From b7583ae4c856162aeac18f4169cfa1d06aa641a8 Mon Sep 17 00:00:00 2001 From: Adnan Begovic Date: Wed, 18 May 2016 14:12:12 -0700 Subject: am: Handle unchecked activity starts for protected components. Previously if you received a notification from a protected app, since AM would state that the calling package was also the target package, the protected apps implementation would allow you to launch into the application. Mitigate this by hooking into the unchecked activity start stack (pending intent launches) globally. Change-Id: I0371593ade9e4af2554962873d89a0f82a639b57 TICKET: PAELLA-216 FEIJ-160 FEIJ-177 --- .../android/app/ApplicationPackageManager.java | 6 +++-- core/java/android/content/pm/IPackageManager.aidl | 4 ++-- core/java/android/content/pm/PackageManager.java | 2 +- .../android/server/am/ActivityStackSupervisor.java | 26 +++++++++++++++++++++- .../android/server/pm/PackageManagerService.java | 24 +++++++++++++++++--- .../src/android/test/mock/MockPackageManager.java | 3 ++- 6 files changed, 55 insertions(+), 10 deletions(-) diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index db4e123..c829daa 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -2048,9 +2048,11 @@ final class ApplicationPackageManager extends PackageManager { /** @hide */ @Override - public boolean isComponentProtected(String callingPackage, ComponentName componentName) { + public boolean isComponentProtected(String callingPackage, int callingUid, + ComponentName componentName) { try { - return mPM.isComponentProtected(callingPackage, componentName, mContext.getUserId()); + return mPM.isComponentProtected(callingPackage, callingUid, componentName, + mContext.getUserId()); } catch (RemoteException re) { Log.e(TAG, "Failed to get component protected setting", re); return false; diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl index 6d8b5cb..a3329db 100644 --- a/core/java/android/content/pm/IPackageManager.aidl +++ b/core/java/android/content/pm/IPackageManager.aidl @@ -521,6 +521,6 @@ interface IPackageManager { int processThemeResources(String themePkgName); /** Protected Apps */ - boolean isComponentProtected(in String callingPackage, in ComponentName componentName, - int userId); + boolean isComponentProtected(in String callingPackage, in int callingUid, + in ComponentName componentName, int userId); } diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java index 529d641..8f0500e 100644 --- a/core/java/android/content/pm/PackageManager.java +++ b/core/java/android/content/pm/PackageManager.java @@ -4564,7 +4564,7 @@ public abstract class PackageManager { * Return whether or not a specific component is protected * @hide */ - public abstract boolean isComponentProtected(String callingPackage, + public abstract boolean isComponentProtected(String callingPackage, int callingUid, ComponentName componentName); /** diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java index 48ac172..4cc5370 100644 --- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java +++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java @@ -961,7 +961,8 @@ public final class ActivityStackSupervisor implements DisplayListener { //TODO: This needs to be a flushed out API in the future. boolean isProtected = intent.getComponent() != null && AppGlobals.getPackageManager() - .isComponentProtected(callingPackage, intent.getComponent(), userId) && + .isComponentProtected(callingPackage, callingUid, + intent.getComponent(), userId) && (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0; if (isProtected) { @@ -977,6 +978,7 @@ public final class ActivityStackSupervisor implements DisplayListener { } catch (RemoteException e) { e.printStackTrace(); } + final int realCallingPid = Binder.getCallingPid(); final int realCallingUid = Binder.getCallingUid(); int callingPid; @@ -1873,6 +1875,28 @@ public final class ActivityStackSupervisor implements DisplayListener { inTask = null; } + try { + //TODO: This needs to be a flushed out API in the future. + boolean isProtected = intent.getComponent() != null + && AppGlobals.getPackageManager() + .isComponentProtected(null, r.launchedFromUid, + intent.getComponent(), r.userId) && + (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0; + + if (isProtected) { + Message msg = mService.mHandler.obtainMessage( + ActivityManagerService.POST_COMPONENT_PROTECTED_MSG); + //Store start flags, userid + intent.setFlags(startFlags); + intent.putExtra("com.android.settings.PROTECTED_APPS_USER_ID", r.userId); + msg.obj = intent; + mService.mHandler.sendMessage(msg); + return ActivityManager.START_NOT_CURRENT_USER_ACTIVITY; + } + } catch (RemoteException e) { + e.printStackTrace(); + } + final boolean launchSingleTop = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TOP; final boolean launchSingleInstance = r.launchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE; final boolean launchSingleTask = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TASK; diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 0e174c3..e1f94ce 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -17265,10 +17265,12 @@ public class PackageManagerService extends IPackageManager.Stub { } @Override - public boolean isComponentProtected(String callingPackage, + public boolean isComponentProtected(String callingPackage, int callingUid, ComponentName componentName, int userId) { if (DEBUG_PROTECTED) Log.d(TAG, "Checking if component is protected " - + componentName.flattenToShortString() + " from calling package " + callingPackage); + + componentName.flattenToShortString() + " from calling package " + callingPackage + + " and callinguid " + callingUid); + enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "set protected"); //Allow managers full access @@ -17289,8 +17291,24 @@ public class PackageManagerService extends IPackageManager.Stub { return false; } + //If this component is launched from a validation component, allow it. if (TextUtils.equals(PROTECTED_APPS_TARGET_VALIDATION_COMPONENT, - componentName.flattenToString())) { + componentName.flattenToString()) && callingUid == Process.SYSTEM_UID) { + return false; + } + + //If this component is launched from the system or a uid of a protected component, allow it. + boolean fromProtectedComponentUid = false; + for (String protectedComponentManager : protectedComponentManagers) { + if (callingUid == getPackageUid(protectedComponentManager, userId)) { + fromProtectedComponentUid = true; + } + } + + if (callingPackage == null && (callingUid == Process.SYSTEM_UID + || fromProtectedComponentUid)) { + if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " + + "protected manager, allow"); return false; } diff --git a/test-runner/src/android/test/mock/MockPackageManager.java b/test-runner/src/android/test/mock/MockPackageManager.java index d3e2bfd..bd0a89a 100644 --- a/test-runner/src/android/test/mock/MockPackageManager.java +++ b/test-runner/src/android/test/mock/MockPackageManager.java @@ -904,7 +904,8 @@ public class MockPackageManager extends PackageManager { * @hide */ @Override - public boolean isComponentProtected(String callingPackage, ComponentName componentName) { + public boolean isComponentProtected(String callingPackage, int callingUid, + ComponentName componentName) { throw new UnsupportedOperationException(); } -- cgit v1.1