diff options
| author | 2025-03-10 22:02:58 +0000 | |
|---|---|---|
| committer | 2025-03-10 22:04:42 +0000 | |
| commit | b3d70aab1515d583aeebbcb6440f6c790502bc8f (patch) | |
| tree | 1f0602e7f13faaad46bedf34b09d1ad04f56f0d0 | |
| parent | 571a97ade14d3e008172a1c084bf7331f6fc8875 (diff) | |
unflag cred autofill security fix
Flag: android.credentials.flags.safeguard_candidate_credentials_api_caller
Bug: 370477460
Test: atest CtsAutoFillServiceTestCases:android.autofillservice.cts.inline.InlineLoginMixedCredentialActivityTest
Change-Id: Ia797afdf1b51c6dc84944b8c91cd39790a1907e3
| -rw-r--r-- | services/credentials/java/com/android/server/credentials/CredentialManagerService.java | 44 |
1 files changed, 20 insertions, 24 deletions
diff --git a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java index 42e457c97fd4..bc5c427e3ccb 100644 --- a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java +++ b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java @@ -51,7 +51,6 @@ import android.credentials.ISetEnabledProvidersCallback; import android.credentials.PrepareGetCredentialResponseInternal; import android.credentials.RegisterCredentialDescriptionRequest; import android.credentials.UnregisterCredentialDescriptionRequest; -import android.credentials.flags.Flags; import android.os.Binder; import android.os.CancellationSignal; import android.os.IBinder; @@ -538,34 +537,31 @@ public final class CredentialManagerService final int userId = UserHandle.getCallingUserId(); final int callingUid = Binder.getCallingUid(); - if (Flags.safeguardCandidateCredentialsApiCaller()) { - try { - String credentialManagerAutofillCompName = mContext.getResources().getString( - R.string.config_defaultCredentialManagerAutofillService); - ComponentName componentName = ComponentName.unflattenFromString( - credentialManagerAutofillCompName); - if (componentName == null) { - throw new SecurityException( - "Credential Autofill service does not exist on this device."); - } - PackageManager pm = mContext.createContextAsUser( - UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager(); - String callingProcessPackage = pm.getNameForUid(callingUid); - if (callingProcessPackage == null) { - throw new SecurityException( - "Couldn't determine the identity of the caller."); - } - if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) { - throw new SecurityException(callingProcessPackage - + " is not the device's credential autofill package."); - } - } catch (Resources.NotFoundException e) { + try { + String credentialManagerAutofillCompName = mContext.getResources().getString( + R.string.config_defaultCredentialManagerAutofillService); + ComponentName componentName = ComponentName.unflattenFromString( + credentialManagerAutofillCompName); + if (componentName == null) { throw new SecurityException( "Credential Autofill service does not exist on this device."); } + PackageManager pm = mContext.createContextAsUser( + UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager(); + String callingProcessPackage = pm.getNameForUid(callingUid); + if (callingProcessPackage == null) { + throw new SecurityException( + "Couldn't determine the identity of the caller."); + } + if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) { + throw new SecurityException(callingProcessPackage + + " is not the device's credential autofill package."); + } + } catch (Resources.NotFoundException e) { + throw new SecurityException( + "Credential Autofill service does not exist on this device."); } - // New request session, scoped for this request only. final GetCandidateRequestSession session = new GetCandidateRequestSession( |