Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f203aeef authored by Amith Yamasani's avatar Amith Yamasani
Browse files

Enforce permissions for calls with specified userId 

Fix a couple of places where incorrect userIds were being passed in.

Change-Id: I398c676e0488ff7e584be96e96c8b32652134238
parent b2dd4e87

core/java/android/app/ApplicationPackageManager.java

+10 −2
Original line number Diff line number Diff line
@@ -502,19 +502,27 @@ final class ApplicationPackageManager extends PackageManager { 
        }

    }



    /**

     * @hide

     */

    @Override

    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags) {

    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags, int userId) {

        try {

            return mPM.queryIntentReceivers(

                intent,

                intent.resolveTypeIfNeeded(mContext.getContentResolver()),

                flags,

                UserHandle.myUserId());

                userId);

        } catch (RemoteException e) {

            throw new RuntimeException("Package manager has died", e);

        }

    }



    @Override

    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags) {

        return queryBroadcastReceivers(intent, flags, UserHandle.myUserId());

    }



    @Override

    public ResolveInfo resolveService(Intent intent, int flags) {

        try {

core/java/android/content/pm/PackageManager.java

+20 −0
Original line number Diff line number Diff line
@@ -1795,6 +1795,26 @@ public abstract class PackageManager { 
    public abstract List<ResolveInfo> queryBroadcastReceivers(Intent intent,

            int flags);



    /**

     * Retrieve all receivers that can handle a broadcast of the given intent, for a specific

     * user.

     *

     * @param intent The desired intent as per resolveActivity().

     * @param flags Additional option flags.

     * @param userId The userId of the user being queried.

     *

     * @return A List&lt;ResolveInfo&gt; containing one entry for each matching

     *         Receiver. These are ordered from first to last in priority.  If

     *         there are no matching receivers, an empty list is returned.

     *

     * @see #MATCH_DEFAULT_ONLY

     * @see #GET_INTENT_FILTERS

     * @see #GET_RESOLVED_FILTER

     * @hide

     */

    public abstract List<ResolveInfo> queryBroadcastReceivers(Intent intent,

            int flags, int userId);



    /**

     * Determine the best service to handle for a given Intent.

     *

core/java/android/server/search/Searchables.java

+42 −40
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ import android.content.pm.ApplicationInfo; 
import android.content.pm.IPackageManager;

import android.content.pm.PackageManager;

import android.content.pm.ResolveInfo;

import android.os.Binder;

import android.os.Bundle;

import android.os.RemoteException;

import android.provider.Settings;
@@ -70,7 +71,7 @@ public class Searchables { 
            "com.google.android.providers.enhancedgooglesearch/.Launcher";



    // Cache the package manager instance

    private IPackageManager mPm;

    final private IPackageManager mPm;

    // User for which this Searchables caches information

    private int mUserId;
@@ -81,6 +82,7 @@ public class Searchables { 
    public Searchables (Context context, int userId) {

        mContext = context;

        mUserId = userId;

        mPm = AppGlobals.getPackageManager();

    }



    /**
@@ -125,8 +127,11 @@ public class Searchables { 


        ActivityInfo ai = null;

        try {

            ai = mContext.getPackageManager().

                       getActivityInfo(activity, PackageManager.GET_META_DATA );

            ai = mPm.getActivityInfo(activity, PackageManager.GET_META_DATA, mUserId);

        } catch (RemoteException re) {

            Log.e(LOG_TAG, "Error getting activity info " + re);

            return null;

        }

        String refActivityName = null;



        // First look for activity-specific reference
@@ -167,9 +172,6 @@ public class Searchables { 
                }

            }

        }

        } catch (PackageManager.NameNotFoundException e) {

            // case 3: no metadata

        }



        // Step 3.  None found. Return null.

        return null;
@@ -208,6 +210,7 @@ public class Searchables { 
        // Use intent resolver to generate list of ACTION_SEARCH & ACTION_WEB_SEARCH receivers.

        List<ResolveInfo> searchList;

        final Intent intent = new Intent(Intent.ACTION_SEARCH);

        

        searchList = queryIntentActivities(intent, PackageManager.GET_META_DATA);



        List<ResolveInfo> webSearchInfoList;
@@ -219,6 +222,7 @@ public class Searchables { 
            int search_count = (searchList == null ? 0 : searchList.size());

            int web_search_count = (webSearchInfoList == null ? 0 : webSearchInfoList.size());

            int count = search_count + web_search_count;

            long token = Binder.clearCallingIdentity();

            for (int ii = 0; ii < count; ii++) {

                // for each component, try to find metadata

                ResolveInfo info = (ii < search_count)
@@ -237,6 +241,7 @@ public class Searchables { 
                    }

                }

            }

            Binder.restoreCallingIdentity(token);

        }



        List<ResolveInfo> newGlobalSearchActivities = findGlobalSearchActivities();
@@ -391,9 +396,6 @@ public class Searchables { 
    }



    private List<ResolveInfo> queryIntentActivities(Intent intent, int flags) {

        if (mPm == null) {

            mPm = AppGlobals.getPackageManager();

        }

        List<ResolveInfo> activities = null;

        try {

            activities =

services/java/com/android/server/AppWidgetServiceImpl.java

+5 −4
Original line number Diff line number Diff line
@@ -1514,11 +1514,12 @@ class AppWidgetServiceImpl { 
                        String pkg = parser.getAttributeValue(null, "pkg");

                        String cl = parser.getAttributeValue(null, "cl");



                        final PackageManager packageManager = mContext.getPackageManager();

                        final IPackageManager packageManager = AppGlobals.getPackageManager();

                        try {

                            packageManager.getReceiverInfo(new ComponentName(pkg, cl), 0);

                        } catch (PackageManager.NameNotFoundException e) {

                            String[] pkgs = packageManager

                            packageManager.getReceiverInfo(new ComponentName(pkg, cl), 0,

                                    UserHandle.getCallingUserId());

                        } catch (RemoteException e) {

                            String[] pkgs = mContext.getPackageManager()

                                    .currentToCanonicalPackageNames(new String[] { pkg });

                            pkg = pkgs[0];

                        }

services/java/com/android/server/NotificationManagerService.java

+5 −4
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import static org.xmlpull.v1.XmlPullParser.END_TAG; 
import static org.xmlpull.v1.XmlPullParser.START_TAG;



import android.app.ActivityManagerNative;

import android.app.AppGlobals;

import android.app.IActivityManager;

import android.app.INotificationManager;

import android.app.ITransientNotification;
@@ -1313,14 +1314,14 @@ public class NotificationManagerService extends INotificationManager.Stub 
            return;

        }

        try {

            ApplicationInfo ai = mContext.getPackageManager().getApplicationInfo(

                    pkg, 0);

            ApplicationInfo ai = AppGlobals.getPackageManager().getApplicationInfo(

                    pkg, 0, UserHandle.getCallingUserId());

            if (!UserHandle.isSameApp(ai.uid, uid)) {

                throw new SecurityException("Calling uid " + uid + " gave package"

                        + pkg + " which is owned by uid " + ai.uid);

            }

        } catch (PackageManager.NameNotFoundException e) {

            throw new SecurityException("Unknown package " + pkg);

        } catch (RemoteException re) {

            throw new SecurityException("Unknown package " + pkg + "\n" + re);

        }

    }