From d81f8270bec71ec9a569c8308c42cacd7aba0d23 Mon Sep 17 00:00:00 2001
From: Amith Yamasani <yamasani@google.com>
Date: Thu, 23 Jul 2015 17:15:45 -0700
Subject: [PATCH] Require permission for internal broadcast

It was possible for other apps to request removal of the guest user
that was handled by an internal receiver in SystemUI.

Fix requires the broadcast sender to have an internal permission
so that only SystemUI can send that broadcast (PendingIntent).

Bug: 22671268
Change-Id: I63a8ced692e6d1cb2872b962ad247a827dbafbc6
---
 packages/SystemUI/AndroidManifest.xml               |  5 +++++
 .../statusbar/policy/UserSwitcherController.java    | 13 ++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index fea7f94b5aee1..bd583664ceee5 100644
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -125,6 +125,11 @@
     <!-- Assist -->
     <uses-permission android:name="android.permission.ACCESS_VOICE_INTERACTION_SERVICE" />
 
+    <!-- Self permission for internal broadcasts. -->
+    <permission android:name="com.android.systemui.permission.SELF"
+            android:protectionLevel="signature" />
+    <uses-permission android:name="com.android.systemui.permission.SELF" />
+
     <application
         android:name=".SystemUIApplication"
         android:persistent="true"
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
index 6fabe9b627771..acf141546939f 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
@@ -69,6 +69,10 @@ public class UserSwitcherController {
             "lockscreenSimpleUserSwitcher";
     private static final String ACTION_REMOVE_GUEST = "com.android.systemui.REMOVE_GUEST";
 
+    private static final int ID_REMOVE_GUEST = 1010;
+    private static final String TAG_REMOVE_GUEST = "remove_guest";
+    private static final String PERMISSION_SELF = "com.android.systemui.permission.SELF";
+
     private final Context mContext;
     private final UserManager mUserManager;
     private final ArrayList<WeakReference<BaseUserAdapter>> mAdapters = new ArrayList<>();
@@ -94,10 +98,13 @@ public class UserSwitcherController {
         filter.addAction(Intent.ACTION_USER_INFO_CHANGED);
         filter.addAction(Intent.ACTION_USER_SWITCHED);
         filter.addAction(Intent.ACTION_USER_STOPPING);
-        filter.addAction(ACTION_REMOVE_GUEST);
         mContext.registerReceiverAsUser(mReceiver, UserHandle.OWNER, filter,
                 null /* permission */, null /* scheduler */);
 
+        filter = new IntentFilter();
+        filter.addAction(ACTION_REMOVE_GUEST);
+        mContext.registerReceiverAsUser(mReceiver, UserHandle.OWNER, filter,
+                PERMISSION_SELF, null /* scheduler */);
 
         mContext.getContentResolver().registerContentObserver(
                 Settings.Global.getUriFor(SIMPLE_USER_SWITCHER_GLOBAL_SETTING), true,
@@ -366,8 +373,8 @@ public class UserSwitcherController {
                             mContext.getString(R.string.guest_notification_remove_action),
                             removeGuestPI)
                     .build();
-            NotificationManager.from(mContext).notifyAsUser(null, 0, notification,
-                    new UserHandle(guestUserId));
+            NotificationManager.from(mContext).notifyAsUser(TAG_REMOVE_GUEST, ID_REMOVE_GUEST,
+                    notification, new UserHandle(guestUserId));
         }
     };