From 56853e1c7d1f944575387a5cd183be357b390add Mon Sep 17 00:00:00 2001 From: Palak Chaudhary Date: Wed, 4 Jan 2023 18:08:53 +0000 Subject: Use hook in AdServices to check if process can register to broadcastReceivers Bug: b/264417923 Test: atest SdkSandboxRestrictionsHostTest Change-Id: I344f589f2f89d1312ae6ec438a2a1ccb9f0bd507 --- .../android/server/am/ActivityManagerService.java | 76 ++++------------------ 1 file changed, 14 insertions(+), 62 deletions(-) diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index a386bafbeb67..33e2962727f5 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -1601,8 +1601,6 @@ public class ActivityManagerService extends IActivityManager.Stub // Encapsulates the global setting "hidden_api_blacklist_exemptions" final HiddenApiSettings mHiddenApiBlacklist; - final SdkSandboxSettings mSdkSandboxSettings; - private final PlatformCompat mPlatformCompat; PackageManagerInternal mPackageManagerInt; @@ -2319,53 +2317,6 @@ public class ActivityManagerService extends IActivityManager.Stub } } - /** - * Handles settings related to the enforcement of SDK sandbox restrictions. - */ - static class SdkSandboxSettings implements DeviceConfig.OnPropertiesChangedListener { - - private final Context mContext; - private final Object mLock = new Object(); - - @GuardedBy("mLock") - private boolean mEnforceBroadcastReceiverRestrictions; - - /** - * Property to enforce broadcast receiver restrictions for SDK sandbox processes. If the - * value of this property is {@code true}, the restrictions will be enforced. - */ - public static final String ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS = - "enforce_broadcast_receiver_restrictions"; - - SdkSandboxSettings(Context context) { - mContext = context; - } - - void registerObserver() { - synchronized (mLock) { - mEnforceBroadcastReceiverRestrictions = DeviceConfig.getBoolean( - DeviceConfig.NAMESPACE_SDK_SANDBOX, - ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false); - DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_SDK_SANDBOX, - mContext.getMainExecutor(), this); - } - } - - @Override - public void onPropertiesChanged(DeviceConfig.Properties properties) { - synchronized (mLock) { - mEnforceBroadcastReceiverRestrictions = properties.getBoolean( - ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false); - } - } - - boolean isBroadcastReceiverRestrictionsEnforced() { - synchronized (mLock) { - return mEnforceBroadcastReceiverRestrictions; - } - } - } - AppOpsManager getAppOpsManager() { if (mAppOpsManager == null) { mAppOpsManager = mContext.getSystemService(AppOpsManager.class); @@ -2409,7 +2360,6 @@ public class ActivityManagerService extends IActivityManager.Stub mProcStartHandlerThread = null; mProcStartHandler = null; mHiddenApiBlacklist = null; - mSdkSandboxSettings = null; mFactoryTest = FACTORY_TEST_OFF; mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class); mInternal = new LocalService(); @@ -2534,7 +2484,6 @@ public class ActivityManagerService extends IActivityManager.Stub mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class); mHiddenApiBlacklist = new HiddenApiSettings(mHandler, mContext); - mSdkSandboxSettings = new SdkSandboxSettings(mContext); Watchdog.getInstance().addMonitor(this); Watchdog.getInstance().addThread(mHandler); @@ -8276,7 +8225,6 @@ public class ActivityManagerService extends IActivityManager.Stub final boolean alwaysFinishActivities = Settings.Global.getInt(resolver, ALWAYS_FINISH_ACTIVITIES, 0) != 0; mHiddenApiBlacklist.registerObserver(); - mSdkSandboxSettings.registerObserver(); mPlatformCompat.registerContentObserver(); mAppProfiler.retrieveSettings(); @@ -13521,16 +13469,6 @@ public class ActivityManagerService extends IActivityManager.Stub String callerFeatureId, String receiverId, IIntentReceiver receiver, IntentFilter filter, String permission, int userId, int flags) { enforceNotIsolatedCaller("registerReceiver"); - - // Allow Sandbox process to register only unexported receivers. - boolean unexported = (flags & Context.RECEIVER_NOT_EXPORTED) != 0; - if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced() - && Process.isSdkSandboxUid(Binder.getCallingUid()) - && !unexported) { - throw new SecurityException("SDK sandbox process not allowed to call " - + "registerReceiver"); - } - ArrayList stickyIntents = null; ProcessRecord callerApp = null; final boolean visibleToInstantApps @@ -13594,6 +13532,20 @@ public class ActivityManagerService extends IActivityManager.Stub } } + if (Process.isSdkSandboxUid(Binder.getCallingUid())) { + SdkSandboxManagerLocal sdkSandboxManagerLocal = + LocalManagerRegistry.getManager(SdkSandboxManagerLocal.class); + if (sdkSandboxManagerLocal == null) { + throw new IllegalStateException("SdkSandboxManagerLocal not found when checking" + + " whether SDK sandbox uid can register to broadcast receivers."); + } + if (!sdkSandboxManagerLocal.canRegisterBroadcastReceiver( + /*IntentFilter=*/ filter, flags, onlyProtectedBroadcasts)) { + throw new SecurityException("SDK sandbox not allowed to register receiver" + + " with the given IntentFilter"); + } + } + // If the change is enabled, but neither exported or not exported is set, we need to log // an error so the consumer can know to explicitly set the value for their flag. // If the caller is registering for a sticky broadcast with a null receiver, we won't -- cgit v1.2.3-59-g8ed1b