summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy/java
diff options
context:
space:
mode:
authorBenjamin Franz <bfranz@google.com>2015-01-14 18:22:42 +0000
committerBenjamin Franz <bfranz@google.com>2015-01-22 16:16:16 +0000
commitfadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c (patch)
tree7a5d4e5a1f8185d6e4ba159b7858704b96d779cf /services/devicepolicy/java
parent1a6dd2985ef1eab036f6fc77cf723e3f12832e93 (diff)
downloadframeworks_base-fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c.zip
frameworks_base-fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c.tar.gz
frameworks_base-fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c.tar.bz2
Avoid SecurityException when calling getUserData
Currently we risk getting a SecurityException in a number of places, where getUserData is called for a different user than the calling user. To avoid this, the caller is cleared in a helper function. Bug: 18662452 Change-Id: Ibc131c602e52d9f013fe739a9c18e693181ded67
Diffstat (limited to 'services/devicepolicy/java')
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java63
1 files changed, 42 insertions, 21 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 579fae4..6d6ac1e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -989,6 +989,25 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
+ /**
+ * Creates and loads the policy data from xml for data that is shared between
+ * various profiles of a user. In contrast to {@link #getUserData(int)}
+ * it allows access to data of users other than the calling user.
+ *
+ * This function should only be used for shared data, e.g. everything regarding
+ * passwords and should be removed once multiple screen locks are present.
+ * @param userHandle the user for whom to load the policy data
+ * @return
+ */
+ DevicePolicyData getUserDataUnchecked(int userHandle) {
+ long ident = Binder.clearCallingIdentity();
+ try {
+ return getUserData(userHandle);
+ } finally {
+ Binder.restoreCallingIdentity(ident);
+ }
+ }
+
void removeUserData(int userHandle) {
synchronized (this) {
if (userHandle == UserHandle.USER_OWNER) {
@@ -1927,7 +1946,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -1974,7 +1993,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2021,7 +2040,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2082,7 +2101,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2180,7 +2199,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2237,7 +2256,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2281,7 +2300,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2328,7 +2347,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2375,7 +2394,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2422,7 +2441,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2469,7 +2488,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -2494,8 +2513,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// If the user this is called from is part of a profile group, that is the parent
// of the group.
UserInfo parent = getProfileParent(userHandle);
- int id = parent == null ? userHandle : parent.id;
- DevicePolicyData policy = getUserData(id);
+ int id = (parent == null) ? userHandle : parent.id;
+ DevicePolicyData policy = getUserDataUnchecked(id);
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
@@ -2525,7 +2544,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
// The active password is stored in the parent.
- DevicePolicyData policy = getUserData(getProfileParent(userHandle).id);
+ UserInfo parent = getProfileParent(userHandle);
+ int id = (parent == null) ? userHandle : parent.id;
+ DevicePolicyData policy = getUserDataUnchecked(id);
return policy.mFailedPasswordAttempts;
}
@@ -2588,7 +2609,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
int count = 0;
ActiveAdmin strictestAdmin = null;
for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
for (ActiveAdmin admin : policy.mAdminList) {
if (admin.maximumFailedPasswordsForWipe ==
ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
@@ -2801,7 +2822,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// Return strictest policy for this user and profiles that are visible from this user.
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
@@ -3123,7 +3144,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<UserInfo> profiles = mUserManager.getProfiles(userHandle);
for (UserInfo userInfo : profiles) {
int profileId = userInfo.id;
- DevicePolicyData policy = getUserData(profileId);
+ DevicePolicyData policy = getUserDataUnchecked(profileId);
final int N = policy.mAdminList.size();
if (N > 0) {
for (int i=0; i<N; i++) {
@@ -4243,7 +4264,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
// and return null.
boolean allAdminsHaveOptions = true;
for (UserInfo userInfo : profiles) {
- DevicePolicyData policy = getUserData(userInfo.id);
+ DevicePolicyData policy = getUserDataUnchecked(userInfo.id);
final int N = policy.mAdminList.size();
for (int i=0; i < N; i++) {
final ActiveAdmin active = policy.mAdminList.get(i);
@@ -4474,7 +4495,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
for (int i = 0; i < PROFILES_SIZE; ++i) {
// Just loop though all admins, only device or profiles
// owners can have permitted lists set.
- DevicePolicyData policy = getUserData(profiles.get(i).id);
+ DevicePolicyData policy = getUserDataUnchecked(profiles.get(i).id);
final int N = policy.mAdminList.size();
for (int j = 0; j < N; j++) {
ActiveAdmin admin = policy.mAdminList.get(j);
@@ -4639,7 +4660,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
for (int i = 0; i < PROFILES_SIZE; ++i) {
// Just loop though all admins, only device or profiles
// owners can have permitted lists set.
- DevicePolicyData policy = getUserData(profiles.get(i).id);
+ DevicePolicyData policy = getUserDataUnchecked(profiles.get(i).id);
final int N = policy.mAdminList.size();
for (int j = 0; j < N; j++) {
ActiveAdmin admin = policy.mAdminList.get(j);
@@ -5428,7 +5449,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return Collections.emptyList();
}
- DevicePolicyData policy = getUserData(profileId);
+ DevicePolicyData policy = getUserDataUnchecked(profileId);
ActiveAdmin admin = policy.mAdminMap.get(ownerComponent);
if (admin == null || admin.crossProfileWidgetProviders == null