summaryrefslogtreecommitdiffstats
path: root/services/core/java/com/android/server/am
diff options
context:
space:
mode:
authorRoman Birg <roman@cyngn.com>2016-07-19 12:37:33 -0700
committerGerrit Code Review <gerrit@cyanogenmod.org>2016-07-21 14:51:54 -0700
commitd8d4e7c567872fa4596c2f63c85092a90b36a6b3 (patch)
treeb3a78edc26abf41f5e559a3d4f8cbf5e4117776c /services/core/java/com/android/server/am
parent1c93b57a38aabff28a46eacd56d46bae4c803352 (diff)
downloadframeworks_base-d8d4e7c567872fa4596c2f63c85092a90b36a6b3.zip
frameworks_base-d8d4e7c567872fa4596c2f63c85092a90b36a6b3.tar.gz
frameworks_base-d8d4e7c567872fa4596c2f63c85092a90b36a6b3.tar.bz2
PackageManager: make protected-broadcasts permission aware
This extends the <protected-broadcast> mechanism to allow protecting actions based on a permission for system apps. For instance: <protected-broadcast android:name="ACTION_A" android:permission="PERMISSION_X" /> will restrict intents with action "ACTION_A" to be only sent with apps holding the "PERMISSION_X" permission. Note that system UIDs will bypass the permission check and always be allowed, just like the normal protected-broadcast mechanism. You must still be a system application to delcare a protected broadcast. Change-Id: Id25cffd233d400800dcb5249c5f487134e1b4152 Signed-off-by: Roman Birg <roman@cyngn.com>
Diffstat (limited to 'services/core/java/com/android/server/am')
-rwxr-xr-xservices/core/java/com/android/server/am/ActivityManagerService.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 6d9ed28..17d8d47 100755
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -16962,7 +16962,8 @@ public final class ActivityManagerService extends ActivityManagerNative
} else if (callerApp == null || !callerApp.persistent) {
try {
if (AppGlobals.getPackageManager().isProtectedBroadcast(
- intent.getAction())) {
+ intent.getAction()) && !AppGlobals.getPackageManager()
+ .isProtectedBroadcastAllowed(intent.getAction(), callingUid)) {
String msg = "Permission Denial: not allowed to send broadcast "
+ intent.getAction() + " from pid="
+ callingPid + ", uid=" + callingUid;