From a92b91d7966350ad37f5c60586e5ccb9abc696be Mon Sep 17 00:00:00 2001 From: Scott Mertz Date: Thu, 4 Aug 2016 15:17:01 -0700 Subject: fw: enforce android.permission.PREVENT_SYSTEM_KEYS in system server Since privateFlags can be accessed and modified via reflection due to change 5d927c2d8e, the prevent system keys or prevent power keys flag can be set and deployed without ever calling setPrivateFlags directly. Move enforcing to system server to prevent app tampering. TICKET: CYAN-7921 (open source JIRA) Found by Maciej Krysztofiak Change-Id: I53c2804d0283692036f5cc95e6ad57821bc0655a --- core/java/android/view/Window.java | 7 ------- .../core/java/com/android/server/policy/PhoneWindowManager.java | 6 ++++++ services/core/java/com/android/server/wm/WindowManagerService.java | 2 ++ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/core/java/android/view/Window.java b/core/java/android/view/Window.java index 65577f0..50a926f 100644 --- a/core/java/android/view/Window.java +++ b/core/java/android/view/Window.java @@ -869,13 +869,6 @@ public abstract class Window { } private void setPrivateFlags(int flags, int mask) { - int preventFlags = WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_POWER_KEY | - WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_SYSTEM_KEYS; - - if ((flags & mask & preventFlags) != 0) { - mContext.enforceCallingOrSelfPermission("android.permission.PREVENT_SYSTEM_KEYS", - "No permission to prevent system key"); - } final WindowManager.LayoutParams attrs = getAttributes(); attrs.privateFlags = (attrs.privateFlags & ~mask) | (flags & mask); dispatchWindowAttributesChanged(attrs); diff --git a/services/core/java/com/android/server/policy/PhoneWindowManager.java b/services/core/java/com/android/server/policy/PhoneWindowManager.java index 755592f..8a29a30 100644 --- a/services/core/java/com/android/server/policy/PhoneWindowManager.java +++ b/services/core/java/com/android/server/policy/PhoneWindowManager.java @@ -2449,6 +2449,12 @@ public class PhoneWindowManager implements WindowManagerPolicy { attrs.subtreeSystemUiVisibility |= View.SYSTEM_UI_FLAG_LAYOUT_FULLSCREEN | View.SYSTEM_UI_FLAG_LAYOUT_HIDE_NAVIGATION; } + + if ((attrs.privateFlags & (WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_SYSTEM_KEYS | + WindowManager.LayoutParams.PRIVATE_FLAG_PREVENT_POWER_KEY)) != 0) { + mContext.enforceCallingOrSelfPermission(android.Manifest.permission.PREVENT_SYSTEM_KEYS, + "No permission to prevent system key"); + } } void readLidState() { diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index c519120..5c22d8b 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -3164,7 +3164,9 @@ public class WindowManagerService extends IWindowManager.Stub } if (attrs != null) { + Binder.restoreCallingIdentity(origId); mPolicy.adjustWindowParamsLw(attrs); + origId = Binder.clearCallingIdentity(); } // if they don't have the permission, mask out the status bar bits -- cgit v1.1