diff options
| author | Adnan Begovic <adnan@cyngn.com> | 2016-05-24 22:36:41 -0700 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-05-25 10:02:02 -0700 |
| commit | 2ca88f66521ac410d070b4fb82792a0512ba5044 (patch) | |
| tree | 0ef6b4c67fc483524b22da4a9b32b71bae0e323a /services/core | |
| parent | 955c97f89088cb93984721412d4c44a3638303a6 (diff) | |
| download | frameworks_base-2ca88f66521ac410d070b4fb82792a0512ba5044.zip frameworks_base-2ca88f66521ac410d070b4fb82792a0512ba5044.tar.gz frameworks_base-2ca88f66521ac410d070b4fb82792a0512ba5044.tar.bz2 | |
pm: Use sourcerecord if available for protected app validation.
A source record serves as a beneficial historical record to
see if an activity start has been redirected numerous times.
This fixes issues where applications that redirect implicitly
and are protected would constantly spam to be authed.
Change-Id: Ibeb9eae4279a0cdd65635392316eabb485adfa27
TICKET: PAELLA-216 FEIJ-160 FEIJ-177
Diffstat (limited to 'services/core')
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityStackSupervisor.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 7 |
2 files changed, 6 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java index 4cc5370..28ea006 100644 --- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java +++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java @@ -1879,11 +1879,12 @@ public final class ActivityStackSupervisor implements DisplayListener { //TODO: This needs to be a flushed out API in the future. boolean isProtected = intent.getComponent() != null && AppGlobals.getPackageManager() - .isComponentProtected(null, r.launchedFromUid, + .isComponentProtected(sourceRecord == null ? "android" : + sourceRecord.launchedFromPackage, r.launchedFromUid, intent.getComponent(), r.userId) && (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0; - if (isProtected) { + if (isProtected && r.state == INITIALIZING) { Message msg = mService.mHandler.obtainMessage( ActivityManagerService.POST_COMPONENT_PROTECTED_MSG); //Store start flags, userid diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index adb1be8..4597031 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -17307,10 +17307,9 @@ public class PackageManagerService extends IPackageManager.Stub { } } - if (callingPackage == null && (callingUid == Process.SYSTEM_UID - || fromProtectedComponentUid)) { - if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " + - "protected manager, allow"); + if (TextUtils.equals(callingPackage, "android") && callingUid == Process.SYSTEM_UID + || callingPackage == null && fromProtectedComponentUid) { + if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android or manager, allow"); return false; } |