Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d752ea5f authored by Mugdha Lakhani's avatar Mugdha Lakhani
Browse files

DO NOT MERGE Isolated processes must fail registering BRs. 

Broadcast Receivers should not be allowed to be registered by
isolated processes.

Bug: b/263358101
Test: atest SdkSandboxRestrictionsHostTest
Change-Id: I5bb2ee3ce8a447105a18851fdffa5a769cc3fe49
(cherry picked from commit 43b8a91b)
parent 2940697c

services/core/java/com/android/server/am/ActivityManagerService.java

+9 −4
Original line number Diff line number Diff line
@@ -13089,12 +13089,17 @@ public class ActivityManagerService extends IActivityManager.Stub 
    public Intent registerReceiverWithFeature(IApplicationThread caller, String callerPackage,

            String callerFeatureId, String receiverId, IIntentReceiver receiver,

            IntentFilter filter, String permission, int userId, int flags) {

        // Allow Sandbox process to register only unexported receivers.

        if ((flags & Context.RECEIVER_NOT_EXPORTED) != 0) {

        enforceNotIsolatedCaller("registerReceiver");

        } else if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()) {

            enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");













        // Allow Sandbox process to register only unexported receivers.













        boolean unexported = (flags & Context.RECEIVER_NOT_EXPORTED) != 0;













        if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()













                && Process.isSdkSandboxUid(Binder.getCallingUid())













                && !unexported) {













            throw new SecurityException("SDK sandbox process not allowed to call "













                + "registerReceiver");















        }



























        ArrayList<Intent> stickyIntents = null;















        ProcessRecord callerApp = null;















        final boolean visibleToInstantApps