diff options
Diffstat (limited to 'services')
11 files changed, 48 insertions, 74 deletions
diff --git a/services/java/com/android/server/am/ActivityStack.java b/services/java/com/android/server/am/ActivityStack.java index 3d7da7b..3d2e912 100644 --- a/services/java/com/android/server/am/ActivityStack.java +++ b/services/java/com/android/server/am/ActivityStack.java @@ -2594,8 +2594,7 @@ final class ActivityStack { } boolean abort = !mService.mIntentFirewall.checkStartActivity(intent, - callerApp==null?null:callerApp.info, callingPackage, callingUid, callingPid, - resolvedType, aInfo); + callerApp==null?null:callerApp.info, callingUid, callingPid, resolvedType, aInfo); if (mMainStack) { if (mService.mController != null) { diff --git a/services/java/com/android/server/firewall/AndFilter.java b/services/java/com/android/server/firewall/AndFilter.java index cabf00b..e4276d0 100644 --- a/services/java/com/android/server/firewall/AndFilter.java +++ b/services/java/com/android/server/firewall/AndFilter.java @@ -26,11 +26,10 @@ import java.io.IOException; class AndFilter extends FilterList { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { for (int i=0; i<children.size(); i++) { - if (!children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid, - callerPid, resolvedType, resolvedApp)) { + if (!children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType, + resolvedApp)) { return false; } } diff --git a/services/java/com/android/server/firewall/CategoryFilter.java b/services/java/com/android/server/firewall/CategoryFilter.java index d5e9fe8..4938cb8 100644 --- a/services/java/com/android/server/firewall/CategoryFilter.java +++ b/services/java/com/android/server/firewall/CategoryFilter.java @@ -34,7 +34,7 @@ class CategoryFilter implements Filter { } @Override - public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage, + public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { Set<String> categories = intent.getCategories(); if (categories == null) { diff --git a/services/java/com/android/server/firewall/Filter.java b/services/java/com/android/server/firewall/Filter.java index 7639466..0e783e8 100644 --- a/services/java/com/android/server/firewall/Filter.java +++ b/services/java/com/android/server/firewall/Filter.java @@ -26,17 +26,14 @@ interface Filter { * @param ifw The IntentFirewall instance * @param intent The intent being started/bound/broadcast * @param callerApp An ApplicationInfo of an application in the caller's process. This may not - * be the specific app that is actually sending the intent. This also may be - * null, if the caller is the system process, or an unrecognized process (e.g. - * am start) - * @param callerPackage The package name of the component sending the intent. This value is -* provided by the caller and might be forged/faked. + * be the specific app that is actually sending the intent. This also may be + * null, if the caller is the system process, or an unrecognized process (e.g. + * am start) * @param callerUid * @param callerPid * @param resolvedType The resolved mime type of the intent * @param resolvedApp The application that contains the resolved component that the intent is */ boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp); + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp); } diff --git a/services/java/com/android/server/firewall/IntentFirewall.java b/services/java/com/android/server/firewall/IntentFirewall.java index 062183b..46a0917 100644 --- a/services/java/com/android/server/firewall/IntentFirewall.java +++ b/services/java/com/android/server/firewall/IntentFirewall.java @@ -76,7 +76,6 @@ public class IntentFirewall { StringFilter.HOST, StringFilter.MIME_TYPE, StringFilter.PATH, - StringFilter.SENDER_PACKAGE, StringFilter.SSP, CategoryFilter.FACTORY, @@ -98,17 +97,16 @@ public class IntentFirewall { readRules(getRulesFile()); } - public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ActivityInfo resolvedActivity) { + public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp, int callerUid, + int callerPid, String resolvedType, ActivityInfo resolvedActivity) { List<Rule> matchingRules = mActivityResolver.queryIntent(intent, resolvedType, false, 0); boolean log = false; boolean block = false; for (int i=0; i< matchingRules.size(); i++) { Rule rule = matchingRules.get(i); - if (rule.matches(this, intent, callerApp, callerPackage, callerUid, callerPid, - resolvedType, resolvedActivity.applicationInfo)) { + if (rule.matches(this, intent, callerApp, callerUid, callerPid, resolvedType, + resolvedActivity.applicationInfo)) { block |= rule.getBlock(); log |= rule.getLog(); diff --git a/services/java/com/android/server/firewall/NotFilter.java b/services/java/com/android/server/firewall/NotFilter.java index 2ff108a..f0fc337 100644 --- a/services/java/com/android/server/firewall/NotFilter.java +++ b/services/java/com/android/server/firewall/NotFilter.java @@ -33,10 +33,9 @@ class NotFilter implements Filter { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { - return !mChild.matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid, - resolvedType, resolvedApp); + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { + return !mChild.matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType, + resolvedApp); } public static final FilterFactory FACTORY = new FilterFactory("not") { diff --git a/services/java/com/android/server/firewall/OrFilter.java b/services/java/com/android/server/firewall/OrFilter.java index 1ed1c85..72db31e 100644 --- a/services/java/com/android/server/firewall/OrFilter.java +++ b/services/java/com/android/server/firewall/OrFilter.java @@ -26,11 +26,10 @@ import java.io.IOException; class OrFilter extends FilterList { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { for (int i=0; i<children.size(); i++) { - if (children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid, - resolvedType, resolvedApp)) { + if (children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType, + resolvedApp)) { return true; } } diff --git a/services/java/com/android/server/firewall/PortFilter.java b/services/java/com/android/server/firewall/PortFilter.java index 2b2a198..fe7e085 100644 --- a/services/java/com/android/server/firewall/PortFilter.java +++ b/services/java/com/android/server/firewall/PortFilter.java @@ -42,8 +42,7 @@ class PortFilter implements Filter { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { int port = -1; Uri uri = intent.getData(); if (uri != null) { diff --git a/services/java/com/android/server/firewall/SenderFilter.java b/services/java/com/android/server/firewall/SenderFilter.java index 0b790bd..58bdd73 100644 --- a/services/java/com/android/server/firewall/SenderFilter.java +++ b/services/java/com/android/server/firewall/SenderFilter.java @@ -68,8 +68,7 @@ class SenderFilter { private static final Filter SIGNATURE = new Filter() { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { if (callerApp == null) { return false; } @@ -80,8 +79,7 @@ class SenderFilter { private static final Filter SYSTEM = new Filter() { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { if (callerApp == null) { // if callerApp is null, the caller is the system process return false; @@ -93,8 +91,7 @@ class SenderFilter { private static final Filter SYSTEM_OR_SIGNATURE = new Filter() { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { return isSystemApp(callerApp, callerUid, callerPid) || ifw.signaturesMatch(callerUid, resolvedApp.uid); } @@ -103,8 +100,7 @@ class SenderFilter { private static final Filter USER_ID = new Filter() { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { // This checks whether the caller is either the system process, or has the same user id // I.e. the same app, or an app that uses the same shared user id. // This is the same set of applications that would be able to access the component if diff --git a/services/java/com/android/server/firewall/SenderPermissionFilter.java b/services/java/com/android/server/firewall/SenderPermissionFilter.java index 02d8b15..310da20 100644 --- a/services/java/com/android/server/firewall/SenderPermissionFilter.java +++ b/services/java/com/android/server/firewall/SenderPermissionFilter.java @@ -34,8 +34,7 @@ class SenderPermissionFilter implements Filter { @Override public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, - String callerPackage, int callerUid, int callerPid, String resolvedType, - ApplicationInfo resolvedApp) { + int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { // We assume the component is exported here. If the component is not exported, then // ActivityManager would only resolve to this component for callers from the same uid. // In this case, it doesn't matter whether the component is exported or not. diff --git a/services/java/com/android/server/firewall/StringFilter.java b/services/java/com/android/server/firewall/StringFilter.java index de5a69f..ed5d3f3 100644 --- a/services/java/com/android/server/firewall/StringFilter.java +++ b/services/java/com/android/server/firewall/StringFilter.java @@ -119,10 +119,9 @@ abstract class StringFilter implements Filter { protected abstract boolean matchesValue(String value); @Override - public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage, + public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { - String value = mValueProvider.getValue(intent, callerApp, callerPackage, resolvedType, - resolvedApp); + String value = mValueProvider.getValue(intent, callerApp, resolvedType, resolvedApp); return matchesValue(value); } @@ -137,7 +136,7 @@ abstract class StringFilter implements Filter { } public abstract String getValue(Intent intent, ApplicationInfo callerApp, - String callerPackage, String resolvedType, ApplicationInfo resolvedApp); + String resolvedType, ApplicationInfo resolvedApp); } private static class EqualsFilter extends StringFilter { @@ -231,8 +230,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider COMPONENT = new ValueProvider("component") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { ComponentName cn = intent.getComponent(); if (cn != null) { return cn.flattenToString(); @@ -243,8 +242,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider COMPONENT_NAME = new ValueProvider("component-name") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { ComponentName cn = intent.getComponent(); if (cn != null) { return cn.getClassName(); @@ -255,8 +254,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider COMPONENT_PACKAGE = new ValueProvider("component-package") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { ComponentName cn = intent.getComponent(); if (cn != null) { return cn.getPackageName(); @@ -265,28 +264,18 @@ abstract class StringFilter implements Filter { } }; - public static final ValueProvider SENDER_PACKAGE = new ValueProvider("sender-package") { - @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { - // TODO: We can't trust this value, so maybe should check all packages in the caller process? - return callerPackage; - } - }; - - public static final FilterFactory ACTION = new ValueProvider("action") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { return intent.getAction(); } }; public static final ValueProvider DATA = new ValueProvider("data") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { Uri data = intent.getData(); if (data != null) { return data.toString(); @@ -297,16 +286,16 @@ abstract class StringFilter implements Filter { public static final ValueProvider MIME_TYPE = new ValueProvider("mime-type") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { return resolvedType; } }; public static final ValueProvider SCHEME = new ValueProvider("scheme") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { Uri data = intent.getData(); if (data != null) { return data.getScheme(); @@ -317,8 +306,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider SSP = new ValueProvider("scheme-specific-part") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { Uri data = intent.getData(); if (data != null) { return data.getSchemeSpecificPart(); @@ -329,8 +318,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider HOST = new ValueProvider("host") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { Uri data = intent.getData(); if (data != null) { return data.getHost(); @@ -341,8 +330,8 @@ abstract class StringFilter implements Filter { public static final ValueProvider PATH = new ValueProvider("path") { @Override - public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage, - String resolvedType, ApplicationInfo resolvedApp) { + public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType, + ApplicationInfo resolvedApp) { Uri data = intent.getData(); if (data != null) { return data.getPath(); |