DO NOT MERGE Isolated processes must fail registering BRs.

Broadcast Receivers should not be allowed to be registered by isolated processes. Bug: b/263358101 Test: atest SdkSandboxRestrictionsHostTest (cherry picked from commit 43b8a91b0584dd1c6a136702e68e1f0cd519cb51) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d752ea5f24ce50f407504ce99f56535d4cece8e2) Merged-In: I5bb2ee3ce8a447105a18851fdffa5a769cc3fe49 Change-Id: I5bb2ee3ce8a447105a18851fdffa5a769cc3fe49
author: Mugdha Lakhani <nator@google.com> 2022-12-29 15:18:07 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-28 18:43:28 +0000
commit: 3568681d3e80f5f420f4fcc2bae80861c351bcd7 (patch)
tree: fce154d43011d83616ebd83655516c61cba4b367
parent: 359170f99b7f99098bb6d713ea95e3c40da94f2c (diff)
download: base-3568681d3e80f5f420f4fcc2bae80861c351bcd7.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 1428fa853f2a..3e43e711e7f5 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -13087,12 +13087,17 @@ public class ActivityManagerService extends IActivityManager.Stub
     public Intent registerReceiverWithFeature(IApplicationThread caller, String callerPackage,
             String callerFeatureId, String receiverId, IIntentReceiver receiver,
             IntentFilter filter, String permission, int userId, int flags) {
+        enforceNotIsolatedCaller("registerReceiver");
+
         // Allow Sandbox process to register only unexported receivers.
-        if ((flags & Context.RECEIVER_NOT_EXPORTED) != 0) {
-            enforceNotIsolatedCaller("registerReceiver");
-        } else if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()) {
-            enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");
+        boolean unexported = (flags & Context.RECEIVER_NOT_EXPORTED) != 0;
+        if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()
+                && Process.isSdkSandboxUid(Binder.getCallingUid())
+                && !unexported) {
+            throw new SecurityException("SDK sandbox process not allowed to call "
+                + "registerReceiver");
         }
+
         ArrayList<Intent> stickyIntents = null;
         ProcessRecord callerApp = null;
         final boolean visibleToInstantApps
author	Mugdha Lakhani <nator@google.com>	2022-12-29 15:18:07 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-28 18:43:28 +0000
commit	3568681d3e80f5f420f4fcc2bae80861c351bcd7 (patch)
tree	fce154d43011d83616ebd83655516c61cba4b367
parent	359170f99b7f99098bb6d713ea95e3c40da94f2c (diff)
download	base-3568681d3e80f5f420f4fcc2bae80861c351bcd7.tar.gz