• R/O
  • HTTP
  • SSH
  • HTTPS

提交

标签
No Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-c誰得cocoaqtpythonrubywindowsphpgameguibathyscaphec翻訳omegat計画中(planning stage)frameworktwitterdombtronvb.nettestarduinodirectxpreviewerゲームエンジン

frameworks/base


Commit MetaInfo

修订版64dd978d787066f85d1a8ec7ba8baaf1b2b52353 (tree)
时间2020-08-07 09:12:34
作者Patrick Baumann <patb@goog...>
CommiterAnis Assi

Log Message

RESTRICT AUTOMERGE
Do not set referrerUri on SessionInfo for non-owners

This change leaves the referrerUri field null when the caller leading to
its production is not the owner of the session.

Bug: 142125338
Test: Manual via test app in related bug
Change-Id: I84679ea0636aa2097e25e23813c48134c9cc1d75
(cherry picked from commit 929ab61a147bc1866fed7a8d01a4e8f6affa39ac)

更改概述

差异

--- a/core/java/android/content/pm/PackageInstaller.java
+++ b/core/java/android/content/pm/PackageInstaller.java
@@ -1571,6 +1571,7 @@ public class PackageInstaller {
15711571
15721572 /**
15731573 * Get the value set in {@link SessionParams#setOriginatingUri(Uri)}.
1574+ * Note: This value will only be non-null for the owner of the session.
15741575 */
15751576 public @Nullable Uri getOriginatingUri() {
15761577 return originatingUri;
@@ -1585,6 +1586,7 @@ public class PackageInstaller {
15851586
15861587 /**
15871588 * Get the value set in {@link SessionParams#setReferrerUri(Uri)}
1589+ * Note: This value will only be non-null for the owner of the session.
15881590 */
15891591 public @Nullable Uri getReferrerUri() {
15901592 return referrerUri;
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -683,20 +683,24 @@ public class PackageInstallerService extends IPackageInstaller.Stub {
683683 public SessionInfo getSessionInfo(int sessionId) {
684684 synchronized (mSessions) {
685685 final PackageInstallerSession session = mSessions.get(sessionId);
686- return session != null ? session.generateInfo() : null;
686+
687+ return session != null
688+ ? session.generateInfoForCaller(true /*withIcon*/, Binder.getCallingUid())
689+ : null;
687690 }
688691 }
689692
690693 @Override
691694 public ParceledListSlice<SessionInfo> getAllSessions(int userId) {
692- mPm.enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "getAllSessions");
695+ final int callingUid = Binder.getCallingUid();
696+ mPm.enforceCrossUserPermission(callingUid, userId, true, false, "getAllSessions");
693697
694698 final List<SessionInfo> result = new ArrayList<>();
695699 synchronized (mSessions) {
696700 for (int i = 0; i < mSessions.size(); i++) {
697701 final PackageInstallerSession session = mSessions.valueAt(i);
698702 if (session.userId == userId) {
699- result.add(session.generateInfo(false));
703+ result.add(session.generateInfoForCaller(false, callingUid));
700704 }
701705 }
702706 }
@@ -713,7 +717,8 @@ public class PackageInstallerService extends IPackageInstaller.Stub {
713717 for (int i = 0; i < mSessions.size(); i++) {
714718 final PackageInstallerSession session = mSessions.valueAt(i);
715719
716- SessionInfo info = session.generateInfo(false);
720+ SessionInfo info =
721+ session.generateInfoForCaller(false /*withIcon*/, Process.SYSTEM_UID);
717722 if (Objects.equals(info.getInstallerPackageName(), installerPackageName)
718723 && session.userId == userId) {
719724 result.add(info);
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -386,11 +386,41 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
386386 }
387387 }
388388
389- public SessionInfo generateInfo() {
390- return generateInfo(true);
389+ /**
390+ * Returns {@code true} if the {@link SessionInfo} object should be produced with potentially
391+ * sensitive data scrubbed from its fields.
392+ *
393+ * @param callingUid the uid of the caller; the recipient of the {@link SessionInfo} that may
394+ * need to be scrubbed
395+ */
396+ private boolean shouldScrubData(int callingUid) {
397+ return !(callingUid < Process.FIRST_APPLICATION_UID || getInstallerUid() == callingUid);
398+ }
399+
400+ /**
401+ * Generates a {@link SessionInfo} object for the provided uid. This may result in some fields
402+ * that may contain sensitive info being filtered.
403+ *
404+ * @param includeIcon true if the icon should be included in the object
405+ * @param callingUid the uid of the caller; the recipient of the {@link SessionInfo} that may
406+ * need to be scrubbed
407+ * @see #shouldScrubData(int)
408+ */
409+ public SessionInfo generateInfoForCaller(boolean includeIcon, int callingUid) {
410+ return generateInfoInternal(includeIcon, shouldScrubData(callingUid));
391411 }
392412
393- public SessionInfo generateInfo(boolean includeIcon) {
413+ /**
414+ * Generates a {@link SessionInfo} object to ensure proper hiding of sensitive fields.
415+ *
416+ * @param includeIcon true if the icon should be included in the object
417+ * @see #generateInfoForCaller(boolean, int)
418+ */
419+ public SessionInfo generateInfoScrubbed(boolean includeIcon) {
420+ return generateInfoInternal(includeIcon, true /*scrubData*/);
421+ }
422+
423+ private SessionInfo generateInfoInternal(boolean includeIcon, boolean scrubData) {
394424 final SessionInfo info = new SessionInfo();
395425 synchronized (mLock) {
396426 info.sessionId = sessionId;
@@ -411,9 +441,13 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
411441 info.appLabel = params.appLabel;
412442
413443 info.installLocation = params.installLocation;
414- info.originatingUri = params.originatingUri;
444+ if (!scrubData) {
445+ info.originatingUri = params.originatingUri;
446+ }
415447 info.originatingUid = params.originatingUid;
416- info.referrerUri = params.referrerUri;
448+ if (!scrubData) {
449+ info.referrerUri = params.referrerUri;
450+ }
417451 info.grantedRuntimePermissions = params.grantedRuntimePermissions;
418452 info.installFlags = params.installFlags;
419453 }
@@ -1490,7 +1524,7 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
14901524 // Send broadcast to default launcher only if it's a new install
14911525 final boolean isNewInstall = extras == null || !extras.getBoolean(Intent.EXTRA_REPLACING);
14921526 if (success && isNewInstall) {
1493- mPm.sendSessionCommitBroadcast(generateInfo(), userId);
1527+ mPm.sendSessionCommitBroadcast(generateInfoScrubbed(true /*icon*/), userId);
14941528 }
14951529
14961530 mCallback.onSessionFinished(this, success);