am b1a90d3b: Merge "Remove the sender package filter from the intent firewall" into jb-mr2-dev
* commit 'b1a90d3b1422b0eb469e8960e6398a49ec036e0b': Remove the sender package filter from the intent firewall
This commit is contained in:
Ben Gruver
@@ -2594,8 +2594,7 @@ final class ActivityStack {
|
||||
}
|
||||
|
||||
boolean abort = !mService.mIntentFirewall.checkStartActivity(intent,
|
||||
callerApp==null?null:callerApp.info, callingPackage, callingUid, callingPid,
|
||||
resolvedType, aInfo);
|
||||
callerApp==null?null:callerApp.info, callingUid, callingPid, resolvedType, aInfo);
|
||||
|
||||
if (mMainStack) {
|
||||
if (mService.mController != null) {
|
||||
|
||||
@@ -26,11 +26,10 @@ import java.io.IOException;
|
||||
class AndFilter extends FilterList {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
for (int i=0; i<children.size(); i++) {
|
||||
if (!children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid,
|
||||
callerPid, resolvedType, resolvedApp)) {
|
||||
if (!children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
|
||||
resolvedApp)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ class CategoryFilter implements Filter {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
Set<String> categories = intent.getCategories();
|
||||
if (categories == null) {
|
||||
|
||||
@@ -26,17 +26,14 @@ interface Filter {
|
||||
* @param ifw The IntentFirewall instance
|
||||
* @param intent The intent being started/bound/broadcast
|
||||
* @param callerApp An ApplicationInfo of an application in the caller's process. This may not
|
||||
* be the specific app that is actually sending the intent. This also may be
|
||||
* null, if the caller is the system process, or an unrecognized process (e.g.
|
||||
* am start)
|
||||
* @param callerPackage The package name of the component sending the intent. This value is
|
||||
* provided by the caller and might be forged/faked.
|
||||
* be the specific app that is actually sending the intent. This also may be
|
||||
* null, if the caller is the system process, or an unrecognized process (e.g.
|
||||
* am start)
|
||||
* @param callerUid
|
||||
* @param callerPid
|
||||
* @param resolvedType The resolved mime type of the intent
|
||||
* @param resolvedApp The application that contains the resolved component that the intent is
|
||||
*/
|
||||
boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp);
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp);
|
||||
}
|
||||
|
||||
@@ -76,7 +76,6 @@ public class IntentFirewall {
|
||||
StringFilter.HOST,
|
||||
StringFilter.MIME_TYPE,
|
||||
StringFilter.PATH,
|
||||
StringFilter.SENDER_PACKAGE,
|
||||
StringFilter.SSP,
|
||||
|
||||
CategoryFilter.FACTORY,
|
||||
@@ -98,17 +97,16 @@ public class IntentFirewall {
|
||||
readRules(getRulesFile());
|
||||
}
|
||||
|
||||
public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ActivityInfo resolvedActivity) {
|
||||
public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp, int callerUid,
|
||||
int callerPid, String resolvedType, ActivityInfo resolvedActivity) {
|
||||
List<Rule> matchingRules = mActivityResolver.queryIntent(intent, resolvedType, false, 0);
|
||||
boolean log = false;
|
||||
boolean block = false;
|
||||
|
||||
for (int i=0; i< matchingRules.size(); i++) {
|
||||
Rule rule = matchingRules.get(i);
|
||||
if (rule.matches(this, intent, callerApp, callerPackage, callerUid, callerPid,
|
||||
resolvedType, resolvedActivity.applicationInfo)) {
|
||||
if (rule.matches(this, intent, callerApp, callerUid, callerPid, resolvedType,
|
||||
resolvedActivity.applicationInfo)) {
|
||||
block |= rule.getBlock();
|
||||
log |= rule.getLog();
|
||||
|
||||
|
||||
@@ -33,10 +33,9 @@ class NotFilter implements Filter {
|
||||
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
return !mChild.matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid,
|
||||
resolvedType, resolvedApp);
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
return !mChild.matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
|
||||
resolvedApp);
|
||||
}
|
||||
|
||||
public static final FilterFactory FACTORY = new FilterFactory("not") {
|
||||
|
||||
@@ -26,11 +26,10 @@ import java.io.IOException;
|
||||
class OrFilter extends FilterList {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
for (int i=0; i<children.size(); i++) {
|
||||
if (children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid,
|
||||
resolvedType, resolvedApp)) {
|
||||
if (children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
|
||||
resolvedApp)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,8 +42,7 @@ class PortFilter implements Filter {
|
||||
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
int port = -1;
|
||||
Uri uri = intent.getData();
|
||||
if (uri != null) {
|
||||
|
||||
@@ -68,8 +68,7 @@ class SenderFilter {
|
||||
private static final Filter SIGNATURE = new Filter() {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
if (callerApp == null) {
|
||||
return false;
|
||||
}
|
||||
@@ -80,8 +79,7 @@ class SenderFilter {
|
||||
private static final Filter SYSTEM = new Filter() {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
if (callerApp == null) {
|
||||
// if callerApp is null, the caller is the system process
|
||||
return false;
|
||||
@@ -93,8 +91,7 @@ class SenderFilter {
|
||||
private static final Filter SYSTEM_OR_SIGNATURE = new Filter() {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
return isSystemApp(callerApp, callerUid, callerPid) ||
|
||||
ifw.signaturesMatch(callerUid, resolvedApp.uid);
|
||||
}
|
||||
@@ -103,8 +100,7 @@ class SenderFilter {
|
||||
private static final Filter USER_ID = new Filter() {
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
// This checks whether the caller is either the system process, or has the same user id
|
||||
// I.e. the same app, or an app that uses the same shared user id.
|
||||
// This is the same set of applications that would be able to access the component if
|
||||
|
||||
@@ -34,8 +34,7 @@ class SenderPermissionFilter implements Filter {
|
||||
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, int callerUid, int callerPid, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
// We assume the component is exported here. If the component is not exported, then
|
||||
// ActivityManager would only resolve to this component for callers from the same uid.
|
||||
// In this case, it doesn't matter whether the component is exported or not.
|
||||
|
||||
@@ -119,10 +119,9 @@ abstract class StringFilter implements Filter {
|
||||
protected abstract boolean matchesValue(String value);
|
||||
|
||||
@Override
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
|
||||
int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
|
||||
String value = mValueProvider.getValue(intent, callerApp, callerPackage, resolvedType,
|
||||
resolvedApp);
|
||||
String value = mValueProvider.getValue(intent, callerApp, resolvedType, resolvedApp);
|
||||
return matchesValue(value);
|
||||
}
|
||||
|
||||
@@ -137,7 +136,7 @@ abstract class StringFilter implements Filter {
|
||||
}
|
||||
|
||||
public abstract String getValue(Intent intent, ApplicationInfo callerApp,
|
||||
String callerPackage, String resolvedType, ApplicationInfo resolvedApp);
|
||||
String resolvedType, ApplicationInfo resolvedApp);
|
||||
}
|
||||
|
||||
private static class EqualsFilter extends StringFilter {
|
||||
@@ -231,8 +230,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider COMPONENT = new ValueProvider("component") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
ComponentName cn = intent.getComponent();
|
||||
if (cn != null) {
|
||||
return cn.flattenToString();
|
||||
@@ -243,8 +242,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider COMPONENT_NAME = new ValueProvider("component-name") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
ComponentName cn = intent.getComponent();
|
||||
if (cn != null) {
|
||||
return cn.getClassName();
|
||||
@@ -255,8 +254,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider COMPONENT_PACKAGE = new ValueProvider("component-package") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
ComponentName cn = intent.getComponent();
|
||||
if (cn != null) {
|
||||
return cn.getPackageName();
|
||||
@@ -265,28 +264,18 @@ abstract class StringFilter implements Filter {
|
||||
}
|
||||
};
|
||||
|
||||
public static final ValueProvider SENDER_PACKAGE = new ValueProvider("sender-package") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
// TODO: We can't trust this value, so maybe should check all packages in the caller process?
|
||||
return callerPackage;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
public static final FilterFactory ACTION = new ValueProvider("action") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
return intent.getAction();
|
||||
}
|
||||
};
|
||||
|
||||
public static final ValueProvider DATA = new ValueProvider("data") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
Uri data = intent.getData();
|
||||
if (data != null) {
|
||||
return data.toString();
|
||||
@@ -297,16 +286,16 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider MIME_TYPE = new ValueProvider("mime-type") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
return resolvedType;
|
||||
}
|
||||
};
|
||||
|
||||
public static final ValueProvider SCHEME = new ValueProvider("scheme") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
Uri data = intent.getData();
|
||||
if (data != null) {
|
||||
return data.getScheme();
|
||||
@@ -317,8 +306,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider SSP = new ValueProvider("scheme-specific-part") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
Uri data = intent.getData();
|
||||
if (data != null) {
|
||||
return data.getSchemeSpecificPart();
|
||||
@@ -329,8 +318,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider HOST = new ValueProvider("host") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
Uri data = intent.getData();
|
||||
if (data != null) {
|
||||
return data.getHost();
|
||||
@@ -341,8 +330,8 @@ abstract class StringFilter implements Filter {
|
||||
|
||||
public static final ValueProvider PATH = new ValueProvider("path") {
|
||||
@Override
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
|
||||
String resolvedType, ApplicationInfo resolvedApp) {
|
||||
public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
|
||||
ApplicationInfo resolvedApp) {
|
||||
Uri data = intent.getData();
|
||||
if (data != null) {
|
||||
return data.getPath();
|
||||
|
||||
Reference in New Issue
Block a user