diff options
Diffstat (limited to 'services')
4 files changed, 102 insertions, 33 deletions
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index 223d77d..22cd8ff 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -5592,6 +5592,38 @@ public final class ActivityManagerService extends ActivityManagerNative } } + /** + * Allows app to retrieve the MIME type of a URI without having permission + * to access its content provider. + * + * CTS tests for this functionality can be run with "runtest cts-appsecurity". + * + * Test cases are at cts/tests/appsecurity-tests/test-apps/UsePermissionDiffCert/ + * src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java + */ + public String getProviderMimeType(Uri uri) { + final String name = uri.getAuthority(); + final long ident = Binder.clearCallingIdentity(); + ContentProviderHolder holder = null; + + try { + holder = getContentProviderExternal(name); + if (holder != null) { + return holder.provider.getType(uri); + } + } catch (RemoteException e) { + Log.w(TAG, "Content provider dead retrieving " + uri, e); + return null; + } finally { + if (holder != null) { + removeContentProviderExternal(name); + } + Binder.restoreCallingIdentity(ident); + } + + return null; + } + // ========================================================= // GLOBAL MANAGEMENT // ========================================================= diff --git a/services/java/com/android/server/am/UriPermission.java b/services/java/com/android/server/am/UriPermission.java index 0cb6943..e3347cb 100644 --- a/services/java/com/android/server/am/UriPermission.java +++ b/services/java/com/android/server/am/UriPermission.java @@ -27,8 +27,8 @@ import java.util.HashSet; * * CTS tests for this functionality can be run with "runtest cts-appsecurity". * - * Test cases are at cts/tests/appsecurity-tests/test-apps/UsePermissionDiffCert - * /src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java + * Test cases are at cts/tests/appsecurity-tests/test-apps/UsePermissionDiffCert/ + * src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java */ class UriPermission { final int uid; diff --git a/services/java/com/android/server/sip/SipSessionGroup.java b/services/java/com/android/server/sip/SipSessionGroup.java index fa3f64a..91677a2 100644 --- a/services/java/com/android/server/sip/SipSessionGroup.java +++ b/services/java/com/android/server/sip/SipSessionGroup.java @@ -620,13 +620,15 @@ class SipSessionGroup implements SipListener { Response.CALL_OR_TRANSACTION_DOES_NOT_EXIST); return true; } else if (evt instanceof TransactionTerminatedEvent) { - if (evt instanceof TimeoutEvent) { - processTimeout((TimeoutEvent) evt); - } else { - processTransactionTerminated( - (TransactionTerminatedEvent) evt); + if (isCurrentTransaction((TransactionTerminatedEvent) evt)) { + if (evt instanceof TimeoutEvent) { + processTimeout((TimeoutEvent) evt); + } else { + processTransactionTerminated( + (TransactionTerminatedEvent) evt); + } + return true; } - return true; } else if (isRequestEvent(Request.OPTIONS, evt)) { mSipHelper.sendResponse((RequestEvent) evt, Response.OK); return true; @@ -646,6 +648,37 @@ class SipSessionGroup implements SipListener { } } + private boolean isCurrentTransaction(TransactionTerminatedEvent event) { + Transaction current = event.isServerTransaction() + ? mServerTransaction + : mClientTransaction; + Transaction target = event.isServerTransaction() + ? event.getServerTransaction() + : event.getClientTransaction(); + + if ((current != target) && (mState != SipSession.State.PINGING)) { + Log.d(TAG, "not the current transaction; current=" + + toString(current) + ", target=" + toString(target)); + return false; + } else if (current != null) { + Log.d(TAG, "transaction terminated: " + toString(current)); + return true; + } else { + // no transaction; shouldn't be here; ignored + return true; + } + } + + private String toString(Transaction transaction) { + if (transaction == null) return "null"; + Request request = transaction.getRequest(); + Dialog dialog = transaction.getDialog(); + CSeqHeader cseq = (CSeqHeader) request.getHeader(CSeqHeader.NAME); + return String.format("req=%s,%s,s=%s,ds=%s,", request.getMethod(), + cseq.getSeqNumber(), transaction.getState(), + ((dialog == null) ? "-" : dialog.getState())); + } + private void processTransactionTerminated( TransactionTerminatedEvent event) { switch (mState) { @@ -661,19 +694,7 @@ class SipSessionGroup implements SipListener { } private void processTimeout(TimeoutEvent event) { - Log.d(TAG, "processing Timeout..." + event); - Transaction current = event.isServerTransaction() - ? mServerTransaction - : mClientTransaction; - Transaction target = event.isServerTransaction() - ? event.getServerTransaction() - : event.getClientTransaction(); - - if ((current != target) && (mState != SipSession.State.PINGING)) { - Log.d(TAG, "not the current transaction; current=" + current - + ", timed out=" + target); - return; - } + Log.d(TAG, "processing Timeout..."); switch (mState) { case SipSession.State.REGISTERING: case SipSession.State.DEREGISTERING: @@ -810,6 +831,12 @@ class SipSessionGroup implements SipListener { } } + private boolean crossDomainAuthenticationRequired(Response response) { + String realm = getRealmFromResponse(response); + if (realm == null) realm = ""; + return !mLocalProfile.getSipDomain().trim().equals(realm.trim()); + } + private AccountManager getAccountManager() { return new AccountManager() { public UserCredentials getCredentials(ClientTransaction @@ -831,6 +858,15 @@ class SipSessionGroup implements SipListener { }; } + private String getRealmFromResponse(Response response) { + WWWAuthenticate wwwAuth = (WWWAuthenticate)response.getHeader( + SIPHeaderNames.WWW_AUTHENTICATE); + if (wwwAuth != null) return wwwAuth.getRealm(); + ProxyAuthenticate proxyAuth = (ProxyAuthenticate)response.getHeader( + SIPHeaderNames.PROXY_AUTHENTICATE); + return (proxyAuth == null) ? null : proxyAuth.getRealm(); + } + private String getNonceFromResponse(Response response) { WWWAuthenticate wwwAuth = (WWWAuthenticate)response.getHeader( SIPHeaderNames.WWW_AUTHENTICATE); @@ -937,7 +973,10 @@ class SipSessionGroup implements SipListener { return true; case Response.UNAUTHORIZED: case Response.PROXY_AUTHENTICATION_REQUIRED: - if (handleAuthentication(event)) { + if (crossDomainAuthenticationRequired(response)) { + onError(SipErrorCode.CROSS_DOMAIN_AUTHENTICATION, + getRealmFromResponse(response)); + } else if (handleAuthentication(event)) { addSipSession(this); } else if (mLastNonce == null) { onError(SipErrorCode.SERVER_ERROR, @@ -982,19 +1021,19 @@ class SipSessionGroup implements SipListener { Response response = event.getResponse(); int statusCode = response.getStatusCode(); if (expectResponse(Request.CANCEL, evt)) { + if (statusCode == Response.OK) { + // do nothing; wait for REQUEST_TERMINATED + return true; + } + } else if (expectResponse(Request.INVITE, evt)) { switch (statusCode) { case Response.OK: - // do nothing; wait for REQUEST_TERMINATED + outgoingCall(evt); // abort Cancel return true; case Response.REQUEST_TERMINATED: endCallNormally(); return true; } - } else if (expectResponse(Request.INVITE, evt)) { - if (statusCode == Response.OK) { - outgoingCall(evt); // abort Cancel - return true; - } } else { return false; } diff --git a/services/jni/com_android_server_InputManager.cpp b/services/jni/com_android_server_InputManager.cpp index e3bae56..6f52f24 100644 --- a/services/jni/com_android_server_InputManager.cpp +++ b/services/jni/com_android_server_InputManager.cpp @@ -207,7 +207,7 @@ public: virtual int32_t getMaxEventsPerSecond(); virtual bool interceptKeyBeforeDispatching(const sp<InputChannel>& inputChannel, const KeyEvent* keyEvent, uint32_t policyFlags); - virtual void pokeUserActivity(nsecs_t eventTime, int32_t windowType, int32_t eventType); + virtual void pokeUserActivity(nsecs_t eventTime, int32_t eventType); virtual bool checkInjectEventsPermissionNonReentrant( int32_t injectorPid, int32_t injectorUid); @@ -973,10 +973,8 @@ bool NativeInputManager::interceptKeyBeforeDispatching(const sp<InputChannel>& i return consumed && ! error; } -void NativeInputManager::pokeUserActivity(nsecs_t eventTime, int32_t windowType, int32_t eventType) { - if (windowType != InputWindow::TYPE_KEYGUARD) { - android_server_PowerManagerService_userActivity(eventTime, eventType); - } +void NativeInputManager::pokeUserActivity(nsecs_t eventTime, int32_t eventType) { + android_server_PowerManagerService_userActivity(eventTime, eventType); } |