Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 35e3d0c1 authored by Alex Johnston's avatar Alex Johnston
Browse files

Add caller check to com.android.credentials.RESET 

* Only the Settings app can reset credentials
  via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
  callable by CertInstaller.

Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
  provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed

Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a9)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
parent 7aa03c48

src/com/android/settings/security/CredentialStorage.java

+14 −1
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ public final class CredentialStorage extends FragmentActivity { 
        final String action = intent.getAction();

        final UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);

        if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {

            if (ACTION_RESET.equals(action)) {

            if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {

                new ResetDialog();

            } else {

                if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
@@ -341,6 +341,19 @@ public final class CredentialStorage extends FragmentActivity { 
        }

    }



    /**

     * Check that the caller is Settings.

     */

    private boolean checkCallerIsSelf() {

        try {

            return Process.myUid() == android.app.ActivityManager.getService()

                    .getLaunchedFromUid(getActivityToken());

        } catch (RemoteException re) {

            // Error talking to ActivityManager, just give up

            return false;

        }

    }



    /**

     * Check that the caller is either certinstaller or Settings running in a profile of this user.

     */