diff options
author | Craig Mautner <cmautner@google.com> | 2015-04-23 10:39:39 -0700 |
---|---|---|
committer | Craig Mautner <cmautner@google.com> | 2015-04-23 11:05:02 -0700 |
commit | 015c5e57b58d26ae53849c02d3aebfcd52d85c3d (patch) | |
tree | 9c98c6a2793a0652e473ca8c458abcd86e856cb9 /services | |
parent | be3d85fb96cf1634b05dbaad708127219d5e8ced (diff) | |
download | frameworks_base-015c5e57b58d26ae53849c02d3aebfcd52d85c3d.zip frameworks_base-015c5e57b58d26ae53849c02d3aebfcd52d85c3d.tar.gz frameworks_base-015c5e57b58d26ae53849c02d3aebfcd52d85c3d.tar.bz2 |
Disallow data clearing of DeviceOwner.
There are OEM provided apps that are able to clear the data of the
device owner. That creates a security hole that this fixes.
Fixes bug 20107015.
Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
Diffstat (limited to 'services')
-rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 19 | ||||
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 25 |
2 files changed, 37 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 9d5ae8e..a48a4d9 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -437,6 +437,11 @@ public final class ActivityManagerService extends ActivityManagerNative */ SparseArray<String[]> mLockTaskPackages = new SparseArray<>(); + /** + * The package name of the DeviceOwner. This package is not permitted to have its data cleared. + */ + String mDeviceOwnerName; + public class PendingAssistExtras extends Binder implements Runnable { public final ActivityRecord activity; public final Bundle extras; @@ -4831,6 +4836,9 @@ public final class ActivityManagerService extends ActivityManagerNative public boolean clearApplicationUserData(final String packageName, final IPackageDataObserver observer, int userId) { enforceNotIsolatedCaller("clearApplicationUserData"); + if (packageName != null && packageName.equals(mDeviceOwnerName)) { + throw new SecurityException("Clearing DeviceOwner data is forbidden."); + } int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); userId = handleIncomingUser(pid, uid, @@ -8563,6 +8571,17 @@ public final class ActivityManagerService extends ActivityManagerNative } @Override + public void updateDeviceOwner(String packageName) { + final int callingUid = Binder.getCallingUid(); + if (callingUid != 0 && callingUid != Process.SYSTEM_UID) { + throw new SecurityException("updateDeviceOwner called from non-system process"); + } + synchronized (this) { + mDeviceOwnerName = packageName; + } + } + + @Override public void updateLockTaskPackages(int userId, String[] packages) { final int callingUid = Binder.getCallingUid(); if (callingUid != 0 && callingUid != Process.SYSTEM_UID) { diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 9bb97f7..44b3f69 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1106,6 +1106,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { void loadDeviceOwner() { synchronized (this) { mDeviceOwner = DeviceOwner.load(); + updateDeviceOwnerLocked(); } } @@ -1667,6 +1668,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + private void updateDeviceOwnerLocked() { + IActivityManager am = ActivityManagerNative.getDefault(); + long ident = Binder.clearCallingIdentity(); + try { + am.updateDeviceOwner(mDeviceOwner.getDeviceOwnerPackageName()); + } catch (RemoteException e) { + // Not gonna happen. + } finally { + Binder.restoreCallingIdentity(ident); + } + } + static void validateQualityConstant(int quality) { switch (quality) { case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: @@ -3990,14 +4003,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (mDeviceOwner == null) { // Device owner is not set and does not exist, set it. mDeviceOwner = DeviceOwner.createWithDeviceOwner(packageName, ownerName); - mDeviceOwner.writeOwnerFile(); - return true; } else { // Device owner is not set but a profile owner exists, update Device owner state. mDeviceOwner.setDeviceOwner(packageName, ownerName); - mDeviceOwner.writeOwnerFile(); - return true; } + mDeviceOwner.writeOwnerFile(); + updateDeviceOwnerLocked(); + return true; } } @@ -4079,6 +4091,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (mDeviceOwner != null) { mDeviceOwner.clearDeviceOwner(); mDeviceOwner.writeOwnerFile(); + updateDeviceOwnerLocked(); } } finally { Binder.restoreCallingIdentity(ident); @@ -4107,15 +4120,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (mDeviceOwner == null) { // Device owner state does not exist, create it. - mDeviceOwner = DeviceOwner.createWithDeviceInitializer( - initializer, ownerName); + mDeviceOwner = DeviceOwner.createWithDeviceInitializer(initializer, ownerName); } else { // Device owner already exists, update it. mDeviceOwner.setDeviceInitializer(initializer, ownerName); } addDeviceInitializerToLockTaskPackagesLocked(UserHandle.USER_OWNER); - mDeviceOwner.writeOwnerFile(); return true; } |