frameworks/base
| Revision | caf3c62161d2a0562d54d53088cad8490782f2d7 (tree) |
|---|---|
| Zeit | 2020-03-03 20:50:09 |
| Autor | paulhu <paulhu@goog...> |
| Commiter | Vasyl Gello |
Fix security problem on PermissionMonitor#hasPermission
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: 144679405
Test: Build, flash, manual test
Change-Id: I5eba4909e4c2e1d9f275f66be90ac36466b93e90
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: Iae9c273af822b18c2e6fce04848a86f8dea6410a
(cherry picked from commit 305946b910a9ab3974daa4277f155614a3fc27a4)
| @@ -21,6 +21,7 @@ import static android.Manifest.permission.CONNECTIVITY_INTERNAL; | ||
| 21 | 21 | import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS; |
| 22 | 22 | import static android.content.pm.ApplicationInfo.FLAG_SYSTEM; |
| 23 | 23 | import static android.content.pm.ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; |
| 24 | +import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED; | |
| 24 | 25 | import static android.content.pm.PackageManager.GET_PERMISSIONS; |
| 25 | 26 | |
| 26 | 27 | import android.content.BroadcastReceiver; |
| @@ -39,6 +40,8 @@ import android.os.UserManager; | ||
| 39 | 40 | import android.text.TextUtils; |
| 40 | 41 | import android.util.Log; |
| 41 | 42 | |
| 43 | +import com.android.internal.util.ArrayUtils; | |
| 44 | + | |
| 42 | 45 | import java.util.ArrayList; |
| 43 | 46 | import java.util.HashMap; |
| 44 | 47 | import java.util.HashSet; |
| @@ -150,15 +153,13 @@ public class PermissionMonitor { | ||
| 150 | 153 | update(mUsers, mApps, true); |
| 151 | 154 | } |
| 152 | 155 | |
| 153 | - private boolean hasPermission(PackageInfo app, String permission) { | |
| 154 | - if (app.requestedPermissions != null) { | |
| 155 | - for (String p : app.requestedPermissions) { | |
| 156 | - if (permission.equals(p)) { | |
| 157 | - return true; | |
| 158 | - } | |
| 159 | - } | |
| 156 | + private boolean hasPermission(final PackageInfo app, final String permission) { | |
| 157 | + if (app.requestedPermissions == null || app.requestedPermissionsFlags == null) { | |
| 158 | + return false; | |
| 160 | 159 | } |
| 161 | - return false; | |
| 160 | + final int index = ArrayUtils.indexOf(app.requestedPermissions, permission); | |
| 161 | + if (index < 0 || index >= app.requestedPermissionsFlags.length) return false; | |
| 162 | + return (app.requestedPermissionsFlags[index] & REQUESTED_PERMISSION_GRANTED) != 0; | |
| 162 | 163 | } |
| 163 | 164 | |
| 164 | 165 | private boolean hasNetworkPermission(PackageInfo app) { |
Fork
services/core/java/com/android/server/connectivity/PermissionMonitor.java