diff options
author | Ben Gruver <bgruv@google.com> | 2012-09-28 10:58:25 -0700 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2012-09-28 10:58:26 -0700 |
commit | 8b16399014e108b82fda1b4e6ec044ea664e61fb (patch) | |
tree | 5b1b0c7eab5de168e013a17195b64c92f8e33db8 | |
parent | 85a283f278ccacaec93af63e0570c6f96858db68 (diff) | |
parent | d58f150060e9300038ff86eeeffc86c2440303c8 (diff) | |
download | packages_apps_packageinstaller-8b16399014e108b82fda1b4e6ec044ea664e61fb.zip packages_apps_packageinstaller-8b16399014e108b82fda1b4e6ec044ea664e61fb.tar.gz packages_apps_packageinstaller-8b16399014e108b82fda1b4e6ec044ea664e61fb.tar.bz2 |
Merge "Determine the originating uid for an install" into jb-mr1-dev
-rwxr-xr-x | src/com/android/packageinstaller/InstallAppProgress.java | 4 | ||||
-rw-r--r-- | src/com/android/packageinstaller/PackageInstallerActivity.java | 82 |
2 files changed, 84 insertions, 2 deletions
diff --git a/src/com/android/packageinstaller/InstallAppProgress.java b/src/com/android/packageinstaller/InstallAppProgress.java index e281fd3..fc82078 100755 --- a/src/com/android/packageinstaller/InstallAppProgress.java +++ b/src/com/android/packageinstaller/InstallAppProgress.java @@ -252,8 +252,10 @@ public class InstallAppProgress extends Activity implements View.OnClickListener Intent.EXTRA_INSTALLER_PACKAGE_NAME); Uri originatingURI = getIntent().getParcelableExtra(Intent.EXTRA_ORIGINATING_URI); Uri referrer = getIntent().getParcelableExtra(Intent.EXTRA_REFERRER); + int originatingUid = getIntent().getIntExtra(Intent.EXTRA_ORIGINATING_UID, + VerificationParams.NO_UID); VerificationParams verificationParams = new VerificationParams(null, originatingURI, - referrer, null); + referrer, originatingUid, null); PackageInstallObserver observer = new PackageInstallObserver(); if ("package".equals(mPackageURI.getScheme())) { diff --git a/src/com/android/packageinstaller/PackageInstallerActivity.java b/src/com/android/packageinstaller/PackageInstallerActivity.java index 8771a3e..d0c50fc 100644 --- a/src/com/android/packageinstaller/PackageInstallerActivity.java +++ b/src/com/android/packageinstaller/PackageInstallerActivity.java @@ -17,6 +17,7 @@ package com.android.packageinstaller; import android.app.Activity; +import android.app.ActivityManagerNative; import android.app.AlertDialog; import android.app.Dialog; import android.content.Context; @@ -30,6 +31,7 @@ import android.content.pm.PackageManager; import android.content.pm.PackageUserState; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageParser; +import android.content.pm.VerificationParams; import android.graphics.Rect; import android.net.Uri; import android.os.Bundle; @@ -66,6 +68,8 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen private Uri mPackageURI; private Uri mOriginatingURI; private Uri mReferrerURI; + private int mOriginatingUid = VerificationParams.NO_UID; + private boolean localLOGV = false; PackageManager mPm; PackageInfo mPkgInfo; @@ -524,6 +528,8 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen mInstallConfirm.setVisibility(View.INVISIBLE); PackageUtil.initSnippetForNewApp(this, as, R.id.app_snippet); + mOriginatingUid = getOriginatingUid(intent); + // Deal with install source. String callerPackage = getCallingPackage(); if (callerPackage != null && intent.getBooleanExtra( @@ -563,7 +569,78 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen } initiateInstall(); } - + + /** Get the ApplicationInfo for the calling package, if available */ + private ApplicationInfo getSourceInfo() { + String callingPackage = getCallingPackage(); + if (callingPackage != null) { + try { + return mPm.getApplicationInfo(callingPackage, 0); + } catch (NameNotFoundException ex) { + // ignore + } + } + return null; + } + + + /** Get the originating uid if possible, or VerificationParams.NO_UID if not available */ + private int getOriginatingUid(Intent intent) { + // The originating uid from the intent. We only trust/use this if it comes from a + // system application + int uidFromIntent = intent.getIntExtra(Intent.EXTRA_ORIGINATING_UID, + VerificationParams.NO_UID); + + // Get the source info from the calling package, if available. This will be the + // definitive calling package, but it only works if the intent was started using + // startActivityForResult, + ApplicationInfo sourceInfo = getSourceInfo(); + if (sourceInfo != null) { + if (uidFromIntent != VerificationParams.NO_UID && + (mSourceInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { + return uidFromIntent; + + } + // We either didn't get a uid in the intent, or we don't trust it. Use the + // uid of the calling package instead. + return sourceInfo.uid; + } + + // We couldn't get the specific calling package. Let's get the uid instead + int callingUid; + try { + callingUid = ActivityManagerNative.getDefault() + .getLaunchedFromUid(getActivityToken()); + } catch (android.os.RemoteException ex) { + Log.w(TAG, "Could not determine the launching uid."); + // nothing else we can do + return VerificationParams.NO_UID; + } + + // If we got a uid from the intent, we need to verify that the caller is a + // system package before we use it + if (uidFromIntent != VerificationParams.NO_UID) { + String[] callingPackages = mPm.getPackagesForUid(callingUid); + if (callingPackages != null) { + for (String packageName: callingPackages) { + try { + ApplicationInfo applicationInfo = + mPm.getApplicationInfo(packageName, 0); + + if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { + return uidFromIntent; + } + } catch (NameNotFoundException ex) { + // ignore it, and try the next package + } + } + } + } + // We either didn't get a uid from the intent, or we don't trust it. Use the + // calling uid instead. + return callingUid; + } + // Generic handling when pressing back key public void onCancel(DialogInterface dialog) { finish(); @@ -586,6 +663,9 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen if (mReferrerURI != null) { newIntent.putExtra(Intent.EXTRA_REFERRER, mReferrerURI); } + if (mOriginatingUid != VerificationParams.NO_UID) { + newIntent.putExtra(Intent.EXTRA_ORIGINATING_UID, mOriginatingUid); + } if (installerPackageName != null) { newIntent.putExtra(Intent.EXTRA_INSTALLER_PACKAGE_NAME, installerPackageName); |