PackageManager: make protected-broadcasts permission aware

This extends the <protected-broadcast> mechanism to allow protecting
actions based on a permission for system apps.

For instance:

   <protected-broadcast android:name="ACTION_A"
                        android:permission="PERMISSION_X" />

will restrict intents with action "ACTION_A" to be only sent with
apps holding the "PERMISSION_X" permission. Note that system UIDs will
bypass the permission check and always be allowed, just like the normal
protected-broadcast mechanism.

You must still be a system application to delcare a protected broadcast.

Change-Id: Id25cffd233d400800dcb5249c5f487134e1b4152
Signed-off-by: Roman Birg <roman@cyngn.com>

2 files changed, 18 insertions, 4 deletions

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 6d9ed28..17d8d47 100755
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -16962,7 +16962,8 @@ public final class ActivityManagerService extends ActivityManagerNative
         } else if (callerApp == null || !callerApp.persistent) {
             try {
                 if (AppGlobals.getPackageManager().isProtectedBroadcast(
-                        intent.getAction())) {
+                        intent.getAction()) && !AppGlobals.getPackageManager()
+                        .isProtectedBroadcastAllowed(intent.getAction(), callingUid)) {
                     String msg = "Permission Denial: not allowed to send broadcast "
                             + intent.getAction() + " from pid="
                             + callingPid + ", uid=" + callingUid;
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 95a150a..fc3d79c 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -617,7 +617,7 @@ public class PackageManagerService extends IPackageManager.Stub {
     final ArraySet<String> mTransferedPackages = new ArraySet<String>();
 
     // Broadcast actions that are only available to the system.
-    final ArraySet<String> mProtectedBroadcasts = new ArraySet<String>();
+    final ArrayMap<String, String> mProtectedBroadcasts = new ArrayMap<>();
 
     /** List of packages waiting for verification. */
     final SparseArray<PackageVerificationState> mPendingVerification
@@ -4041,7 +4041,19 @@ public class PackageManagerService extends IPackageManager.Stub {
     @Override
     public boolean isProtectedBroadcast(String actionName) {
         synchronized (mPackages) {
-            return mProtectedBroadcasts.contains(actionName);
+            return mProtectedBroadcasts.containsKey(actionName);
+        }
+    }
+
+    @Override
+    public boolean isProtectedBroadcastAllowed(String actionName, int callingUid) {
+        synchronized (mPackages) {
+            if (mProtectedBroadcasts.containsKey(actionName)) {
+               final int result = checkUidPermission(mProtectedBroadcasts.get(actionName),
+                        callingUid);
+                return result == PackageManager.PERMISSION_GRANTED;
+            }
+            return false;
         }
     }
 
@@ -7841,7 +7853,8 @@ public class PackageManagerService extends IPackageManager.Stub {
             if (pkg.protectedBroadcasts != null) {
                 N = pkg.protectedBroadcasts.size();
                 for (i=0; i<N; i++) {
-                    mProtectedBroadcasts.add(pkg.protectedBroadcasts.get(i));
+                    mProtectedBroadcasts.put(pkg.protectedBroadcasts.keyAt(i),
+                            pkg.protectedBroadcasts.valueAt(i));
                 }
             }