summaryrefslogtreecommitdiffstats
path: root/services/java/com/android/server/am/ActivityManagerService.java
diff options
context:
space:
mode:
authorDianne Hackborn <hackbod@google.com>2013-03-25 17:49:36 -0700
committerDianne Hackborn <hackbod@google.com>2013-03-25 17:49:36 -0700
commita40cfeb55f6caa35fee894b86175b7d916520c80 (patch)
treefa66c98e4298028290f303786f4f09ee9a08df85 /services/java/com/android/server/am/ActivityManagerService.java
parent7c566bf3e4a10d74588b3e92ea3f6af310930f37 (diff)
downloadframeworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.zip
frameworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.tar.gz
frameworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.tar.bz2
Fix issue #8470131: Process thrash kills battery
Protect app widget broadcasts from abuse. In this case the app was sending an APPWIDGET_UPDATE broadcast without specifying a target, which (a) should not be allowed (you should not be able to send updates to other apps), and (b) resulted in every single potential app widget in the system being launched... which was about 75 of them. Change-Id: I9d48733610ce6d5a7c32e69a3e06b9f33bd79a34
Diffstat (limited to 'services/java/com/android/server/am/ActivityManagerService.java')
-rw-r--r--services/java/com/android/server/am/ActivityManagerService.java27
1 files changed, 27 insertions, 0 deletions
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index 6f092bf..bc51653 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -19,6 +19,7 @@ package com.android.server.am;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import android.app.AppOpsManager;
+import android.appwidget.AppWidgetManager;
import com.android.internal.R;
import com.android.internal.os.BatteryStatsImpl;
import com.android.internal.os.ProcessStats;
@@ -11791,6 +11792,32 @@ public final class ActivityManagerService extends ActivityManagerNative
+ callingPid + ", uid=" + callingUid;
Slog.w(TAG, msg);
throw new SecurityException(msg);
+ } else if (AppWidgetManager.ACTION_APPWIDGET_CONFIGURE.equals(intent.getAction())) {
+ // Special case for compatibility: we don't want apps to send this,
+ // but historically it has not been protected and apps may be using it
+ // to poke their own app widget. So, instead of making it protected,
+ // just limit it to the caller.
+ if (callerApp == null) {
+ String msg = "Permission Denial: not allowed to send broadcast "
+ + intent.getAction() + " from unknown caller.";
+ Slog.w(TAG, msg);
+ throw new SecurityException(msg);
+ } else if (intent.getComponent() != null) {
+ // They are good enough to send to an explicit component... verify
+ // it is being sent to the calling app.
+ if (!intent.getComponent().getPackageName().equals(
+ callerApp.info.packageName)) {
+ String msg = "Permission Denial: not allowed to send broadcast "
+ + intent.getAction() + " to "
+ + intent.getComponent().getPackageName() + " from "
+ + callerApp.info.packageName;
+ Slog.w(TAG, msg);
+ throw new SecurityException(msg);
+ }
+ } else {
+ // Limit broadcast to their own package.
+ intent.setPackage(callerApp.info.packageName);
+ }
}
} catch (RemoteException e) {
Slog.w(TAG, "Remote exception", e);