From 7e67151b912622f8a279ab1523a9bcf26ebaff3d Mon Sep 17 00:00:00 2001
From: rich cannings <richc@google.com>
Date: Mon, 27 Aug 2012 14:44:16 -0700
Subject: Add permission checks for Verification API calls

Ensure that only applications with
android.Manifest.permission.PACKAGE_VERIFICATION_AGENT can call application
verification APIs, like PackageManager.verifyPendingInstall and
PackageManager.extendVerificationTimeout

Bug: 7049083
Change-Id: I5fc28b37e864d67cd319a1ed9d03a90dd15ad052
---
 services/java/com/android/server/pm/PackageManagerService.java | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'services/java/com')

diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index b84e25a6b26d..74b02bc7648e 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -5531,6 +5531,10 @@ public class PackageManagerService extends IPackageManager.Stub {
     
     @Override
     public void verifyPendingInstall(int id, int verificationCode) throws RemoteException {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can verify applications");
+
         final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED);
         final PackageVerificationResponse response = new PackageVerificationResponse(
                 verificationCode, Binder.getCallingUid());
@@ -5542,6 +5546,10 @@ public class PackageManagerService extends IPackageManager.Stub {
     @Override
     public void extendVerificationTimeout(int id, int verificationCodeAtTimeout,
             long millisecondsToDelay) {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can extend verification timeouts");
+
         final PackageVerificationState state = mPendingVerification.get(id);
         final PackageVerificationResponse response = new PackageVerificationResponse(
                 verificationCodeAtTimeout, Binder.getCallingUid());
-- 
cgit v1.2.3-59-g8ed1b