diff options
| author | Scott Mertz <scott@cyngn.com> | 2016-08-04 15:17:01 -0700 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-08-05 09:53:48 -0700 |
| commit | a92b91d7966350ad37f5c60586e5ccb9abc696be (patch) | |
| tree | c33c24c61cfd3f90ac516ed142c1a0dbfc4513e6 | |
| parent | 66af012f8b1e8adb18132a669d2ed2e81d7bdf42 (diff) | |
| download | frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.zip frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.gz frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.bz2 | |
fw: enforce android.permission.PREVENT_SYSTEM_KEYS in system server
Since privateFlags can be accessed and modified via reflection
due to change 5d927c2d8e, the prevent system keys or prevent
power keys flag can be set and deployed without ever calling
setPrivateFlags directly.
Move enforcing to system server to prevent app tampering.
TICKET: CYAN-7921 (open source JIRA)
Found by Maciej Krysztofiak
Change-Id: I53c2804d0283692036f5cc95e6ad57821bc0655a
3 files changed, 8 insertions, 7 deletions
diff --git a/core/java/android/view/Window.java b/core/java/android/view/Window.java index 65577f0..50a926f 100644 --- a/core/java/android/view/Window.java +++ b/core/java/android/view/Window.java @@ -869,13 +869,6 @@ public abstract class Window { } private void setPrivateFlags(int flags, int mask) { - int preventFlags = WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_POWER_KEY | - WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_SYSTEM_KEYS; - - if ((flags & mask & preventFlags) != 0) { - mContext.enforceCallingOrSelfPermission("android.permission.PREVENT_SYSTEM_KEYS", - "No permission to prevent system key"); - } final WindowManager.LayoutParams attrs = getAttributes(); attrs.privateFlags = (attrs.privateFlags & ~mask) | (flags & mask); dispatchWindowAttributesChanged(attrs); diff --git a/services/core/java/com/android/server/policy/PhoneWindowManager.java b/services/core/java/com/android/server/policy/PhoneWindowManager.java index 755592f..8a29a30 100644 --- a/services/core/java/com/android/server/policy/PhoneWindowManager.java +++ b/services/core/java/com/android/server/policy/PhoneWindowManager.java @@ -2449,6 +2449,12 @@ public class PhoneWindowManager implements WindowManagerPolicy { attrs.subtreeSystemUiVisibility |= View.SYSTEM_UI_FLAG_LAYOUT_FULLSCREEN | View.SYSTEM_UI_FLAG_LAYOUT_HIDE_NAVIGATION; } + + if ((attrs.privateFlags & (WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_SYSTEM_KEYS | + WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_POWER_KEY)) != 0) { + mContext.enforceCallingOrSelfPermission(android.Manifest.permission.PREVENT_SYSTEM_KEYS, + "No permission to prevent system key"); + } } void readLidState() { diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index c519120..5c22d8b 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -3164,7 +3164,9 @@ public class WindowManagerService extends IWindowManager.Stub } if (attrs != null) { + Binder.restoreCallingIdentity(origId); mPolicy.adjustWindowParamsLw(attrs); + origId = Binder.clearCallingIdentity(); } // if they don't have the permission, mask out the status bar bits |