diff options
| author | Dmitry Dementyev <dementyev@google.com> | 2020-11-10 13:57:21 -0800 |
|---|---|---|
| committer | Anis Assi <anisassi@google.com> | 2020-11-12 11:45:49 -0800 |
| commit | 979612947517e17c0ca6dce09d5918b3b0fe8f19 (patch) | |
| tree | 6a7ee02a7298f028a2426a088daa697260dd8331 | |
| parent | 5f77856bb8c9a65c081f837c4a67905fb414118c (diff) | |
| download | base-979612947517e17c0ca6dce09d5918b3b0fe8f19.tar.gz | |
Ignore GrantCredentials call with unexpected calling uid.android-security-9.0.0_r64
Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.
Test: Existing CTS tests
Bug: 158480899
Merged-In: I1421c333b6cebb4f7cddcdd8766298f6872e933b
Change-Id: I18af48cf3cb4ad23a3e5b02a8ea1416aa5570dba
(cherry picked from commit ece586e3218e1ecd497e020af3fac4f381957ef7)
| -rw-r--r-- | core/java/android/accounts/GrantCredentialsPermissionActivity.java | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/core/java/android/accounts/GrantCredentialsPermissionActivity.java b/core/java/android/accounts/GrantCredentialsPermissionActivity.java index 7594340b91cf..d82776f8e45c 100644 --- a/core/java/android/accounts/GrantCredentialsPermissionActivity.java +++ b/core/java/android/accounts/GrantCredentialsPermissionActivity.java @@ -16,16 +16,23 @@ package android.accounts; import android.app.Activity; -import android.content.res.Resources; -import android.os.Bundle; -import android.widget.TextView; -import android.widget.LinearLayout; -import android.view.View; -import android.view.LayoutInflater; +import android.app.ActivityManager; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; +import android.content.res.Resources; +import android.os.Bundle; +import android.os.IBinder; +import android.os.Process; +import android.os.RemoteException; +import android.os.UserHandle; import android.text.TextUtils; +import android.util.Log; +import android.view.LayoutInflater; +import android.view.View; +import android.widget.LinearLayout; +import android.widget.TextView; + import com.android.internal.R; import java.io.IOException; @@ -42,6 +49,7 @@ public class GrantCredentialsPermissionActivity extends Activity implements View private Account mAccount; private String mAuthTokenType; private int mUid; + private int mCallingUid; private Bundle mResultBundle = null; protected LayoutInflater mInflater; @@ -77,6 +85,20 @@ public class GrantCredentialsPermissionActivity extends Activity implements View return; } + try { + IBinder activityToken = getActivityToken(); + mCallingUid = ActivityManager.getService().getLaunchedFromUid(activityToken); + } catch (RemoteException re) { + // Couldn't figure out caller details + Log.w(getClass().getSimpleName(), "Unable to get caller identity \n" + re); + } + + if (!UserHandle.isSameApp(mCallingUid, Process.SYSTEM_UID) && mCallingUid != mUid) { + setResult(Activity.RESULT_CANCELED); + finish(); + return; + } + String accountTypeLabel; try { accountTypeLabel = getAccountLabel(mAccount); |