Merge "Make sure apps cannot forge package name on AssistStructure used for Autofill." into oc-mr1-dev

2017-12-08 18:05:59 +00:00
parent 5d04d92265 23e61a9086
commit 613d0cd8fb
7 changed files with 115 additions and 26 deletions
--- a/core/java/android/app/assist/AssistStructure.java
+++ b/core/java/android/app/assist/AssistStructure.java
@@ -2058,6 +2058,16 @@ public class AssistStructure implements Parcelable {
        return mActivityComponent;
    }

+    /**
+     * Called by Autofill server when app forged a different value.
+     *
+     * @hide
+     */
+    public void setActivityComponent(ComponentName componentName) {
+        ensureData();
+        mActivityComponent = componentName;
+    }
+
    /** @hide */
    public int getFlags() {
        return mFlags;
--- a/core/java/android/view/autofill/AutofillManager.java
+++ b/core/java/android/view/autofill/AutofillManager.java
@@ -24,6 +24,8 @@ import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.SystemService;
+import android.app.Activity;
+import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentSender;
@@ -44,6 +46,7 @@ import android.view.View;
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.logging.MetricsLogger;
 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
+import com.android.internal.util.Preconditions;

 import java.io.PrintWriter;
 import java.lang.annotation.Retention;
@@ -390,7 +393,7 @@ public final class AutofillManager {
     * @hide
     */
    public AutofillManager(Context context, IAutoFillManager service) {
-        mContext = context;
+        mContext = Preconditions.checkNotNull(context, "context cannot be null");
        mService = service;
    }

@@ -940,6 +943,13 @@ public final class AutofillManager {
        return mContext.getAutofillClient();
    }

+    private ComponentName getComponentNameFromContext() {
+        if (mContext instanceof Activity) {
+            return ((Activity) mContext).getComponentName();
+        }
+        return null;
+    }
+
    /** @hide */
    public void onAuthenticationResult(int authenticationId, Intent data) {
        if (!hasAutofillFeature()) {
@@ -990,9 +1000,14 @@ public final class AutofillManager {
            return;
        }
        try {
+            final ComponentName componentName = getComponentNameFromContext();
+            if (componentName == null) {
+                Log.w(TAG, "startSessionLocked(): context is not activity: " + mContext);
+                return;
+            }
            mSessionId = mService.startSession(mContext.getActivityToken(),
                    mServiceClient.asBinder(), id, bounds, value, mContext.getUserId(),
-                    mCallback != null, flags, mContext.getOpPackageName());
+                    mCallback != null, flags, componentName);
            if (mSessionId != NO_SESSION) {
                mState = STATE_ACTIVE;
            }
@@ -1050,9 +1065,14 @@ public final class AutofillManager {

        try {
            if (restartIfNecessary) {
+                final ComponentName componentName = getComponentNameFromContext();
+                if (componentName == null) {
+                    Log.w(TAG, "startSessionLocked(): context is not activity: " + mContext);
+                    return;
+                }
                final int newId = mService.updateOrRestartSession(mContext.getActivityToken(),
                        mServiceClient.asBinder(), id, bounds, value, mContext.getUserId(),
-                        mCallback != null, flags, mContext.getOpPackageName(), mSessionId, action);
+                        mCallback != null, flags, componentName, mSessionId, action);
                if (newId != mSessionId) {
                    if (sDebug) Log.d(TAG, "Session restarted: " + mSessionId + "=>" + newId);
                    mSessionId = newId;
--- a/core/java/android/view/autofill/IAutoFillManager.aidl
+++ b/core/java/android/view/autofill/IAutoFillManager.aidl
@@ -16,6 +16,7 @@

 package android.view.autofill;

+import android.content.ComponentName;
 import android.graphics.Rect;
 import android.os.Bundle;
 import android.os.IBinder;
@@ -34,14 +35,15 @@ interface IAutoFillManager {
    int addClient(in IAutoFillManagerClient client, int userId);
    int startSession(IBinder activityToken, in IBinder appCallback, in AutofillId autoFillId,
            in Rect bounds, in AutofillValue value, int userId, boolean hasCallback, int flags,
-            String packageName);
+            in ComponentName componentName);
    FillEventHistory getFillEventHistory();
    boolean restoreSession(int sessionId, in IBinder activityToken, in IBinder appCallback);
    void updateSession(int sessionId, in AutofillId id, in Rect bounds,
            in AutofillValue value, int action, int flags, int userId);
    int updateOrRestartSession(IBinder activityToken, in IBinder appCallback,
            in AutofillId autoFillId, in Rect bounds, in AutofillValue value, int userId,
-            boolean hasCallback, int flags, String packageName, int sessionId, int action);
+            boolean hasCallback, int flags, in ComponentName componentName, int sessionId,
+            int action);
    void finishSession(int sessionId, int userId);
    void cancelSession(int sessionId, int userId);
    void setAuthenticationResult(in Bundle data, int sessionId, int authenticationId, int userId);