diff options
| author | 2016-03-22 16:13:48 +0000 | |
|---|---|---|
| committer | 2016-03-22 16:13:48 +0000 | |
| commit | 9888e00b7a36cd03821001a58e4ff86224e3d858 (patch) | |
| tree | dbf048d0ffc510d1300f2c5cbd187f0b0873c976 | |
| parent | fcf01503c5f04841bc0b2c51a2f30cffaf60a2f6 (diff) | |
Revert "Sanitize app op service inputs"
This reverts commit fcf01503c5f04841bc0b2c51a2f30cffaf60a2f6.
Bug: 26587386
Bug: 27759382
Change-Id: Iedfe3657b51c3965bcbddb6b2dc6dfbc1d7b9c37
| -rw-r--r-- | services/core/java/com/android/server/AppOpsService.java | 98 |
1 files changed, 30 insertions, 68 deletions
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java index 4bfd6dca1222..32f2d593f670 100644 --- a/services/core/java/com/android/server/AppOpsService.java +++ b/services/core/java/com/android/server/AppOpsService.java @@ -430,12 +430,8 @@ public class AppOpsService extends IAppOpsService.Stub { int[] ops) { mContext.enforcePermission(android.Manifest.permission.GET_APP_OPS_STATS, Binder.getCallingPid(), Binder.getCallingUid(), null); - String resolvedPackageName = resolvePackageName(uid, packageName); - if (resolvedPackageName == null) { - return Collections.emptyList(); - } synchronized (this) { - Ops pkgOps = getOpsRawLocked(uid, resolvedPackageName, false); + Ops pkgOps = getOpsLocked(uid, packageName, false); if (pkgOps == null) { return null; } @@ -453,7 +449,7 @@ public class AppOpsService extends IAppOpsService.Stub { private void pruneOp(Op op, int uid, String packageName) { if (op.time == 0 && op.rejectTime == 0) { - Ops ops = getOpsRawLocked(uid, packageName, false); + Ops ops = getOpsLocked(uid, packageName, false); if (ops != null) { ops.remove(op.op); if (ops.size() <= 0) { @@ -867,12 +863,8 @@ public class AppOpsService extends IAppOpsService.Stub { public int checkOperation(int code, int uid, String packageName) { verifyIncomingUid(uid); verifyIncomingOp(code); - String resolvedPackageName = resolvePackageName(uid, packageName); - if (resolvedPackageName == null) { - return AppOpsManager.MODE_IGNORED; - } synchronized (this) { - if (isOpRestricted(uid, code, resolvedPackageName)) { + if (isOpRestricted(uid, code, packageName)) { return AppOpsManager.MODE_IGNORED; } code = AppOpsManager.opToSwitch(code); @@ -883,7 +875,7 @@ public class AppOpsService extends IAppOpsService.Stub { return uidMode; } } - Op op = getOpLocked(code, uid, resolvedPackageName, false); + Op op = getOpLocked(code, uid, packageName, false); if (op == null) { return AppOpsManager.opToDefaultMode(code); } @@ -959,7 +951,6 @@ public class AppOpsService extends IAppOpsService.Stub { @Override public int checkPackage(int uid, String packageName) { - Preconditions.checkNotNull(packageName); synchronized (this) { if (getOpsRawLocked(uid, packageName, true) != null) { return AppOpsManager.MODE_ALLOWED; @@ -973,39 +964,26 @@ public class AppOpsService extends IAppOpsService.Stub { public int noteProxyOperation(int code, String proxyPackageName, int proxiedUid, String proxiedPackageName) { verifyIncomingOp(code); - final int proxyUid = Binder.getCallingUid(); - String resolveProxyPackageName = resolvePackageName(proxyUid, proxyPackageName); - if (resolveProxyPackageName == null) { - return AppOpsManager.MODE_IGNORED; - } - final int proxyMode = noteOperationUnchecked(code, proxyUid, - resolveProxyPackageName, -1, null); + final int proxyMode = noteOperationUnchecked(code, Binder.getCallingUid(), + proxyPackageName, -1, null); if (proxyMode != AppOpsManager.MODE_ALLOWED || Binder.getCallingUid() == proxiedUid) { return proxyMode; } - String resolveProxiedPackageName = resolvePackageName(proxiedUid, proxiedPackageName); - if (resolveProxiedPackageName == null) { - return AppOpsManager.MODE_IGNORED; - } - return noteOperationUnchecked(code, proxiedUid, resolveProxiedPackageName, - proxyMode, resolveProxyPackageName); + return noteOperationUnchecked(code, proxiedUid, proxiedPackageName, + Binder.getCallingUid(), proxyPackageName); } @Override public int noteOperation(int code, int uid, String packageName) { verifyIncomingUid(uid); verifyIncomingOp(code); - String resolvedPackageName = resolvePackageName(uid, packageName); - if (resolvedPackageName == null) { - return AppOpsManager.MODE_IGNORED; - } - return noteOperationUnchecked(code, uid, resolvedPackageName, 0, null); + return noteOperationUnchecked(code, uid, packageName, 0, null); } private int noteOperationUnchecked(int code, int uid, String packageName, int proxyUid, String proxyPackageName) { synchronized (this) { - Ops ops = getOpsRawLocked(uid, packageName, true); + Ops ops = getOpsLocked(uid, packageName, true); if (ops == null) { if (DEBUG) Log.d(TAG, "noteOperation: no op for code " + code + " uid " + uid + " package " + packageName); @@ -1053,20 +1031,16 @@ public class AppOpsService extends IAppOpsService.Stub { public int startOperation(IBinder token, int code, int uid, String packageName) { verifyIncomingUid(uid); verifyIncomingOp(code); - String resolvedPackageName = resolvePackageName(uid, packageName); - if (resolvedPackageName == null) { - return AppOpsManager.MODE_IGNORED; - } ClientState client = (ClientState)token; synchronized (this) { - Ops ops = getOpsRawLocked(uid, resolvedPackageName, true); + Ops ops = getOpsLocked(uid, packageName, true); if (ops == null) { if (DEBUG) Log.d(TAG, "startOperation: no op for code " + code + " uid " + uid - + " package " + resolvedPackageName); + + " package " + packageName); return AppOpsManager.MODE_ERRORED; } Op op = getOpLocked(ops, code, true); - if (isOpRestricted(uid, code, resolvedPackageName)) { + if (isOpRestricted(uid, code, packageName)) { return AppOpsManager.MODE_IGNORED; } final int switchCode = AppOpsManager.opToSwitch(code); @@ -1076,7 +1050,7 @@ public class AppOpsService extends IAppOpsService.Stub { if (uidMode != AppOpsManager.MODE_ALLOWED) { if (DEBUG) Log.d(TAG, "noteOperation: reject #" + op.mode + " for code " + switchCode + " (" + code + ") uid " + uid + " package " - + resolvedPackageName); + + packageName); op.rejectTime = System.currentTimeMillis(); return uidMode; } @@ -1084,13 +1058,12 @@ public class AppOpsService extends IAppOpsService.Stub { final Op switchOp = switchCode != code ? getOpLocked(ops, switchCode, true) : op; if (switchOp.mode != AppOpsManager.MODE_ALLOWED) { if (DEBUG) Log.d(TAG, "startOperation: reject #" + op.mode + " for code " - + switchCode + " (" + code + ") uid " + uid + " package " - + resolvedPackageName); + + switchCode + " (" + code + ") uid " + uid + " package " + packageName); op.rejectTime = System.currentTimeMillis(); return switchOp.mode; } if (DEBUG) Log.d(TAG, "startOperation: allowing code " + code + " uid " + uid - + " package " + resolvedPackageName); + + " package " + packageName); if (op.nesting == 0) { op.time = System.currentTimeMillis(); op.rejectTime = 0; @@ -1108,16 +1081,9 @@ public class AppOpsService extends IAppOpsService.Stub { public void finishOperation(IBinder token, int code, int uid, String packageName) { verifyIncomingUid(uid); verifyIncomingOp(code); - String resolvedPackageName = resolvePackageName(uid, packageName); - if (resolvedPackageName == null) { - return; - } - if (!(token instanceof ClientState)) { - return; - } - ClientState client = (ClientState) token; + ClientState client = (ClientState)token; synchronized (this) { - Op op = getOpLocked(code, uid, resolvedPackageName, true); + Op op = getOpLocked(code, uid, packageName, true); if (op == null) { return; } @@ -1133,9 +1099,6 @@ public class AppOpsService extends IAppOpsService.Stub { @Override public int permissionToOpCode(String permission) { - if (permission == null) { - return AppOpsManager.OP_NONE; - } return AppOpsManager.permissionToOpCode(permission); } @@ -1185,6 +1148,15 @@ public class AppOpsService extends IAppOpsService.Stub { return uidState; } + private Ops getOpsLocked(int uid, String packageName, boolean edit) { + if (uid == 0) { + packageName = "root"; + } else if (uid == Process.SHELL_UID) { + packageName = "com.android.shell"; + } + return getOpsRawLocked(uid, packageName, edit); + } + private Ops getOpsRawLocked(int uid, String packageName, boolean edit) { UidState uidState = getUidStateLocked(uid, edit); if (uidState == null) { @@ -1270,7 +1242,7 @@ public class AppOpsService extends IAppOpsService.Stub { } private Op getOpLocked(int code, int uid, String packageName, boolean edit) { - Ops ops = getOpsRawLocked(uid, packageName, edit); + Ops ops = getOpsLocked(uid, packageName, edit); if (ops == null) { return null; } @@ -1301,7 +1273,7 @@ public class AppOpsService extends IAppOpsService.Stub { if (opRestrictions != null && opRestrictions[code]) { if (AppOpsManager.opAllowSystemBypassRestriction(code)) { synchronized (this) { - Ops ops = getOpsRawLocked(uid, packageName, true); + Ops ops = getOpsLocked(uid, packageName, true); if ((ops != null) && ops.isPrivileged) { return false; } @@ -1565,7 +1537,7 @@ public class AppOpsService extends IAppOpsService.Stub { out.startTag(null, "uid"); out.attribute(null, "n", Integer.toString(pkg.getUid())); synchronized (this) { - Ops ops = getOpsRawLocked(pkg.getUid(), pkg.getPackageName(), false); + Ops ops = getOpsLocked(pkg.getUid(), pkg.getPackageName(), false); // Should always be present as the list of PackageOps is generated // from Ops. if (ops != null) { @@ -2086,7 +2058,6 @@ public class AppOpsService extends IAppOpsService.Stub { @Override public void setUserRestrictions(Bundle restrictions, IBinder token, int userHandle) { checkSystemUid("setUserRestrictions"); - Preconditions.checkNotNull(restrictions); Preconditions.checkNotNull(token); final boolean[] opRestrictions = getOrCreateUserRestrictionsForToken(token, userHandle); for (int i = 0; i < opRestrictions.length; ++i) { @@ -2211,15 +2182,6 @@ public class AppOpsService extends IAppOpsService.Stub { } } - private static String resolvePackageName(int uid, String packageName) { - if (uid == 0) { - return "root"; - } else if (uid == Process.SHELL_UID) { - return "com.android.shell"; - } - return packageName; - } - private static String[] getPackagesForUid(int uid) { String[] packageNames = null; try { |