diff options
| author | 2016-12-22 17:09:09 +0000 | |
|---|---|---|
| committer | 2016-12-22 17:09:09 +0000 | |
| commit | 0a8978f04b4cc2e273545568b424756ee5a40a3d (patch) | |
| tree | e997acff88142ee387d59b8c4a35cd0d716395b3 | |
| parent | ae7d4b13399d3fc0a3a57fe5082b6db89ec6e23f (diff) | |
| parent | 3380a775163f480f39d41572b06c433d45d42f79 (diff) | |
Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872
am: 3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
| -rw-r--r-- | services/core/java/com/android/server/LocationManagerService.java | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/LocationManagerService.java b/services/core/java/com/android/server/LocationManagerService.java index 28a6917cb0c7..0d0a835293e2 100644 --- a/services/core/java/com/android/server/LocationManagerService.java +++ b/services/core/java/com/android/server/LocationManagerService.java @@ -85,6 +85,8 @@ import android.os.UserHandle; import android.os.UserManager; import android.os.WorkSource; import android.provider.Settings; +import android.text.TextUtils; +import android.util.EventLog; import android.util.Log; import android.util.Slog; @@ -2432,9 +2434,22 @@ public class LocationManagerService extends ILocationManager.Stub { if (mockProvider == null) { throw new IllegalArgumentException("Provider \"" + provider + "\" unknown"); } + + // Ensure that the location is marked as being mock. There's some logic to do this in + // handleLocationChanged(), but it fails if loc has the wrong provider (bug 33091107). + Location mock = new Location(loc); + mock.setIsFromMockProvider(true); + + if (!TextUtils.isEmpty(loc.getProvider()) && !provider.equals(loc.getProvider())) { + // The location has an explicit provider that is different from the mock provider + // name. The caller may be trying to fool us via bug 33091107. + EventLog.writeEvent(0x534e4554, "33091107", Binder.getCallingUid(), + provider + "!=" + loc.getProvider()); + } + // clear calling identity so INSTALL_LOCATION_PROVIDER permission is not required long identity = Binder.clearCallingIdentity(); - mockProvider.setLocation(loc); + mockProvider.setLocation(mock); Binder.restoreCallingIdentity(identity); } } |