Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d7c5ca76 authored by Sudheer Shanka's avatar Sudheer Shanka Committed by Android (Google) Code Review
Browse files

Merge "Enforce permission checks for recordBroadcastResponseStats API."

parents 0cd1d1d4 be39abaa

services/core/java/com/android/server/am/ActivityManagerService.java

+25 −3
Original line number Diff line number Diff line
@@ -2901,16 +2901,31 @@ public class ActivityManagerService extends IActivityManager.Stub 
        mActivityTaskManager.setPackageScreenCompatMode(packageName, mode);

    }













    private boolean hasUsageStatsPermission(String callingPackage) {













    private boolean hasUsageStatsPermission(String callingPackage, int callingUid, int callingPid) {















        final int mode = mAppOpsService.noteOperation(AppOpsManager.OP_GET_USAGE_STATS,













                Binder.getCallingUid(), callingPackage, null, false, "", false).getOpMode();













                callingUid, callingPackage, null, false, "", false).getOpMode();















        if (mode == AppOpsManager.MODE_DEFAULT) {













            return checkCallingPermission(Manifest.permission.PACKAGE_USAGE_STATS)













            return checkPermission(Manifest.permission.PACKAGE_USAGE_STATS, callingPid, callingUid)















                    == PackageManager.PERMISSION_GRANTED;















        }















        return mode == AppOpsManager.MODE_ALLOWED;















    }



























    private boolean hasUsageStatsPermission(String callingPackage) {













        return hasUsageStatsPermission(callingPackage,













                Binder.getCallingUid(), Binder.getCallingPid());













    }

























    private void enforceUsageStatsPermission(String callingPackage,













            int callingUid, int callingPid, String operation) {













        if (!hasUsageStatsPermission(callingPackage, callingUid, callingPid)) {













            final String errorMsg = "Permission denial for <" + operation + "> from pid="













                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()













                    + " which requires PACKAGE_USAGE_STATS permission";













            throw new SecurityException(errorMsg);













        }













    }



























    @Override















    public int getPackageProcessState(String packageName, String callingPackage) {















        if (!hasUsageStatsPermission(callingPackage)) {










@@ -13349,6 +13364,13 @@ public class ActivityManagerService extends IActivityManager.Stub













                    backgroundActivityStartsToken = null;















                }















            }

























            // TODO (206518114): We need to use the "real" package name which sent the broadcast,













            // in case the broadcast is sent via PendingIntent.













            if (brOptions.getIdForResponseEvent() > 0) {













                enforceUsageStatsPermission(callerPackage, realCallingUid, realCallingPid,













                        "recordResponseEventWhileInBackground()");













            }















        }





























        // Verify that protected broadcasts are only being sent by system code,