summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/appop/AppOpsService.java63
1 files changed, 41 insertions, 22 deletions
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index ff8de6024d2d..5f53e4aaf91e 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -4381,30 +4381,40 @@ public class AppOpsService extends IAppOpsService.Stub {
return null;
}
- finishOperationUnchecked(clientId, code, proxiedUid, resolvedProxiedPackageName,
- proxiedAttributionTag, proxyVirtualDeviceId);
+ finishOperationUnchecked(clientId, code, proxyUid, resolvedProxyPackageName,
+ proxiedUid, resolvedProxiedPackageName, proxiedAttributionTag,
+ proxyVirtualDeviceId);
return null;
}
+ private void finishOperationUnchecked(IBinder clientId, int code, int uid,
+ String packageName, String attributionTag, int virtualDeviceId) {
+ finishOperationUnchecked(clientId, code, -1, null, uid, packageName, attributionTag,
+ virtualDeviceId);
+ }
- private void finishOperationUnchecked(IBinder clientId, int code, int uid, String packageName,
- String attributionTag, int virtualDeviceId) {
+ private void finishOperationUnchecked(IBinder clientId, int code, int proxyUid,
+ String proxyPackageName, int proxiedUid,
+ String proxiedPackageName, String attributionTag,
+ int virtualDeviceId) {
PackageVerificationResult pvr;
try {
- pvr = verifyAndGetBypass(uid, packageName, attributionTag);
+ pvr = verifyAndGetBypass(proxiedUid, proxiedPackageName, attributionTag,
+ proxyUid, proxyPackageName);
if (!pvr.isAttributionTagValid) {
attributionTag = null;
}
} catch (SecurityException e) {
- logVerifyAndGetBypassFailure(uid, e, "finishOperation");
+ logVerifyAndGetBypassFailure(proxiedUid, e, "finishOperation");
return;
}
synchronized (this) {
- Op op = getOpLocked(code, uid, packageName, attributionTag, pvr.isAttributionTagValid,
- pvr.bypass, /* edit */ true);
+ Op op = getOpLocked(code, proxiedUid, proxiedPackageName, attributionTag,
+ pvr.isAttributionTagValid, pvr.bypass, /* edit */ true);
if (op == null) {
- Slog.e(TAG, "Operation not found: uid=" + uid + " pkg=" + packageName + "("
+ Slog.e(TAG, "Operation not found: uid=" + proxiedUid + " pkg=" + proxiedPackageName
+ + "("
+ attributionTag + ") op=" + AppOpsManager.opToName(code));
return;
}
@@ -4413,7 +4423,8 @@ public class AppOpsService extends IAppOpsService.Stub {
getPersistentDeviceIdForOp(virtualDeviceId, code),
new ArrayMap<>()).get(attributionTag);
if (attributedOp == null) {
- Slog.e(TAG, "Attribution not found: uid=" + uid + " pkg=" + packageName + "("
+ Slog.e(TAG, "Attribution not found: uid=" + proxiedUid
+ + " pkg=" + proxiedPackageName + "("
+ attributionTag + ") op=" + AppOpsManager.opToName(code));
return;
}
@@ -4421,7 +4432,8 @@ public class AppOpsService extends IAppOpsService.Stub {
if (attributedOp.isRunning() || attributedOp.isPaused()) {
attributedOp.finished(clientId);
} else {
- Slog.e(TAG, "Operation not started: uid=" + uid + " pkg=" + packageName + "("
+ Slog.e(TAG, "Operation not started: uid=" + proxiedUid
+ + " pkg=" + proxiedPackageName + "("
+ attributionTag + ") op=" + AppOpsManager.opToName(code));
}
}
@@ -4901,9 +4913,13 @@ public class AppOpsService extends IAppOpsService.Stub {
@Nullable String attributionTag, int proxyUid, @Nullable String proxyPackageName,
boolean suppressErrorLogs) {
if (uid == Process.ROOT_UID) {
- // For backwards compatibility, don't check package name for root UID.
+ // For backwards compatibility, don't check package name for root UID, unless someone
+ // is claiming to be a proxy for root, which should never happen in normal usage.
+ // We only allow bypassing the attribution tag verification if the proxy is a
+ // system app (or is null), in order to prevent abusive apps clogging the appops
+ // system with unlimited attribution tags via proxy calls.
return new PackageVerificationResult(null,
- /* isAttributionTagValid */ true);
+ /* isAttributionTagValid */ isPackageNullOrSystem(proxyPackageName, proxyUid));
}
if (Process.isSdkSandboxUid(uid)) {
// SDK sandbox processes run in their own UID range, but their associated
@@ -4966,16 +4982,8 @@ public class AppOpsService extends IAppOpsService.Stub {
// We only allow bypassing the attribution tag verification if the proxy is a
// system app (or is null), in order to prevent abusive apps clogging the appops
// system with unlimited attribution tags via proxy calls.
- boolean proxyIsSystemAppOrNull = true;
- if (proxyPackageName != null) {
- int proxyAppId = UserHandle.getAppId(proxyUid);
- if (proxyAppId >= Process.FIRST_APPLICATION_UID) {
- proxyIsSystemAppOrNull =
- mPackageManagerInternal.isSystemPackage(proxyPackageName);
- }
- }
return new PackageVerificationResult(RestrictionBypass.UNRESTRICTED,
- /* isAttributionTagValid */ proxyIsSystemAppOrNull);
+ /* isAttributionTagValid */ isPackageNullOrSystem(proxyPackageName, proxyUid));
}
int userId = UserHandle.getUserId(uid);
@@ -5040,6 +5048,17 @@ public class AppOpsService extends IAppOpsService.Stub {
return new PackageVerificationResult(bypass, isAttributionTagValid);
}
+ private boolean isPackageNullOrSystem(String packageName, int uid) {
+ if (packageName == null) {
+ return true;
+ }
+ int appId = UserHandle.getAppId(uid);
+ if (appId > 0 && appId < Process.FIRST_APPLICATION_UID) {
+ return true;
+ }
+ return mPackageManagerInternal.isSystemPackage(packageName);
+ }
+
private boolean isAttributionInPackage(@Nullable AndroidPackage pkg,
@Nullable String attributionTag) {
if (pkg == null) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-18 21:25:32 +0000