fw: enforce android.permission.PREVENT_SYSTEM_KEYS in system server

Since privateFlags can be accessed and modified via reflection due to change 5d927c2d8e, the prevent system keys or prevent power keys flag can be set and deployed without ever calling setPrivateFlags directly. Move enforcing to system server to prevent app tampering. TICKET: CYAN-7921 (open source JIRA) Found by Maciej Krysztofiak Change-Id: I53c2804d0283692036f5cc95e6ad57821bc0655a
author: Scott Mertz <scott@cyngn.com> 2016-08-04 15:17:01 -0700
committer: Gerrit Code Review <gerrit@cyanogenmod.org> 2016-08-05 09:53:48 -0700
commit: a92b91d7966350ad37f5c60586e5ccb9abc696be (patch)
tree: c33c24c61cfd3f90ac516ed142c1a0dbfc4513e6 /services
parent: 66af012f8b1e8adb18132a669d2ed2e81d7bdf42 (diff)
download: frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.zip
frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.gz
frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.bz2
2 files changed, 8 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/policy/PhoneWindowManager.java b/services/core/java/com/android/server/policy/PhoneWindowManager.java
index 755592f..8a29a30 100644
--- a/services/core/java/com/android/server/policy/PhoneWindowManager.java
+++ b/services/core/java/com/android/server/policy/PhoneWindowManager.java
@@ -2449,6 +2449,12 @@ public class PhoneWindowManager implements WindowManagerPolicy {
             attrs.subtreeSystemUiVisibility |= View.SYSTEM_UI_FLAG_LAYOUT_FULLSCREEN
                     | View.SYSTEM_UI_FLAG_LAYOUT_HIDE_NAVIGATION;
         }
+
+        if ((attrs.privateFlags & (WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_SYSTEM_KEYS |
+                            WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_POWER_KEY)) != 0) {
+            mContext.enforceCallingOrSelfPermission(android.Manifest.permission.PREVENT_SYSTEM_KEYS,
+                    "No permission to prevent system key");
+        }
     }
 
     void readLidState() {
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index c519120..5c22d8b 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -3164,7 +3164,9 @@ public class WindowManagerService extends IWindowManager.Stub
             }
 
             if (attrs != null) {
+                Binder.restoreCallingIdentity(origId);
                 mPolicy.adjustWindowParamsLw(attrs);
+                origId = Binder.clearCallingIdentity();
             }
 
             // if they don't have the permission, mask out the status bar bits
author	Scott Mertz <scott@cyngn.com>	2016-08-04 15:17:01 -0700
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	2016-08-05 09:53:48 -0700
commit	a92b91d7966350ad37f5c60586e5ccb9abc696be (patch)
tree	c33c24c61cfd3f90ac516ed142c1a0dbfc4513e6 /services
parent	66af012f8b1e8adb18132a669d2ed2e81d7bdf42 (diff)
download	frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.zip frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.gz frameworks_base-a92b91d7966350ad37f5c60586e5ccb9abc696be.tar.bz2