Merge "Enforce permission checks for recordBroadcastResponseStats API."

author: Sudheer Shanka <sudheersai@google.com> 2022-02-02 19:10:47 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-02-02 19:10:47 +0000
commit: d7c5ca769d52bb537ddd2f7d324c731057ffdf5a (patch)
tree: e01b4ed45adb2e512da0430f7c2654633c48aa44
parent: 0cd1d1d476002a9bc2faed91350cdbff715f65e2 (diff)
parent: be39abaa491112adf15f25923250fd80264680be (diff)
1 files changed, 25 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 442b9de9911d..2f87e4f846a1 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -2901,16 +2901,31 @@ public class ActivityManagerService extends IActivityManager.Stub
         mActivityTaskManager.setPackageScreenCompatMode(packageName, mode);
     }
 
-    private boolean hasUsageStatsPermission(String callingPackage) {
+    private boolean hasUsageStatsPermission(String callingPackage, int callingUid, int callingPid) {
         final int mode = mAppOpsService.noteOperation(AppOpsManager.OP_GET_USAGE_STATS,
-                Binder.getCallingUid(), callingPackage, null, false, "", false).getOpMode();
+                callingUid, callingPackage, null, false, "", false).getOpMode();
         if (mode == AppOpsManager.MODE_DEFAULT) {
-            return checkCallingPermission(Manifest.permission.PACKAGE_USAGE_STATS)
+            return checkPermission(Manifest.permission.PACKAGE_USAGE_STATS, callingPid, callingUid)
                     == PackageManager.PERMISSION_GRANTED;
         }
         return mode == AppOpsManager.MODE_ALLOWED;
     }
 
+    private boolean hasUsageStatsPermission(String callingPackage) {
+        return hasUsageStatsPermission(callingPackage,
+                Binder.getCallingUid(), Binder.getCallingPid());
+    }
+
+    private void enforceUsageStatsPermission(String callingPackage,
+            int callingUid, int callingPid, String operation) {
+        if (!hasUsageStatsPermission(callingPackage, callingUid, callingPid)) {
+            final String errorMsg = "Permission denial for <" + operation + "> from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " which requires PACKAGE_USAGE_STATS permission";
+            throw new SecurityException(errorMsg);
+        }
+    }
+
     @Override
     public int getPackageProcessState(String packageName, String callingPackage) {
         if (!hasUsageStatsPermission(callingPackage)) {
@@ -13349,6 +13364,13 @@ public class ActivityManagerService extends IActivityManager.Stub
                     backgroundActivityStartsToken = null;
                 }
             }
+
+            // TODO (206518114): We need to use the "real" package name which sent the broadcast,
+            // in case the broadcast is sent via PendingIntent.
+            if (brOptions.getIdForResponseEvent() > 0) {
+                enforceUsageStatsPermission(callerPackage, realCallingUid, realCallingPid,
+                        "recordResponseEventWhileInBackground()");
+            }
         }
 
         // Verify that protected broadcasts are only being sent by system code,
author	Sudheer Shanka <sudheersai@google.com>	2022-02-02 19:10:47 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-02-02 19:10:47 +0000
commit	d7c5ca769d52bb537ddd2f7d324c731057ffdf5a (patch)
tree	e01b4ed45adb2e512da0430f7c2654633c48aa44
parent	0cd1d1d476002a9bc2faed91350cdbff715f65e2 (diff)
parent	be39abaa491112adf15f25923250fd80264680be (diff)