diff options
| author | Dianne Hackborn <hackbod@google.com> | 2009-07-09 18:14:31 -0700 |
|---|---|---|
| committer | Dianne Hackborn <hackbod@google.com> | 2009-07-09 18:14:31 -0700 |
| commit | 854060af30f928c0a65591e9c8314ae17056e6b8 (patch) | |
| tree | 90922c34cec925074bb62a3b79ac65af5527c02a /services/java/com/android/server/PackageManagerService.java | |
| parent | d1e5e3ffc22478bad8525dec4f1c6d57fe0ad368 (diff) | |
| download | frameworks_base-854060af30f928c0a65591e9c8314ae17056e6b8.zip frameworks_base-854060af30f928c0a65591e9c8314ae17056e6b8.tar.gz frameworks_base-854060af30f928c0a65591e9c8314ae17056e6b8.tar.bz2 | |
Fix bug #1873249i: Apps can DoS/brick device
This is the problem where various things are listening for broadcasts
(such as battery status, PIN/PUK/Network) that an application can send
to cause harm to the system.
Solving this is tricky because many of these broadcasts are sticky,
and I have never figured out how to do permissions with sticky
broadcasts in a sane way. So instead, I am going to punt on the
general problem and just brute force it:
There is new a way for system components to declare specific
broadcast actions to be protected, which means that only the system
and the phone can send them. This is good enough for now. None
of it is exposed in the public API so we can make something a little
less stupid in the future if we ever need to.
Diffstat (limited to 'services/java/com/android/server/PackageManagerService.java')
| -rw-r--r-- | services/java/com/android/server/PackageManagerService.java | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java index 06435c8..0d190ca 100644 --- a/services/java/com/android/server/PackageManagerService.java +++ b/services/java/com/android/server/PackageManagerService.java @@ -56,8 +56,6 @@ import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; import android.content.pm.ServiceInfo; import android.content.pm.Signature; -import android.content.res.CompatibilityInfo; -import android.content.res.Configuration; import android.net.Uri; import android.os.Binder; import android.os.Build; @@ -251,6 +249,9 @@ class PackageManagerService extends IPackageManager.Stub { final HashMap<String, PackageParser.PermissionGroup> mPermissionGroups = new HashMap<String, PackageParser.PermissionGroup>(); + // Broadcast actions that are only available to the system. + final HashSet<String> mProtectedBroadcasts = new HashSet<String>(); + boolean mSystemReady; boolean mSafeMode; boolean mHasSystemUidErrors; @@ -1128,6 +1129,12 @@ class PackageManagerService extends IPackageManager.Stub { } } + public boolean isProtectedBroadcast(String actionName) { + synchronized (mPackages) { + return mProtectedBroadcasts.contains(actionName); + } + } + public int checkSignatures(String pkg1, String pkg2) { synchronized (mPackages) { PackageParser.Package p1 = mPackages.get(pkg1); @@ -2500,6 +2507,13 @@ class PackageManagerService extends IPackageManager.Stub { if (Config.LOGD) Log.d(TAG, " Instrumentation: " + r); } + if (pkg.protectedBroadcasts != null) { + N = pkg.protectedBroadcasts.size(); + for (i=0; i<N; i++) { + mProtectedBroadcasts.add(pkg.protectedBroadcasts.get(i)); + } + } + pkgSetting.setTimeStamp(scanFileTime); } |