am: Handle unchecked activity starts for protected components.

  Previously if you received a notification from a protected app,
  since AM would state that the calling package was also the target
  package, the protected apps implementation would allow you to
  launch into the application. Mitigate this by hooking into
  the unchecked activity start stack (pending intent launches)
  globally.

Change-Id: I0371593ade9e4af2554962873d89a0f82a639b57
TICKET: PAELLA-216 FEIJ-160 FEIJ-177

2 files changed, 46 insertions, 4 deletions

diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 48ac172..4cc5370 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -961,7 +961,8 @@ public final class ActivityStackSupervisor implements DisplayListener {
                 //TODO: This needs to be a flushed out API in the future.
                 boolean isProtected = intent.getComponent() != null
                         && AppGlobals.getPackageManager()
-                        .isComponentProtected(callingPackage, intent.getComponent(), userId) &&
+                        .isComponentProtected(callingPackage, callingUid,
+                                intent.getComponent(), userId) &&
                         (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;
 
                 if (isProtected) {
@@ -977,6 +978,7 @@ public final class ActivityStackSupervisor implements DisplayListener {
             } catch (RemoteException e) {
                 e.printStackTrace();
             }
+
             final int realCallingPid = Binder.getCallingPid();
             final int realCallingUid = Binder.getCallingUid();
             int callingPid;
@@ -1873,6 +1875,28 @@ public final class ActivityStackSupervisor implements DisplayListener {
             inTask = null;
         }
 
+        try {
+            //TODO: This needs to be a flushed out API in the future.
+            boolean isProtected = intent.getComponent() != null
+                    && AppGlobals.getPackageManager()
+                    .isComponentProtected(null, r.launchedFromUid,
+                            intent.getComponent(), r.userId) &&
+                    (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;
+
+            if (isProtected) {
+                Message msg = mService.mHandler.obtainMessage(
+                        ActivityManagerService.POST_COMPONENT_PROTECTED_MSG);
+                //Store start flags, userid
+                intent.setFlags(startFlags);
+                intent.putExtra("com.android.settings.PROTECTED_APPS_USER_ID", r.userId);
+                msg.obj = intent;
+                mService.mHandler.sendMessage(msg);
+                return ActivityManager.START_NOT_CURRENT_USER_ACTIVITY;
+            }
+        } catch (RemoteException e) {
+            e.printStackTrace();
+        }
+
         final boolean launchSingleTop = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TOP;
         final boolean launchSingleInstance = r.launchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE;
         final boolean launchSingleTask = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TASK;
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 0e174c3..e1f94ce 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -17265,10 +17265,12 @@ public class PackageManagerService extends IPackageManager.Stub {
     }
 
     @Override
-    public boolean isComponentProtected(String callingPackage,
+    public boolean isComponentProtected(String callingPackage, int callingUid,
             ComponentName componentName, int userId) {
         if (DEBUG_PROTECTED) Log.d(TAG, "Checking if component is protected "
-                + componentName.flattenToShortString() + " from calling package " + callingPackage);
+                + componentName.flattenToShortString() + " from calling package " + callingPackage
+                + " and callinguid " + callingUid);
+
         enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "set protected");
 
         //Allow managers full access
@@ -17289,8 +17291,24 @@ public class PackageManagerService extends IPackageManager.Stub {
             return false;
         }
 
+        //If this component is launched from a validation component, allow it.
         if (TextUtils.equals(PROTECTED_APPS_TARGET_VALIDATION_COMPONENT,
-                componentName.flattenToString())) {
+                componentName.flattenToString()) && callingUid == Process.SYSTEM_UID) {
+            return false;
+        }
+
+        //If this component is launched from the system or a uid of a protected component, allow it.
+        boolean fromProtectedComponentUid = false;
+        for (String protectedComponentManager : protectedComponentManagers) {
+            if (callingUid == getPackageUid(protectedComponentManager, userId)) {
+                fromProtectedComponentUid = true;
+            }
+        }
+
+        if (callingPackage == null && (callingUid == Process.SYSTEM_UID
+                || fromProtectedComponentUid)) {
+            if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " +
+                    "protected manager, allow");
             return false;
         }