diff options
4 files changed, 17 insertions, 31 deletions
diff --git a/core/java/android/appwidget/AppWidgetHost.java b/core/java/android/appwidget/AppWidgetHost.java index 69716e5..24c6793 100644 --- a/core/java/android/appwidget/AppWidgetHost.java +++ b/core/java/android/appwidget/AppWidgetHost.java @@ -24,7 +24,6 @@ import android.annotation.Nullable; import android.app.Activity; import android.content.ActivityNotFoundException; import android.content.Context; -import android.content.Intent; import android.content.IntentSender; import android.os.Binder; import android.os.Bundle; @@ -155,7 +154,7 @@ public class AppWidgetHost { int[] updatedIds; ArrayList<RemoteViews> updatedViews = new ArrayList<RemoteViews>(); try { - updatedIds = sService.startListening(mCallbacks, mContext.getPackageName(), mHostId, + updatedIds = sService.startListening(mCallbacks, mContext.getOpPackageName(), mHostId, updatedViews); } catch (RemoteException e) { @@ -174,7 +173,7 @@ public class AppWidgetHost { */ public void stopListening() { try { - sService.stopListening(mContext.getPackageName(), mHostId); + sService.stopListening(mContext.getOpPackageName(), mHostId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); @@ -192,7 +191,7 @@ public class AppWidgetHost { */ public int allocateAppWidgetId() { try { - return sService.allocateAppWidgetId(mContext.getPackageName(), mHostId); + return sService.allocateAppWidgetId(mContext.getOpPackageName(), mHostId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); @@ -222,7 +221,7 @@ public class AppWidgetHost { int appWidgetId, int intentFlags, int requestCode, @Nullable Bundle options) { try { IntentSender intentSender = sService.createAppWidgetConfigIntentSender( - mContext.getPackageName(), appWidgetId, intentFlags); + mContext.getOpPackageName(), appWidgetId, intentFlags); if (intentSender != null) { activity.startIntentSenderForResult(intentSender, requestCode, null, 0, 0, 0, options); @@ -246,7 +245,7 @@ public class AppWidgetHost { if (sService == null) { bindService(); } - return sService.getAppWidgetIdsForHost(mContext.getPackageName(), mHostId); + return sService.getAppWidgetIdsForHost(mContext.getOpPackageName(), mHostId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); } @@ -263,7 +262,7 @@ public class AppWidgetHost { synchronized (mViews) { mViews.remove(appWidgetId); try { - sService.deleteAppWidgetId(mContext.getPackageName(), appWidgetId); + sService.deleteAppWidgetId(mContext.getOpPackageName(), appWidgetId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); @@ -281,7 +280,7 @@ public class AppWidgetHost { */ public void deleteHost() { try { - sService.deleteHost(mContext.getPackageName(), mHostId); + sService.deleteHost(mContext.getOpPackageName(), mHostId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); @@ -319,7 +318,7 @@ public class AppWidgetHost { } RemoteViews views; try { - views = sService.getAppWidgetViews(mContext.getPackageName(), appWidgetId); + views = sService.getAppWidgetViews(mContext.getOpPackageName(), appWidgetId); } catch (RemoteException e) { throw new RuntimeException("system server dead?", e); } diff --git a/core/java/android/appwidget/AppWidgetManager.java b/core/java/android/appwidget/AppWidgetManager.java index 086eb7d..bd45c7e 100644 --- a/core/java/android/appwidget/AppWidgetManager.java +++ b/core/java/android/appwidget/AppWidgetManager.java @@ -441,7 +441,7 @@ public class AppWidgetManager { * @hide */ public AppWidgetManager(Context context, IAppWidgetService service) { - mPackageName = context.getPackageName(); + mPackageName = context.getOpPackageName(); mService = service; mDisplayMetrics = context.getResources().getDisplayMetrics(); } diff --git a/core/java/android/widget/RemoteViewsAdapter.java b/core/java/android/widget/RemoteViewsAdapter.java index 5d21e0b..602f955 100644 --- a/core/java/android/widget/RemoteViewsAdapter.java +++ b/core/java/android/widget/RemoteViewsAdapter.java @@ -157,7 +157,7 @@ public class RemoteViewsAdapter extends BaseAdapter implements Handler.Callback RemoteViewsAdapter adapter; final AppWidgetManager mgr = AppWidgetManager.getInstance(context); if ((adapter = mAdapter.get()) != null) { - mgr.bindRemoteViewsService(context.getPackageName(), appWidgetId, + mgr.bindRemoteViewsService(context.getOpPackageName(), appWidgetId, intent, asBinder()); } else { Slog.w(TAG, "bind: adapter was null"); diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java index f1e99fd..7f7e5c3 100644 --- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java +++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java @@ -18,6 +18,7 @@ package com.android.server.appwidget; import android.app.AlarmManager; import android.app.AppGlobals; +import android.app.AppOpsManager; import android.app.PendingIntent; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal.OnCrossProfileWidgetProvidersChangeListener; @@ -177,6 +178,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku private final IPackageManager mPackageManager; private final AlarmManager mAlarmManager; private final UserManager mUserManager; + private final AppOpsManager mAppOpsManager; private final SecurityPolicy mSecurityPolicy; @@ -195,6 +197,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku mPackageManager = AppGlobals.getPackageManager(); mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE); mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); + mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE); mSaveStateHandler = BackgroundThread.getHandler(); mCallbackHandler = new CallbackHandler(mContext.getMainLooper()); mBackupRestoreController = new BackupRestoreController(); @@ -890,6 +893,9 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku Slog.i(TAG, "bindRemoteViewsService() " + userId); } + // Make sure the package runs under the caller uid. + mSecurityPolicy.enforceCallFromPackage(callingPackage); + synchronized (mLock) { ensureGroupStateLoadedLocked(userId); @@ -3039,26 +3045,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku } public void enforceCallFromPackage(String packageName) { - if (!isCallFromPackage(packageName)) { - throw new SecurityException("Package " + packageName - + " not running under user " + UserHandle.getCallingUserId()); - } - } - - public boolean isCallFromPackage(String packageName) { - // System and root call all from anywhere they want. - final int callingUid = Binder.getCallingUid(); - if (callingUid == Process.SYSTEM_UID || callingUid == 0 /* root */) { - return true; - } - // Check if the package is present for the given profile. - final int packageUid = getUidForPackage(packageName, - UserHandle.getUserId(callingUid)); - if (packageUid < 0) { - return false; - } - // Check if the call for a package is coming from that package. - return UserHandle.isSameApp(callingUid, packageUid); + mAppOpsManager.checkPackage(Binder.getCallingUid(), packageName); } public boolean hasCallerBindPermissionOrBindWhiteListedLocked(String packageName) { |