From 3f4d33bd00e4e7f39f61c7acf415887f7142a1a5 Mon Sep 17 00:00:00 2001 From: Rhed Jao Date: Fri, 29 Apr 2022 13:03:31 +0800 Subject: Fix BlobStoreMultiUserTest checking signatures failed Starting from U, package manager enforces cross user visibility checks for APIs checkSignatures and hasSigningCertificate. The context of caller's user id should be assigned correctly. Fix: 230695002 Test: atest BlobStoreMultiUserTest Change-Id: Ic718e702cf21e514ebcf2fc4264909faf9ef5145 --- .../com/android/server/blob/BlobAccessMode.java | 24 ++++++++++++++++++---- .../java/com/android/server/blob/BlobMetadata.java | 4 ++-- 2 files changed, 22 insertions(+), 6 deletions(-) (limited to 'apex/blobstore') diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java index 0d17bbc7bbff..83ef21e7528b 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java @@ -24,6 +24,8 @@ import android.annotation.IntDef; import android.annotation.NonNull; import android.content.Context; import android.content.pm.PackageManager; +import android.os.Binder; +import android.os.UserHandle; import android.util.ArraySet; import android.util.Base64; import android.util.DebugUtils; @@ -100,20 +102,21 @@ class BlobAccessMode { } boolean isAccessAllowedForCaller(Context context, - @NonNull String callingPackage, @NonNull String committerPackage) { + @NonNull String callingPackage, int callingUid, int committerUid) { if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) { return true; } - final PackageManager pm = context.getPackageManager(); if ((mAccessType & ACCESS_TYPE_SAME_SIGNATURE) != 0) { - if (pm.checkSignatures(committerPackage, callingPackage) - == PackageManager.SIGNATURE_MATCH) { + if (checkSignatures(context, callingUid, committerUid)) { return true; } } if ((mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) { + final UserHandle callingUser = UserHandle.of(UserHandle.getUserId(callingUid)); + final PackageManager pm = + context.createContextAsUser(callingUser, 0 /* flags */).getPackageManager(); for (int i = 0; i < mAllowedPackages.size(); ++i) { final PackageIdentifier packageIdentifier = mAllowedPackages.valueAt(i); if (packageIdentifier.packageName.equals(callingPackage) @@ -127,6 +130,19 @@ class BlobAccessMode { return false; } + /** + * Compare signatures for two packages of different users. + */ + private boolean checkSignatures(Context context, int uid1, int uid2) { + final long token = Binder.clearCallingIdentity(); + try { + return context.getPackageManager().checkSignatures(uid1, uid2) + == PackageManager.SIGNATURE_MATCH; + } finally { + Binder.restoreCallingIdentity(token); + } + } + int getAccessType() { return mAccessType; } diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java index 7638f059b47e..d5315daec11a 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java @@ -293,7 +293,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, - callingPackage, committer.packageName)) { + callingPackage, callingUid, committer.uid)) { return true; } } @@ -316,7 +316,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, - callingPackage, committer.packageName)) { + callingPackage, callingUid, committer.uid)) { return true; } } -- cgit v1.2.3-59-g8ed1b