From 2ca88f66521ac410d070b4fb82792a0512ba5044 Mon Sep 17 00:00:00 2001
From: Adnan Begovic <adnan@cyngn.com>
Date: Tue, 24 May 2016 22:36:41 -0700
Subject: pm: Use sourcerecord if available for protected app validation.

  A source record serves as a beneficial historical record to
  see if an activity start has been redirected numerous times.

  This fixes issues where applications that redirect implicitly
  and are protected would constantly spam to be authed.

Change-Id: Ibeb9eae4279a0cdd65635392316eabb485adfa27
TICKET: PAELLA-216 FEIJ-160 FEIJ-177
---
 .../core/java/com/android/server/am/ActivityStackSupervisor.java   | 5 +++--
 .../core/java/com/android/server/pm/PackageManagerService.java     | 7 +++----
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'services/core')

diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 4cc5370..28ea006 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -1879,11 +1879,12 @@ public final class ActivityStackSupervisor implements DisplayListener {
             //TODO: This needs to be a flushed out API in the future.
             boolean isProtected = intent.getComponent() != null
                     && AppGlobals.getPackageManager()
-                    .isComponentProtected(null, r.launchedFromUid,
+                    .isComponentProtected(sourceRecord == null ? "android" :
+                                    sourceRecord.launchedFromPackage, r.launchedFromUid,
                             intent.getComponent(), r.userId) &&
                     (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;
 
-            if (isProtected) {
+            if (isProtected && r.state == INITIALIZING) {
                 Message msg = mService.mHandler.obtainMessage(
                         ActivityManagerService.POST_COMPONENT_PROTECTED_MSG);
                 //Store start flags, userid
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index adb1be8..4597031 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -17307,10 +17307,9 @@ public class PackageManagerService extends IPackageManager.Stub {
             }
         }
 
-        if (callingPackage == null && (callingUid == Process.SYSTEM_UID
-                || fromProtectedComponentUid)) {
-            if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " +
-                    "protected manager, allow");
+        if (TextUtils.equals(callingPackage, "android") && callingUid == Process.SYSTEM_UID
+                || callingPackage == null && fromProtectedComponentUid) {
+            if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android or manager, allow");
             return false;
         }
 
-- 
cgit v1.1