Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f31443e2 authored by Eugene Susla's avatar Eugene Susla
Browse files

Guard CDM watch profile behind its permission

Bug: 165951651
Test: manual
Change-Id: If6aa1c2513bc2f3edf4fd9c83f2f1090a2907bed
parent 90768407
Loading
Loading
Loading
Loading
+4 −2
Original line number Original line Diff line number Diff line
@@ -64,10 +64,12 @@ public final class AssociationRequest implements Parcelable {
     * set up is a specific kind of device, and some extra permissions may be granted to the app
     * set up is a specific kind of device, and some extra permissions may be granted to the app
     * as a result.
     * as a result.
     *
     *
     * Using it requires declaring uses-permission
     * {@link android.Manifest.permission#REQUEST_COMPANION_PROFILE_WATCH} in the manifest.
     *
     * @see AssociationRequest.Builder#setDeviceProfile
     * @see AssociationRequest.Builder#setDeviceProfile
     */
     */
    public static final String DEVICE_PROFILE_WATCH =
    public static final String DEVICE_PROFILE_WATCH = "android.app.role.COMPANION_DEVICE_WATCH";
            "android.app.role.COMPANION_DEVICE_WATCH";


    /** @hide */
    /** @hide */
    @StringDef(value = { DEVICE_PROFILE_WATCH })
    @StringDef(value = { DEVICE_PROFILE_WATCH })
+17 −0
Original line number Original line Diff line number Diff line
@@ -38,6 +38,7 @@ import static com.android.internal.util.function.pooled.PooledLambda.obtainRunna
import static java.util.Objects.requireNonNull;
import static java.util.Objects.requireNonNull;
import static java.util.concurrent.TimeUnit.MINUTES;
import static java.util.concurrent.TimeUnit.MINUTES;


import android.Manifest;
import android.annotation.CheckResult;
import android.annotation.CheckResult;
import android.annotation.NonNull;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.Nullable;
@@ -409,6 +410,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
            checkCallerIsSystemOr(callingPackage);
            checkCallerIsSystemOr(callingPackage);
            int userId = getCallingUserId();
            int userId = getCallingUserId();
            checkUsesFeature(callingPackage, userId);
            checkUsesFeature(callingPackage, userId);
            checkProfilePermissions(request);


            mFindDeviceCallback = callback;
            mFindDeviceCallback = callback;
            mRequest = request;
            mRequest = request;
@@ -519,6 +521,21 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
            }
            }
        }
        }


        private void checkProfilePermissions(AssociationRequest request) {
            checkProfilePermission(request,
                    AssociationRequest.DEVICE_PROFILE_WATCH,
                    Manifest.permission.REQUEST_COMPANION_PROFILE_WATCH);
        }

        private void checkProfilePermission(
                AssociationRequest request, String profile, String permission) {
            if (profile.equals(request.getDeviceProfile())
                    && getContext().checkCallingOrSelfPermission(permission)
                            != PackageManager.PERMISSION_GRANTED) {
                throw new SecurityException("Using " + profile + " requires " + permission);
            }
        }

        @Override
        @Override
        public PendingIntent requestNotificationAccess(ComponentName component)
        public PendingIntent requestNotificationAccess(ComponentName component)
                throws RemoteException {
                throws RemoteException {