diff options
| author | Dianne Hackborn <hackbod@google.com> | 2013-03-25 17:49:36 -0700 |
|---|---|---|
| committer | Dianne Hackborn <hackbod@google.com> | 2013-03-25 17:49:36 -0700 |
| commit | a40cfeb55f6caa35fee894b86175b7d916520c80 (patch) | |
| tree | fa66c98e4298028290f303786f4f09ee9a08df85 /services/java/com/android/server/am/ActivityManagerService.java | |
| parent | 7c566bf3e4a10d74588b3e92ea3f6af310930f37 (diff) | |
| download | frameworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.zip frameworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.tar.gz frameworks_base-a40cfeb55f6caa35fee894b86175b7d916520c80.tar.bz2 | |
Fix issue #8470131: Process thrash kills battery
Protect app widget broadcasts from abuse.
In this case the app was sending an APPWIDGET_UPDATE broadcast
without specifying a target, which (a) should not be allowed (you
should not be able to send updates to other apps), and (b) resulted
in every single potential app widget in the system being launched...
which was about 75 of them.
Change-Id: I9d48733610ce6d5a7c32e69a3e06b9f33bd79a34
Diffstat (limited to 'services/java/com/android/server/am/ActivityManagerService.java')
| -rw-r--r-- | services/java/com/android/server/am/ActivityManagerService.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index 6f092bf..bc51653 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -19,6 +19,7 @@ package com.android.server.am; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import android.app.AppOpsManager; +import android.appwidget.AppWidgetManager; import com.android.internal.R; import com.android.internal.os.BatteryStatsImpl; import com.android.internal.os.ProcessStats; @@ -11791,6 +11792,32 @@ public final class ActivityManagerService extends ActivityManagerNative + callingPid + ", uid=" + callingUid; Slog.w(TAG, msg); throw new SecurityException(msg); + } else if (AppWidgetManager.ACTION_APPWIDGET_CONFIGURE.equals(intent.getAction())) { + // Special case for compatibility: we don't want apps to send this, + // but historically it has not been protected and apps may be using it + // to poke their own app widget. So, instead of making it protected, + // just limit it to the caller. + if (callerApp == null) { + String msg = "Permission Denial: not allowed to send broadcast " + + intent.getAction() + " from unknown caller."; + Slog.w(TAG, msg); + throw new SecurityException(msg); + } else if (intent.getComponent() != null) { + // They are good enough to send to an explicit component... verify + // it is being sent to the calling app. + if (!intent.getComponent().getPackageName().equals( + callerApp.info.packageName)) { + String msg = "Permission Denial: not allowed to send broadcast " + + intent.getAction() + " to " + + intent.getComponent().getPackageName() + " from " + + callerApp.info.packageName; + Slog.w(TAG, msg); + throw new SecurityException(msg); + } + } else { + // Limit broadcast to their own package. + intent.setPackage(callerApp.info.packageName); + } } } catch (RemoteException e) { Slog.w(TAG, "Remote exception", e); |