Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f3e6c940 authored by MingWei's avatar MingWei
Browse files

Disallow cross profile function calling 

Flag: android.permission.flags.app_function_access_service_enabled
Test: atest AppFunctionManagerTest
Bug: 418710194
Change-Id: I82bad0e9922a4784a64dc7de61110630445c5337
parent b70de570

services/appfunctions/java/com/android/server/appfunctions/CallerValidatorImpl.java

+33 −2
Original line number Original line Diff line number Diff line
@@ -27,6 +27,7 @@ import android.content.pm.PackageManager; 
import android.os.Binder;

import android.os.Binder;

import android.os.Process;

import android.os.Process;

import android.os.UserHandle;

import android.os.UserHandle;

import android.permission.flags.Flags;





import com.android.internal.infra.AndroidFuture;

import com.android.internal.infra.AndroidFuture;
@@ -63,8 +64,12 @@ class CallerValidatorImpl implements CallerValidator { 
        int callingUid = Binder.getCallingUid();

        int callingUid = Binder.getCallingUid();

        final long callingIdentityToken = Binder.clearCallingIdentity();

        final long callingIdentityToken = Binder.clearCallingIdentity();

        try {

        try {

            if (Flags.appFunctionAccessServiceEnabled()) {

                return handleIncomingUserCrossUserNotAllowed(targetUserHandle, callingUid);

            } else {

                return handleIncomingUser(

                return handleIncomingUser(

                        claimedCallingPackage, targetUserHandle, callingPid, callingUid);

                        claimedCallingPackage, targetUserHandle, callingPid, callingUid);

            }

        } finally {

        } finally {

            Binder.restoreCallingIdentity(callingIdentityToken);

            Binder.restoreCallingIdentity(callingIdentityToken);

        }

        }
@@ -162,6 +167,32 @@ class CallerValidatorImpl implements CallerValidator { 
                        + Manifest.permission.INTERACT_ACROSS_USERS_FULL);

                        + Manifest.permission.INTERACT_ACROSS_USERS_FULL);

    }

    }





    /**

     * Helper for dealing with incoming user arguments to system service calls.

     *

     * <p>Takes care of if interaction is cross user, this method will simply throw.

     *

     * @param targetUserHandle The user which the caller is requesting to execute as.

     * @param callingUid The actual uid of the caller as determined by Binder.

     * @return the user handle that the call should run as. Will always be a concrete user.

     * @throws SecurityException if caller trying to interact across user.

     */

    @NonNull

    private UserHandle handleIncomingUserCrossUserNotAllowed(

            @NonNull UserHandle targetUserHandle, int callingUid) {

        UserHandle callingUserHandle = UserHandle.getUserHandleForUid(callingUid);

        if (callingUserHandle.equals(targetUserHandle)) {

            return targetUserHandle;

        }



        throw new SecurityException(

                "Permission denied while calling from uid "

                        + callingUid

                        + " with "

                        + targetUserHandle

                        + "; Cross user interaction is not allowed");

    }



    /**

    /**

     * Checks that the caller's supposed package name matches the uid making the call.

     * Checks that the caller's supposed package name matches the uid making the call.

     *

     *