Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f28bec41 authored by Mårten Kongstad's avatar Mårten Kongstad Committed by Todd Kennedy
Browse files

OMS: harden permission checks 

The IOverlayManager.aidl interface is protected by certain permissions.
The overlay manager implements the permission checks by calling
enforceCallingOrSelfPermission, but this method needlessly includes the
permissions of system_server in the check.

Harden the permission checks by switching from
enforceCallingOrSelfPermission to enforceCallingPermission.

Bug: 78809702
Test: atest OverlayHostTests OverlayDeviceTests
Change-Id: I5851dd1683adf644ea8e5a58dce4d7377664342e
parent 3e933112

services/core/java/com/android/server/om/OverlayManagerService.java

+2 −3
Original line number Diff line number Diff line
@@ -680,7 +680,7 @@ public final class OverlayManagerService extends SystemService { 
         * @throws SecurityException if the permission check fails

         */

        private void enforceChangeOverlayPackagesPermission(@NonNull final String message) {

            getContext().enforceCallingOrSelfPermission(

            getContext().enforceCallingPermission(

                    android.Manifest.permission.CHANGE_OVERLAY_PACKAGES, message);

        }
@@ -691,8 +691,7 @@ public final class OverlayManagerService extends SystemService { 
         * @throws SecurityException if the permission check fails

         */

        private void enforceDumpPermission(@NonNull final String message) {

            getContext().enforceCallingOrSelfPermission(android.Manifest.permission.DUMP,

                    message);

            getContext().enforceCallingPermission(android.Manifest.permission.DUMP, message);

        }

    };