summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Daniel Kim <danieljkim@google.com> 2025-03-11 20:37:27 -0700
committer Android (Google) Code Review <android-gerrit@google.com> 2025-03-11 20:37:27 -0700
commitf6992ead65e858ea91dc0d30063d89d701f7d1fb (patch)
treef734adcc07188caac415736f980e9112a9d3f8b4
parent78442a49dfad7ff295359e71f0d34570d3d2fa05 (diff)
parentb3d70aab1515d583aeebbcb6440f6c790502bc8f (diff)
Merge "unflag cred autofill security fix" into main
Diffstat
-rw-r--r--services/credentials/java/com/android/server/credentials/CredentialManagerService.java44
1 files changed, 20 insertions, 24 deletions
diff --git a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
index 42e457c97fd4..bc5c427e3ccb 100644
--- a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
+++ b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
@@ -51,7 +51,6 @@ import android.credentials.ISetEnabledProvidersCallback;
import android.credentials.PrepareGetCredentialResponseInternal;
import android.credentials.RegisterCredentialDescriptionRequest;
import android.credentials.UnregisterCredentialDescriptionRequest;
-import android.credentials.flags.Flags;
import android.os.Binder;
import android.os.CancellationSignal;
import android.os.IBinder;
@@ -538,34 +537,31 @@ public final class CredentialManagerService
final int userId = UserHandle.getCallingUserId();
final int callingUid = Binder.getCallingUid();
- if (Flags.safeguardCandidateCredentialsApiCaller()) {
- try {
- String credentialManagerAutofillCompName = mContext.getResources().getString(
- R.string.config_defaultCredentialManagerAutofillService);
- ComponentName componentName = ComponentName.unflattenFromString(
- credentialManagerAutofillCompName);
- if (componentName == null) {
- throw new SecurityException(
- "Credential Autofill service does not exist on this device.");
- }
- PackageManager pm = mContext.createContextAsUser(
- UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager();
- String callingProcessPackage = pm.getNameForUid(callingUid);
- if (callingProcessPackage == null) {
- throw new SecurityException(
- "Couldn't determine the identity of the caller.");
- }
- if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) {
- throw new SecurityException(callingProcessPackage
- + " is not the device's credential autofill package.");
- }
- } catch (Resources.NotFoundException e) {
+ try {
+ String credentialManagerAutofillCompName = mContext.getResources().getString(
+ R.string.config_defaultCredentialManagerAutofillService);
+ ComponentName componentName = ComponentName.unflattenFromString(
+ credentialManagerAutofillCompName);
+ if (componentName == null) {
throw new SecurityException(
"Credential Autofill service does not exist on this device.");
}
+ PackageManager pm = mContext.createContextAsUser(
+ UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager();
+ String callingProcessPackage = pm.getNameForUid(callingUid);
+ if (callingProcessPackage == null) {
+ throw new SecurityException(
+ "Couldn't determine the identity of the caller.");
+ }
+ if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) {
+ throw new SecurityException(callingProcessPackage
+ + " is not the device's credential autofill package.");
+ }
+ } catch (Resources.NotFoundException e) {
+ throw new SecurityException(
+ "Credential Autofill service does not exist on this device.");
}
-
// New request session, scoped for this request only.
final GetCandidateRequestSession session =
new GetCandidateRequestSession(
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-04 03:25:29 +0000