diff options
Diffstat (limited to 'core')
-rw-r--r-- | core/java/android/app/AppOpsManager.java | 16 | ||||
-rw-r--r-- | core/java/android/app/ApplicationPackageManager.java | 2 | ||||
-rw-r--r-- | core/java/android/app/ContextImpl.java | 25 | ||||
-rw-r--r-- | core/java/android/app/NotificationManager.java | 4 | ||||
-rw-r--r-- | core/java/android/content/ClipboardManager.java | 12 | ||||
-rw-r--r-- | core/java/android/content/ContentResolver.java | 2 | ||||
-rw-r--r-- | core/java/android/content/Context.java | 7 | ||||
-rw-r--r-- | core/java/android/content/ContextWrapper.java | 6 | ||||
-rw-r--r-- | core/java/android/os/PowerManager.java | 2 | ||||
-rw-r--r-- | core/java/android/os/SystemVibrator.java | 2 |
10 files changed, 59 insertions, 19 deletions
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index 64054c5..3e4795c 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -575,6 +575,10 @@ public class AppOpsManager { } } + private String buildSecurityExceptionMsg(int op, int uid, String packageName) { + return packageName + " from uid " + uid + " not allowed to perform " + sOpNames[op]; + } + /** * Do a quick check for whether an application might be able to perform an operation. * This is <em>not</em> a security check; you must use {@link #noteOp(int, int, String)} @@ -595,7 +599,7 @@ public class AppOpsManager { try { int mode = mService.checkOperation(op, uid, packageName); if (mode == MODE_ERRORED) { - throw new SecurityException("Operation not allowed"); + throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName)); } return mode; } catch (RemoteException e) { @@ -650,7 +654,7 @@ public class AppOpsManager { try { int mode = mService.noteOperation(op, uid, packageName); if (mode == MODE_ERRORED) { - throw new SecurityException("Operation not allowed"); + throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName)); } return mode; } catch (RemoteException e) { @@ -672,7 +676,7 @@ public class AppOpsManager { /** @hide */ public int noteOp(int op) { - return noteOp(op, Process.myUid(), mContext.getBasePackageName()); + return noteOp(op, Process.myUid(), mContext.getOpPackageName()); } /** @hide */ @@ -710,7 +714,7 @@ public class AppOpsManager { try { int mode = mService.startOperation(getToken(mService), op, uid, packageName); if (mode == MODE_ERRORED) { - throw new SecurityException("Operation not allowed"); + throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName)); } return mode; } catch (RemoteException e) { @@ -732,7 +736,7 @@ public class AppOpsManager { /** @hide */ public int startOp(int op) { - return startOp(op, Process.myUid(), mContext.getBasePackageName()); + return startOp(op, Process.myUid(), mContext.getOpPackageName()); } /** @@ -749,6 +753,6 @@ public class AppOpsManager { } public void finishOp(int op) { - finishOp(op, Process.myUid(), mContext.getBasePackageName()); + finishOp(op, Process.myUid(), mContext.getOpPackageName()); } } diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index ab2739d..e522b78 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -1275,7 +1275,7 @@ final class ApplicationPackageManager extends PackageManager { int newState, int flags) { try { mPM.setApplicationEnabledSetting(packageName, newState, flags, - mContext.getUserId(), mContext.getBasePackageName()); + mContext.getUserId(), mContext.getOpPackageName()); } catch (RemoteException e) { // Should never happen! } diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java index 7ff7562..fe8c506 100644 --- a/core/java/android/app/ContextImpl.java +++ b/core/java/android/app/ContextImpl.java @@ -183,6 +183,7 @@ class ContextImpl extends Context { /*package*/ LoadedApk mPackageInfo; private String mBasePackageName; + private String mOpPackageName; private Resources mResources; /*package*/ ActivityThread mMainThread; private Context mOuterContext; @@ -679,6 +680,12 @@ class ContextImpl extends Context { return mBasePackageName != null ? mBasePackageName : getPackageName(); } + /** @hide */ + @Override + public String getOpPackageName() { + return mOpPackageName != null ? mOpPackageName : getBasePackageName(); + } + @Override public ApplicationInfo getApplicationInfo() { if (mPackageInfo != null) { @@ -1961,6 +1968,7 @@ class ContextImpl extends Context { public ContextImpl(ContextImpl context) { mPackageInfo = context.mPackageInfo; mBasePackageName = context.mBasePackageName; + mOpPackageName = context.mOpPackageName; mResources = context.mResources; mMainThread = context.mMainThread; mContentResolver = context.mContentResolver; @@ -1977,7 +1985,21 @@ class ContextImpl extends Context { final void init(LoadedApk packageInfo, IBinder activityToken, ActivityThread mainThread, Resources container, String basePackageName, UserHandle user) { mPackageInfo = packageInfo; - mBasePackageName = basePackageName != null ? basePackageName : packageInfo.mPackageName; + if (basePackageName != null) { + mBasePackageName = mOpPackageName = basePackageName; + } else { + mBasePackageName = packageInfo.mPackageName; + ApplicationInfo ainfo = packageInfo.getApplicationInfo(); + if (ainfo.uid == Process.SYSTEM_UID && ainfo.uid != Process.myUid()) { + // Special case: system components allow themselves to be loaded in to other + // processes. For purposes of app ops, we must then consider the context as + // belonging to the package of this process, not the system itself, otherwise + // the package+uid verifications in app ops will fail. + mOpPackageName = ActivityThread.currentPackageName(); + } else { + mOpPackageName = mBasePackageName; + } + } mResources = mPackageInfo.getResources(mainThread); mResourcesManager = ResourcesManager.getInstance(); @@ -2011,6 +2033,7 @@ class ContextImpl extends Context { final void init(Resources resources, ActivityThread mainThread, UserHandle user) { mPackageInfo = null; mBasePackageName = null; + mOpPackageName = null; mResources = resources; mMainThread = mainThread; mContentResolver = new ApplicationContentResolver(this, mainThread, user); diff --git a/core/java/android/app/NotificationManager.java b/core/java/android/app/NotificationManager.java index dbafc78..3ee4306 100644 --- a/core/java/android/app/NotificationManager.java +++ b/core/java/android/app/NotificationManager.java @@ -133,7 +133,7 @@ public class NotificationManager } if (localLOGV) Log.v(TAG, pkg + ": notify(" + id + ", " + notification + ")"); try { - service.enqueueNotificationWithTag(pkg, mContext.getBasePackageName(), tag, id, + service.enqueueNotificationWithTag(pkg, mContext.getOpPackageName(), tag, id, notification, idOut, UserHandle.myUserId()); if (id != idOut[0]) { Log.w(TAG, "notify: id corrupted: sent " + id + ", got back " + idOut[0]); @@ -158,7 +158,7 @@ public class NotificationManager } if (localLOGV) Log.v(TAG, pkg + ": notify(" + id + ", " + notification + ")"); try { - service.enqueueNotificationWithTag(pkg, mContext.getBasePackageName(), tag, id, + service.enqueueNotificationWithTag(pkg, mContext.getOpPackageName(), tag, id, notification, idOut, user.getIdentifier()); if (id != idOut[0]) { Log.w(TAG, "notify: id corrupted: sent " + id + ", got back " + idOut[0]); diff --git a/core/java/android/content/ClipboardManager.java b/core/java/android/content/ClipboardManager.java index 69f9d4a..73e6fd0 100644 --- a/core/java/android/content/ClipboardManager.java +++ b/core/java/android/content/ClipboardManager.java @@ -122,7 +122,7 @@ public class ClipboardManager extends android.text.ClipboardManager { if (clip != null) { clip.prepareToLeaveProcess(); } - getService().setPrimaryClip(clip, mContext.getBasePackageName()); + getService().setPrimaryClip(clip, mContext.getOpPackageName()); } catch (RemoteException e) { } } @@ -132,7 +132,7 @@ public class ClipboardManager extends android.text.ClipboardManager { */ public ClipData getPrimaryClip() { try { - return getService().getPrimaryClip(mContext.getBasePackageName()); + return getService().getPrimaryClip(mContext.getOpPackageName()); } catch (RemoteException e) { return null; } @@ -144,7 +144,7 @@ public class ClipboardManager extends android.text.ClipboardManager { */ public ClipDescription getPrimaryClipDescription() { try { - return getService().getPrimaryClipDescription(mContext.getBasePackageName()); + return getService().getPrimaryClipDescription(mContext.getOpPackageName()); } catch (RemoteException e) { return null; } @@ -155,7 +155,7 @@ public class ClipboardManager extends android.text.ClipboardManager { */ public boolean hasPrimaryClip() { try { - return getService().hasPrimaryClip(mContext.getBasePackageName()); + return getService().hasPrimaryClip(mContext.getOpPackageName()); } catch (RemoteException e) { return false; } @@ -166,7 +166,7 @@ public class ClipboardManager extends android.text.ClipboardManager { if (mPrimaryClipChangedListeners.size() == 0) { try { getService().addPrimaryClipChangedListener( - mPrimaryClipChangedServiceListener, mContext.getBasePackageName()); + mPrimaryClipChangedServiceListener, mContext.getOpPackageName()); } catch (RemoteException e) { } } @@ -213,7 +213,7 @@ public class ClipboardManager extends android.text.ClipboardManager { */ public boolean hasText() { try { - return getService().hasClipboardText(mContext.getBasePackageName()); + return getService().hasClipboardText(mContext.getOpPackageName()); } catch (RemoteException e) { return false; } diff --git a/core/java/android/content/ContentResolver.java b/core/java/android/content/ContentResolver.java index e914604..995ca97 100644 --- a/core/java/android/content/ContentResolver.java +++ b/core/java/android/content/ContentResolver.java @@ -261,7 +261,7 @@ public abstract class ContentResolver { public ContentResolver(Context context) { mContext = context != null ? context : ActivityThread.currentApplication(); - mPackageName = mContext.getBasePackageName(); + mPackageName = mContext.getOpPackageName(); } /** @hide */ diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java index 8df5bee..7b15e63 100644 --- a/core/java/android/content/Context.java +++ b/core/java/android/content/Context.java @@ -435,6 +435,13 @@ public abstract class Context { /** @hide Return the name of the base context this context is derived from. */ public abstract String getBasePackageName(); + /** @hide Return the package name that should be used for app ops calls from + * this context. This is the same as {@link #getBasePackageName()} except in + * cases where system components are loaded into other app processes, in which + * case this will be the name of the primary package in that process (so that app + * ops uid verification will work with the name). */ + public abstract String getOpPackageName(); + /** Return the full application info for this context's package. */ public abstract ApplicationInfo getApplicationInfo(); diff --git a/core/java/android/content/ContextWrapper.java b/core/java/android/content/ContextWrapper.java index e09d367..a708dad 100644 --- a/core/java/android/content/ContextWrapper.java +++ b/core/java/android/content/ContextWrapper.java @@ -141,6 +141,12 @@ public class ContextWrapper extends Context { return mBase.getBasePackageName(); } + /** @hide */ + @Override + public String getOpPackageName() { + return mBase.getOpPackageName(); + } + @Override public ApplicationInfo getApplicationInfo() { return mBase.getApplicationInfo(); diff --git a/core/java/android/os/PowerManager.java b/core/java/android/os/PowerManager.java index 52e5f38..5e0d489 100644 --- a/core/java/android/os/PowerManager.java +++ b/core/java/android/os/PowerManager.java @@ -407,7 +407,7 @@ public final class PowerManager { */ public WakeLock newWakeLock(int levelAndFlags, String tag) { validateWakeLockParameters(levelAndFlags, tag); - return new WakeLock(levelAndFlags, tag, mContext.getBasePackageName()); + return new WakeLock(levelAndFlags, tag, mContext.getOpPackageName()); } /** @hide */ diff --git a/core/java/android/os/SystemVibrator.java b/core/java/android/os/SystemVibrator.java index e66fb28..700f80d 100644 --- a/core/java/android/os/SystemVibrator.java +++ b/core/java/android/os/SystemVibrator.java @@ -39,7 +39,7 @@ public class SystemVibrator extends Vibrator { } public SystemVibrator(Context context) { - mPackageName = context.getBasePackageName(); + mPackageName = context.getOpPackageName(); mService = IVibratorService.Stub.asInterface( ServiceManager.getService("vibrator")); } |