diff options
| author | Dmitry Dementyev <dementyev@google.com> | 2020-11-10 16:01:35 -0800 |
|---|---|---|
| committer | Dmitry Dementyev <dementyev@google.com> | 2020-11-10 16:05:58 -0800 |
| commit | 10d8a114bbd91c07f2feb5009328b16203ff50b1 (patch) | |
| tree | 4d74103311b8d8542e4c985050fa015c997983e8 | |
| parent | 1d3492e18196f57661ec92a20af0ae028a680ecf (diff) | |
| download | base-10d8a114bbd91c07f2feb5009328b16203ff50b1.tar.gz | |
Ignore GrantCredentials call with unexpected calling uid.
Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.
Test: Existing CTS tests
Bug: 158480899
Change-Id: I1421c333b6cebb4f7cddcdd8766298f6872e933b
| -rw-r--r-- | core/java/android/accounts/GrantCredentialsPermissionActivity.java | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/core/java/android/accounts/GrantCredentialsPermissionActivity.java b/core/java/android/accounts/GrantCredentialsPermissionActivity.java index af74b036a796..42bd80b070d1 100644 --- a/core/java/android/accounts/GrantCredentialsPermissionActivity.java +++ b/core/java/android/accounts/GrantCredentialsPermissionActivity.java @@ -16,16 +16,23 @@ package android.accounts; import android.app.Activity; -import android.content.res.Resources; -import android.os.Bundle; -import android.widget.TextView; -import android.widget.LinearLayout; -import android.view.View; -import android.view.LayoutInflater; +import android.app.ActivityTaskManager; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; +import android.content.res.Resources; +import android.os.Bundle; +import android.os.IBinder; +import android.os.Process; +import android.os.RemoteException; +import android.os.UserHandle; import android.text.TextUtils; +import android.util.Log; +import android.view.LayoutInflater; +import android.view.View; +import android.widget.LinearLayout; +import android.widget.TextView; + import com.android.internal.R; import java.io.IOException; @@ -42,6 +49,7 @@ public class GrantCredentialsPermissionActivity extends Activity implements View private Account mAccount; private String mAuthTokenType; private int mUid; + private int mCallingUid; private Bundle mResultBundle = null; protected LayoutInflater mInflater; @@ -74,6 +82,20 @@ public class GrantCredentialsPermissionActivity extends Activity implements View return; } + try { + IBinder activityToken = getActivityToken(); + mCallingUid = ActivityTaskManager.getService().getLaunchedFromUid(activityToken); + } catch (RemoteException re) { + // Couldn't figure out caller details + Log.w(getClass().getSimpleName(), "Unable to get caller identity \n" + re); + } + + if (!UserHandle.isSameApp(mCallingUid, Process.SYSTEM_UID) && mCallingUid != mUid) { + setResult(Activity.RESULT_CANCELED); + finish(); + return; + } + String accountTypeLabel; try { accountTypeLabel = getAccountLabel(mAccount); |