Enforce permission checks for recordBroadcastResponseStats API.

Bug: 206518114 Test: atest tests/tests/app.usage/src/android/app/usage/cts/UsageStatsTest.java Change-Id: If824aaba08b74919a63164ff4870638223348875
author: Sudheer Shanka <sudheersai@google.com> 2022-01-26 16:52:47 -0800
committer: Sudheer Shanka <sudheersai@google.com> 2022-02-01 11:21:40 -0800
commit: be39abaa491112adf15f25923250fd80264680be (patch)
tree: 357cba117d983eabe4ec8ae791dd5e75d9e06301
parent: 3578c8f2ee1a4fd5aff8404b81e390400aeb3656 (diff)
1 files changed, 25 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 902659c27818..cbf04c848610 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -2899,16 +2899,31 @@ public class ActivityManagerService extends IActivityManager.Stub
         mActivityTaskManager.setPackageScreenCompatMode(packageName, mode);
     }
 
-    private boolean hasUsageStatsPermission(String callingPackage) {
+    private boolean hasUsageStatsPermission(String callingPackage, int callingUid, int callingPid) {
         final int mode = mAppOpsService.noteOperation(AppOpsManager.OP_GET_USAGE_STATS,
-                Binder.getCallingUid(), callingPackage, null, false, "", false).getOpMode();
+                callingUid, callingPackage, null, false, "", false).getOpMode();
         if (mode == AppOpsManager.MODE_DEFAULT) {
-            return checkCallingPermission(Manifest.permission.PACKAGE_USAGE_STATS)
+            return checkPermission(Manifest.permission.PACKAGE_USAGE_STATS, callingPid, callingUid)
                     == PackageManager.PERMISSION_GRANTED;
         }
         return mode == AppOpsManager.MODE_ALLOWED;
     }
 
+    private boolean hasUsageStatsPermission(String callingPackage) {
+        return hasUsageStatsPermission(callingPackage,
+                Binder.getCallingUid(), Binder.getCallingPid());
+    }
+
+    private void enforceUsageStatsPermission(String callingPackage,
+            int callingUid, int callingPid, String operation) {
+        if (!hasUsageStatsPermission(callingPackage, callingUid, callingPid)) {
+            final String errorMsg = "Permission denial for <" + operation + "> from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " which requires PACKAGE_USAGE_STATS permission";
+            throw new SecurityException(errorMsg);
+        }
+    }
+
     @Override
     public int getPackageProcessState(String packageName, String callingPackage) {
         if (!hasUsageStatsPermission(callingPackage)) {
@@ -13331,6 +13346,13 @@ public class ActivityManagerService extends IActivityManager.Stub
                     backgroundActivityStartsToken = null;
                 }
             }
+
+            // TODO (206518114): We need to use the "real" package name which sent the broadcast,
+            // in case the broadcast is sent via PendingIntent.
+            if (brOptions.getIdForResponseEvent() > 0) {
+                enforceUsageStatsPermission(callerPackage, realCallingUid, realCallingPid,
+                        "recordResponseEventWhileInBackground()");
+            }
         }
 
         // Verify that protected broadcasts are only being sent by system code,
author	Sudheer Shanka <sudheersai@google.com>	2022-01-26 16:52:47 -0800
committer	Sudheer Shanka <sudheersai@google.com>	2022-02-01 11:21:40 -0800
commit	be39abaa491112adf15f25923250fd80264680be (patch)
tree	357cba117d983eabe4ec8ae791dd5e75d9e06301
parent	3578c8f2ee1a4fd5aff8404b81e390400aeb3656 (diff)