




    @Override

    @Override

    public String getPassword() throws RemoteException {

    public String getPassword() throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE,

                "only keyguard can retrieve password");

        if (!isReady()) {

        if (!isReady()) {

            return new String();

            return new String();

        }

        }