Verify caller is cred autofill service

Flag: android.credentials.flags.safeguard_candidate_credentials_api_caller
Bug: 370477460
Test: atest CtsAutoFillServiceTestCases:android.autofillservice.cts.inline.InlineLoginMixedCredentialActivityTest
Change-Id: I35f3cf616669a6879fd353876029152e3ce327f1

1 files changed, 30 insertions, 0 deletions

diff --git a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
index 014f0a2229c1..42e457c97fd4 100644
--- a/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
+++ b/services/credentials/java/com/android/server/credentials/CredentialManagerService.java
@@ -31,6 +31,7 @@ import android.content.ContentResolver;
 import android.content.Context;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
+import android.content.res.Resources;
 import android.credentials.ClearCredentialStateRequest;
 import android.credentials.CreateCredentialException;
 import android.credentials.CreateCredentialRequest;
@@ -50,6 +51,7 @@ import android.credentials.ISetEnabledProvidersCallback;
 import android.credentials.PrepareGetCredentialResponseInternal;
 import android.credentials.RegisterCredentialDescriptionRequest;
 import android.credentials.UnregisterCredentialDescriptionRequest;
+import android.credentials.flags.Flags;
 import android.os.Binder;
 import android.os.CancellationSignal;
 import android.os.IBinder;
@@ -79,6 +81,7 @@ import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
@@ -535,6 +538,33 @@ public final class CredentialManagerService
 
             final int userId = UserHandle.getCallingUserId();
             final int callingUid = Binder.getCallingUid();
+            if (Flags.safeguardCandidateCredentialsApiCaller()) {
+                try {
+                    String credentialManagerAutofillCompName = mContext.getResources().getString(
+                            R.string.config_defaultCredentialManagerAutofillService);
+                    ComponentName componentName = ComponentName.unflattenFromString(
+                            credentialManagerAutofillCompName);
+                    if (componentName == null) {
+                        throw new SecurityException(
+                                "Credential Autofill service does not exist on this device.");
+                    }
+                    PackageManager pm = mContext.createContextAsUser(
+                            UserHandle.getUserHandleForUid(callingUid), 0).getPackageManager();
+                    String callingProcessPackage = pm.getNameForUid(callingUid);
+                    if (callingProcessPackage == null) {
+                        throw new SecurityException(
+                                "Couldn't determine the identity of the caller.");
+                    }
+                    if (!Objects.equals(componentName.getPackageName(), callingProcessPackage)) {
+                        throw new SecurityException(callingProcessPackage
+                                + " is not the device's credential autofill package.");
+                    }
+                } catch (Resources.NotFoundException e) {
+                    throw new SecurityException(
+                            "Credential Autofill service does not exist on this device.");
+                }
+            }
+
 
             // New request session, scoped for this request only.
             final GetCandidateRequestSession session =