1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
|
/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.firewall;
import android.app.AppGlobals;
import android.content.ComponentName;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
import android.content.pm.PackageManager;
import android.os.Environment;
import android.os.FileObserver;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.os.RemoteException;
import android.util.ArrayMap;
import android.util.Slog;
import android.util.Xml;
import com.android.internal.util.ArrayUtils;
import com.android.internal.util.XmlUtils;
import com.android.server.EventLogTags;
import com.android.server.IntentResolver;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
public class IntentFirewall {
static final String TAG = "IntentFirewall";
// e.g. /data/system/ifw or /data/secure/system/ifw
private static final File RULES_DIR = new File(Environment.getSystemSecureDirectory(), "ifw");
private static final int LOG_PACKAGES_MAX_LENGTH = 150;
private static final int LOG_PACKAGES_SUFFICIENT_LENGTH = 125;
private static final String TAG_RULES = "rules";
private static final String TAG_ACTIVITY = "activity";
private static final String TAG_SERVICE = "service";
private static final String TAG_BROADCAST = "broadcast";
private static final int TYPE_ACTIVITY = 0;
private static final int TYPE_BROADCAST = 1;
private static final int TYPE_SERVICE = 2;
private static final HashMap<String, FilterFactory> factoryMap;
private final AMSInterface mAms;
private final RuleObserver mObserver;
private FirewallIntentResolver mActivityResolver = new FirewallIntentResolver();
private FirewallIntentResolver mBroadcastResolver = new FirewallIntentResolver();
private FirewallIntentResolver mServiceResolver = new FirewallIntentResolver();
static {
FilterFactory[] factories = new FilterFactory[] {
AndFilter.FACTORY,
OrFilter.FACTORY,
NotFilter.FACTORY,
StringFilter.ACTION,
StringFilter.COMPONENT,
StringFilter.COMPONENT_NAME,
StringFilter.COMPONENT_PACKAGE,
StringFilter.DATA,
StringFilter.HOST,
StringFilter.MIME_TYPE,
StringFilter.SCHEME,
StringFilter.PATH,
StringFilter.SSP,
CategoryFilter.FACTORY,
SenderFilter.FACTORY,
SenderPermissionFilter.FACTORY,
PortFilter.FACTORY
};
// load factor ~= .75
factoryMap = new HashMap<String, FilterFactory>(factories.length * 4 / 3);
for (int i=0; i<factories.length; i++) {
FilterFactory factory = factories[i];
factoryMap.put(factory.getTagName(), factory);
}
}
public IntentFirewall(AMSInterface ams, Handler handler) {
mAms = ams;
mHandler = new FirewallHandler(handler.getLooper());
File rulesDir = getRulesDir();
rulesDir.mkdirs();
readRulesDir(rulesDir);
mObserver = new RuleObserver(rulesDir);
mObserver.startWatching();
}
/**
* This is called from ActivityManager to check if a start activity intent should be allowed.
* It is assumed the caller is already holding the global ActivityManagerService lock.
*/
public boolean checkStartActivity(Intent intent, int callerUid, int callerPid,
String resolvedType, ApplicationInfo resolvedApp) {
return checkIntent(mActivityResolver, intent.getComponent(), TYPE_ACTIVITY, intent,
callerUid, callerPid, resolvedType, resolvedApp.uid);
}
public boolean checkService(ComponentName resolvedService, Intent intent, int callerUid,
int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
return checkIntent(mServiceResolver, resolvedService, TYPE_SERVICE, intent, callerUid,
callerPid, resolvedType, resolvedApp.uid);
}
public boolean checkBroadcast(Intent intent, int callerUid, int callerPid,
String resolvedType, int receivingUid) {
return checkIntent(mBroadcastResolver, intent.getComponent(), TYPE_BROADCAST, intent,
callerUid, callerPid, resolvedType, receivingUid);
}
public boolean checkIntent(FirewallIntentResolver resolver, ComponentName resolvedComponent,
int intentType, Intent intent, int callerUid, int callerPid, String resolvedType,
int receivingUid) {
boolean log = false;
boolean block = false;
// For the first pass, find all the rules that have at least one intent-filter or
// component-filter that matches this intent
List<Rule> candidateRules;
candidateRules = resolver.queryIntent(intent, resolvedType, false, 0);
if (candidateRules == null) {
candidateRules = new ArrayList<Rule>();
}
resolver.queryByComponent(resolvedComponent, candidateRules);
// For the second pass, try to match the potentially more specific conditions in each
// rule against the intent
for (int i=0; i<candidateRules.size(); i++) {
Rule rule = candidateRules.get(i);
if (rule.matches(this, resolvedComponent, intent, callerUid, callerPid, resolvedType,
receivingUid)) {
block |= rule.getBlock();
log |= rule.getLog();
// if we've already determined that we should both block and log, there's no need
// to continue trying rules
if (block && log) {
break;
}
}
}
if (log) {
logIntent(intentType, intent, callerUid, resolvedType);
}
return !block;
}
private static void logIntent(int intentType, Intent intent, int callerUid,
String resolvedType) {
// The component shouldn't be null, but let's double check just to be safe
ComponentName cn = intent.getComponent();
String shortComponent = null;
if (cn != null) {
shortComponent = cn.flattenToShortString();
}
String callerPackages = null;
int callerPackageCount = 0;
IPackageManager pm = AppGlobals.getPackageManager();
if (pm != null) {
try {
String[] callerPackagesArray = pm.getPackagesForUid(callerUid);
if (callerPackagesArray != null) {
callerPackageCount = callerPackagesArray.length;
callerPackages = joinPackages(callerPackagesArray);
}
} catch (RemoteException ex) {
Slog.e(TAG, "Remote exception while retrieving packages", ex);
}
}
EventLogTags.writeIfwIntentMatched(intentType, shortComponent, callerUid,
callerPackageCount, callerPackages, intent.getAction(), resolvedType,
intent.getDataString(), intent.getFlags());
}
/**
* Joins a list of package names such that the resulting string is no more than
* LOG_PACKAGES_MAX_LENGTH.
*
* Only full package names will be added to the result, unless every package is longer than the
* limit, in which case one of the packages will be truncated and added. In this case, an
* additional '-' character will be added to the end of the string, to denote the truncation.
*
* If it encounters a package that won't fit in the remaining space, it will continue on to the
* next package, unless the total length of the built string so far is greater than
* LOG_PACKAGES_SUFFICIENT_LENGTH, in which case it will stop and return what it has.
*/
private static String joinPackages(String[] packages) {
boolean first = true;
StringBuilder sb = new StringBuilder();
for (int i=0; i<packages.length; i++) {
String pkg = packages[i];
// + 1 length for the comma. This logic technically isn't correct for the first entry,
// but it's not critical.
if (sb.length() + pkg.length() + 1 < LOG_PACKAGES_MAX_LENGTH) {
if (!first) {
sb.append(',');
} else {
first = false;
}
sb.append(pkg);
} else if (sb.length() >= LOG_PACKAGES_SUFFICIENT_LENGTH) {
return sb.toString();
}
}
if (sb.length() == 0 && packages.length > 0) {
String pkg = packages[0];
// truncating from the end - the last part of the package name is more likely to be
// interesting/unique
return pkg.substring(pkg.length() - LOG_PACKAGES_MAX_LENGTH + 1) + '-';
}
return null;
}
public static File getRulesDir() {
return RULES_DIR;
}
/**
* Reads rules from all xml files (*.xml) in the given directory, and replaces our set of rules
* with the newly read rules.
*
* We only check for files ending in ".xml", to allow for temporary files that are atomically
* renamed to .xml
*
* All calls to this method from the file observer come through a handler and are inherently
* serialized
*/
private void readRulesDir(File rulesDir) {
FirewallIntentResolver[] resolvers = new FirewallIntentResolver[3];
for (int i=0; i<resolvers.length; i++) {
resolvers[i] = new FirewallIntentResolver();
}
File[] files = rulesDir.listFiles();
if (files != null) {
for (int i=0; i<files.length; i++) {
File file = files[i];
if (file.getName().endsWith(".xml")) {
readRules(file, resolvers);
}
}
}
Slog.i(TAG, "Read new rules (A:" + resolvers[TYPE_ACTIVITY].filterSet().size() +
" B:" + resolvers[TYPE_BROADCAST].filterSet().size() +
" S:" + resolvers[TYPE_SERVICE].filterSet().size() + ")");
synchronized (mAms.getAMSLock()) {
mActivityResolver = resolvers[TYPE_ACTIVITY];
mBroadcastResolver = resolvers[TYPE_BROADCAST];
mServiceResolver = resolvers[TYPE_SERVICE];
}
}
/**
* Reads rules from the given file and add them to the given resolvers
*/
private void readRules(File rulesFile, FirewallIntentResolver[] resolvers) {
// some temporary lists to hold the rules while we parse the xml file, so that we can
// add the rules all at once, after we know there weren't any major structural problems
// with the xml file
List<List<Rule>> rulesByType = new ArrayList<List<Rule>>(3);
for (int i=0; i<3; i++) {
rulesByType.add(new ArrayList<Rule>());
}
FileInputStream fis;
try {
fis = new FileInputStream(rulesFile);
} catch (FileNotFoundException ex) {
// Nope, no rules. Nothing else to do!
return;
}
try {
XmlPullParser parser = Xml.newPullParser();
parser.setInput(fis, null);
XmlUtils.beginDocument(parser, TAG_RULES);
int outerDepth = parser.getDepth();
while (XmlUtils.nextElementWithin(parser, outerDepth)) {
int ruleType = -1;
String tagName = parser.getName();
if (tagName.equals(TAG_ACTIVITY)) {
ruleType = TYPE_ACTIVITY;
} else if (tagName.equals(TAG_BROADCAST)) {
ruleType = TYPE_BROADCAST;
} else if (tagName.equals(TAG_SERVICE)) {
ruleType = TYPE_SERVICE;
}
if (ruleType != -1) {
Rule rule = new Rule();
List<Rule> rules = rulesByType.get(ruleType);
// if we get an error while parsing a particular rule, we'll just ignore
// that rule and continue on with the next rule
try {
rule.readFromXml(parser);
} catch (XmlPullParserException ex) {
Slog.e(TAG, "Error reading an intent firewall rule from " + rulesFile, ex);
continue;
}
rules.add(rule);
}
}
} catch (XmlPullParserException ex) {
// if there was an error outside of a specific rule, then there are probably
// structural problems with the xml file, and we should completely ignore it
Slog.e(TAG, "Error reading intent firewall rules from " + rulesFile, ex);
return;
} catch (IOException ex) {
Slog.e(TAG, "Error reading intent firewall rules from " + rulesFile, ex);
return;
} finally {
try {
fis.close();
} catch (IOException ex) {
Slog.e(TAG, "Error while closing " + rulesFile, ex);
}
}
for (int ruleType=0; ruleType<rulesByType.size(); ruleType++) {
List<Rule> rules = rulesByType.get(ruleType);
FirewallIntentResolver resolver = resolvers[ruleType];
for (int ruleIndex=0; ruleIndex<rules.size(); ruleIndex++) {
Rule rule = rules.get(ruleIndex);
for (int i=0; i<rule.getIntentFilterCount(); i++) {
resolver.addFilter(rule.getIntentFilter(i));
}
for (int i=0; i<rule.getComponentFilterCount(); i++) {
resolver.addComponentFilter(rule.getComponentFilter(i), rule);
}
}
}
}
static Filter parseFilter(XmlPullParser parser) throws IOException, XmlPullParserException {
String elementName = parser.getName();
FilterFactory factory = factoryMap.get(elementName);
if (factory == null) {
throw new XmlPullParserException("Unknown element in filter list: " + elementName);
}
return factory.newFilter(parser);
}
/**
* Represents a single activity/service/broadcast rule within one of the xml files.
*
* Rules are matched against an incoming intent in two phases. The goal of the first phase
* is to select a subset of rules that might match a given intent.
*
* For the first phase, we use a combination of intent filters (via an IntentResolver)
* and component filters to select which rules to check. If a rule has multiple intent or
* component filters, only a single filter must match for the rule to be passed on to the
* second phase.
*
* In the second phase, we check the specific conditions in each rule against the values in the
* intent. All top level conditions (but not filters) in the rule must match for the rule as a
* whole to match.
*
* If the rule matches, then we block or log the intent, as specified by the rule. If multiple
* rules match, we combine the block/log flags from any matching rule.
*/
private static class Rule extends AndFilter {
private static final String TAG_INTENT_FILTER = "intent-filter";
private static final String TAG_COMPONENT_FILTER = "component-filter";
private static final String ATTR_NAME = "name";
private static final String ATTR_BLOCK = "block";
private static final String ATTR_LOG = "log";
private final ArrayList<FirewallIntentFilter> mIntentFilters =
new ArrayList<FirewallIntentFilter>(1);
private final ArrayList<ComponentName> mComponentFilters = new ArrayList<ComponentName>(0);
private boolean block;
private boolean log;
@Override
public Rule readFromXml(XmlPullParser parser) throws IOException, XmlPullParserException {
block = Boolean.parseBoolean(parser.getAttributeValue(null, ATTR_BLOCK));
log = Boolean.parseBoolean(parser.getAttributeValue(null, ATTR_LOG));
super.readFromXml(parser);
return this;
}
@Override
protected void readChild(XmlPullParser parser) throws IOException, XmlPullParserException {
String currentTag = parser.getName();
if (currentTag.equals(TAG_INTENT_FILTER)) {
FirewallIntentFilter intentFilter = new FirewallIntentFilter(this);
intentFilter.readFromXml(parser);
mIntentFilters.add(intentFilter);
} else if (currentTag.equals(TAG_COMPONENT_FILTER)) {
String componentStr = parser.getAttributeValue(null, ATTR_NAME);
if (componentStr == null) {
throw new XmlPullParserException("Component name must be specified.",
parser, null);
}
ComponentName componentName = ComponentName.unflattenFromString(componentStr);
if (componentName == null) {
throw new XmlPullParserException("Invalid component name: " + componentStr);
}
mComponentFilters.add(componentName);
} else {
super.readChild(parser);
}
}
public int getIntentFilterCount() {
return mIntentFilters.size();
}
public FirewallIntentFilter getIntentFilter(int index) {
return mIntentFilters.get(index);
}
public int getComponentFilterCount() {
return mComponentFilters.size();
}
public ComponentName getComponentFilter(int index) {
return mComponentFilters.get(index);
}
public boolean getBlock() {
return block;
}
public boolean getLog() {
return log;
}
}
private static class FirewallIntentFilter extends IntentFilter {
private final Rule rule;
public FirewallIntentFilter(Rule rule) {
this.rule = rule;
}
}
private static class FirewallIntentResolver
extends IntentResolver<FirewallIntentFilter, Rule> {
@Override
protected boolean allowFilterResult(FirewallIntentFilter filter, List<Rule> dest) {
return !dest.contains(filter.rule);
}
@Override
protected boolean isPackageForFilter(String packageName, FirewallIntentFilter filter) {
return true;
}
@Override
protected FirewallIntentFilter[] newArray(int size) {
return new FirewallIntentFilter[size];
}
@Override
protected Rule newResult(FirewallIntentFilter filter, int match, int userId) {
return filter.rule;
}
@Override
protected void sortResults(List<Rule> results) {
// there's no need to sort the results
return;
}
public void queryByComponent(ComponentName componentName, List<Rule> candidateRules) {
Rule[] rules = mRulesByComponent.get(componentName);
if (rules != null) {
candidateRules.addAll(Arrays.asList(rules));
}
}
public void addComponentFilter(ComponentName componentName, Rule rule) {
Rule[] rules = mRulesByComponent.get(componentName);
rules = ArrayUtils.appendElement(Rule.class, rules, rule);
mRulesByComponent.put(componentName, rules);
}
private final ArrayMap<ComponentName, Rule[]> mRulesByComponent =
new ArrayMap<ComponentName, Rule[]>(0);
}
final FirewallHandler mHandler;
private final class FirewallHandler extends Handler {
public FirewallHandler(Looper looper) {
super(looper, null, true);
}
@Override
public void handleMessage(Message msg) {
readRulesDir(getRulesDir());
}
};
/**
* Monitors for the creation/deletion/modification of any .xml files in the rule directory
*/
private class RuleObserver extends FileObserver {
private static final int MONITORED_EVENTS = FileObserver.CREATE|FileObserver.MOVED_TO|
FileObserver.CLOSE_WRITE|FileObserver.DELETE|FileObserver.MOVED_FROM;
public RuleObserver(File monitoredDir) {
super(monitoredDir.getAbsolutePath(), MONITORED_EVENTS);
}
@Override
public void onEvent(int event, String path) {
if (path.endsWith(".xml")) {
// we wait 250ms before taking any action on an event, in order to dedup multiple
// events. E.g. a delete event followed by a create event followed by a subsequent
// write+close event
mHandler.removeMessages(0);
mHandler.sendEmptyMessageDelayed(0, 250);
}
}
}
/**
* This interface contains the methods we need from ActivityManagerService. This allows AMS to
* export these methods to us without making them public, and also makes it easier to test this
* component.
*/
public interface AMSInterface {
int checkComponentPermission(String permission, int pid, int uid,
int owningUid, boolean exported);
Object getAMSLock();
}
/**
* Checks if the caller has access to a component
*
* @param permission If present, the caller must have this permission
* @param pid The pid of the caller
* @param uid The uid of the caller
* @param owningUid The uid of the application that owns the component
* @param exported Whether the component is exported
* @return True if the caller can access the described component
*/
boolean checkComponentPermission(String permission, int pid, int uid, int owningUid,
boolean exported) {
return mAms.checkComponentPermission(permission, pid, uid, owningUid, exported) ==
PackageManager.PERMISSION_GRANTED;
}
boolean signaturesMatch(int uid1, int uid2) {
try {
IPackageManager pm = AppGlobals.getPackageManager();
return pm.checkUidSignatures(uid1, uid2) == PackageManager.SIGNATURE_MATCH;
} catch (RemoteException ex) {
Slog.e(TAG, "Remote exception while checking signatures", ex);
return false;
}
}
}
|
