Merge the 2019-08-01 SPL branch from AOSP-Partner
* security-aosp-nyc-mr2-release:
Clear the Parcel before writing an exception during a transaction
Protect VPN dialogs against overlay.
[RESTRICT AUTOMERGE] Make Lock task default behaviour consistent with Settings.
SUPL ES Extension - June 2019 rollup
Limit IsSeparateProfileChallengeAllowed to system callers
[RESTRICT AUTOMERGE]: Add cross user permission check - areNotificationsEnabledForPackage
[RESTRICT AUTOMERGE] Added missing permission check to isPackageDeviceAdminOnAnyUser.
Permission Check For DPM.getPermittedAccessibilityServices
Change-Id: Ic42855742de81476527df18c96d962cb93343961
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index ea8ba2f..b9597ea 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -574,6 +574,8 @@
Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
}
} else {
+ // Clear the parcel before writing the exception
+ reply.setDataSize(0);
reply.setDataPosition(0);
reply.writeException(e);
}
diff --git a/location/java/com/android/internal/location/GpsNetInitiatedHandler.java b/location/java/com/android/internal/location/GpsNetInitiatedHandler.java
index 75f046b..aa73bc6e 100644
--- a/location/java/com/android/internal/location/GpsNetInitiatedHandler.java
+++ b/location/java/com/android/internal/location/GpsNetInitiatedHandler.java
@@ -16,6 +16,9 @@
package com.android.internal.location;
+import java.io.UnsupportedEncodingException;
+import java.util.concurrent.TimeUnit;
+
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
@@ -23,20 +26,21 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
-import android.location.INetInitiatedListener;
import android.location.LocationManager;
-import android.os.Bundle;
-import android.os.RemoteException;
-import android.os.SystemProperties;
-import android.os.UserHandle;
+import android.location.INetInitiatedListener;
+import android.os.SystemClock;
+import android.telephony.TelephonyManager;
import android.telephony.PhoneNumberUtils;
import android.telephony.PhoneStateListener;
-import android.telephony.TelephonyManager;
+import android.os.Bundle;
+import android.os.RemoteException;
+import android.os.UserHandle;
+import android.os.SystemProperties;
import android.util.Log;
+
import com.android.internal.R;
import com.android.internal.telephony.GsmAlphabet;
import com.android.internal.telephony.TelephonyProperties;
-import java.io.UnsupportedEncodingException;
/**
* A GPS Network-initiated Handler class used by LocationManager.
@@ -47,8 +51,7 @@
private static final String TAG = "GpsNetInitiatedHandler";
- private static final boolean DEBUG = true;
- private static final boolean VERBOSE = false;
+ private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
// NI verify activity for bringing up UI (not used yet)
public static final String ACTION_NI_VERIFY = "android.intent.action.NETWORK_INITIATED_VERIFY";
@@ -91,6 +94,9 @@
public static final int GPS_ENC_SUPL_UCS2 = 3;
public static final int GPS_ENC_UNKNOWN = -1;
+ // Limit on SUPL NI emergency mode time extension after emergency sessions ends
+ private static final int MAX_EMERGENCY_MODE_EXTENSION_SECONDS = 300; // 5 minute maximum
+
private final Context mContext;
private final TelephonyManager mTelephonyManager;
private final PhoneStateListener mPhoneStateListener;
@@ -106,7 +112,7 @@
private volatile boolean mIsSuplEsEnabled;
// Set to true if the phone is having emergency call.
- private volatile boolean mIsInEmergency;
+ private volatile boolean mIsInEmergencyCall;
// If Location function is enabled.
private volatile boolean mIsLocationEnabled = false;
@@ -116,6 +122,10 @@
// Set to true if string from HAL is encoded as Hex, e.g., "3F0039"
static private boolean mIsHexInput = true;
+ // End time of emergency call, and extension, if set
+ private volatile long mCallEndElapsedRealtimeMillis = 0;
+ private volatile long mEmergencyExtensionMillis = 0;
+
public static class GpsNiNotification
{
public int notificationId;
@@ -146,16 +156,12 @@
if (action.equals(Intent.ACTION_NEW_OUTGOING_CALL)) {
String phoneNumber = intent.getStringExtra(Intent.EXTRA_PHONE_NUMBER);
/*
- Emergency Mode is when during emergency call or in emergency call back mode.
- For checking if it is during emergency call:
- mIsInEmergency records if the phone is in emergency call or not. It will
+ Tracks the emergency call:
+ mIsInEmergencyCall records if the phone is in emergency call or not. It will
be set to true when the phone is having emergency call, and then will
be set to false by mPhoneStateListener when the emergency call ends.
- For checking if it is in emergency call back mode:
- Emergency call back mode will be checked by reading system properties
- when necessary: SystemProperties.get(TelephonyProperties.PROPERTY_INECM_MODE)
*/
- setInEmergency(PhoneNumberUtils.isEmergencyNumber(phoneNumber));
+ mIsInEmergencyCall = PhoneNumberUtils.isEmergencyNumber(phoneNumber);
if (DEBUG) Log.v(TAG, "ACTION_NEW_OUTGOING_CALL - " + getInEmergency());
} else if (action.equals(LocationManager.MODE_CHANGED_ACTION)) {
updateLocationMode();
@@ -195,7 +201,10 @@
if (DEBUG) Log.d(TAG, "onCallStateChanged(): state is "+ state);
// listening for emergency call ends
if (state == TelephonyManager.CALL_STATE_IDLE) {
- setInEmergency(false);
+ if (mIsInEmergencyCall) {
+ mCallEndElapsedRealtimeMillis = SystemClock.elapsedRealtime();
+ mIsInEmergencyCall = false;
+ }
}
}
};
@@ -229,23 +238,37 @@
return mIsLocationEnabled;
}
- // Note: Currently, there are two mechanisms involved to determine if a
- // phone is in emergency mode:
- // 1. If the user is making an emergency call, this is provided by activly
- // monitoring the outgoing phone number;
- // 2. If the device is in a emergency callback state, this is provided by
- // system properties.
- // If either one of above exists, the phone is considered in an emergency
- // mode. Because of this complexity, we need to be careful about how to set
- // and clear the emergency state.
- public void setInEmergency(boolean isInEmergency) {
- mIsInEmergency = isInEmergency;
- }
-
+ /**
+ * Determines whether device is in user-initiated emergency session based on the following
+ * 1. If the user is making an emergency call, this is provided by actively
+ * monitoring the outgoing phone number;
+ * 2. If the user has recently ended an emergency call, and the device is in a configured time
+ * window after the end of that call.
+ * 3. If the device is in a emergency callback state, this is provided by querying
+ * TelephonyManager.
+ * @return true if is considered in user initiated emergency mode for NI purposes
+ */
public boolean getInEmergency() {
+ boolean isInEmergencyExtension =
+ (mCallEndElapsedRealtimeMillis > 0)
+ && ((SystemClock.elapsedRealtime() - mCallEndElapsedRealtimeMillis)
+ < mEmergencyExtensionMillis);
boolean isInEmergencyCallback = Boolean.parseBoolean(
SystemProperties.get(TelephonyProperties.PROPERTY_INECM_MODE));
- return mIsInEmergency || isInEmergencyCallback;
+ return mIsInEmergencyCall || isInEmergencyCallback || isInEmergencyExtension;
+ }
+
+ public void setEmergencyExtensionSeconds(int emergencyExtensionSeconds) {
+ if (emergencyExtensionSeconds > MAX_EMERGENCY_MODE_EXTENSION_SECONDS) {
+ Log.w(TAG, "emergencyExtensionSeconds " + emergencyExtensionSeconds
+ + " too high, reset to " + MAX_EMERGENCY_MODE_EXTENSION_SECONDS);
+ emergencyExtensionSeconds = MAX_EMERGENCY_MODE_EXTENSION_SECONDS;
+ } else if (emergencyExtensionSeconds < 0) {
+ Log.w(TAG, "emergencyExtensionSeconds " + emergencyExtensionSeconds
+ + " is negative, reset to zero.");
+ emergencyExtensionSeconds = 0;
+ }
+ mEmergencyExtensionMillis = TimeUnit.SECONDS.toMillis(emergencyExtensionSeconds);
}
diff --git a/packages/VpnDialogs/AndroidManifest.xml b/packages/VpnDialogs/AndroidManifest.xml
index a3d27ce..60ed324 100644
--- a/packages/VpnDialogs/AndroidManifest.xml
+++ b/packages/VpnDialogs/AndroidManifest.xml
@@ -21,6 +21,7 @@
<uses-permission android:name="android.permission.CONTROL_VPN" />
<uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
+ <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS"/>
<application android:label="VpnDialogs"
android:allowBackup="false" >
diff --git a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
index 72ce9c4..0933974 100644
--- a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
+++ b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
@@ -16,6 +16,8 @@
package com.android.vpndialogs;
+import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
import android.content.Context;
import android.content.DialogInterface;
import android.content.pm.PackageManager;
@@ -78,6 +80,7 @@
setupAlert();
getWindow().setCloseOnTouchOutside(false);
+ getWindow().addPrivateFlags(PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
Button button = mAlert.getButton(DialogInterface.BUTTON_POSITIVE);
button.setFilterTouchesWhenObscured(true);
}
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index a7ff050..1cb498b 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -4051,18 +4051,11 @@
mLockTaskNotify = new LockTaskNotify(mService.mContext);
}
mLockTaskNotify.show(false);
- try {
- boolean shouldLockKeyguard = Settings.Secure.getInt(
- mService.mContext.getContentResolver(),
- Settings.Secure.LOCK_TO_APP_EXIT_LOCKED) != 0;
- if (mLockTaskModeState == LOCK_TASK_MODE_PINNED && shouldLockKeyguard) {
- mWindowManager.lockNow(null);
- mWindowManager.dismissKeyguard();
- new LockPatternUtils(mService.mContext)
- .requireCredentialEntry(UserHandle.USER_ALL);
- }
- } catch (SettingNotFoundException e) {
- // No setting, don't lock.
+ if (mLockTaskModeState == LOCK_TASK_MODE_PINNED && shouldLockKeyguard()) {
+ mWindowManager.lockNow(null);
+ mWindowManager.dismissKeyguard();
+ new LockPatternUtils(mService.mContext)
+ .requireCredentialEntry(UserHandle.USER_ALL);
}
} catch (RemoteException ex) {
throw new RuntimeException(ex);
@@ -4099,6 +4092,21 @@
}
}
+ private boolean shouldLockKeyguard() {
+ // This functionality should be kept consistent with
+ // com.android.settings.security.ScreenPinningSettings (see b/127605586)
+ try {
+ return Settings.Secure.getInt(
+ mService.mContext.getContentResolver(),
+ Settings.Secure.LOCK_TO_APP_EXIT_LOCKED) != 0;
+ } catch (Settings.SettingNotFoundException e) {
+ // Log to SafetyNet for b/127605586
+ android.util.EventLog.writeEvent(0x534e4554, "127605586", -1, "");
+ LockPatternUtils lockPatternUtils = new LockPatternUtils(mService.mContext);
+ return lockPatternUtils.isSecure(mCurrentUser);
+ }
+ }
+
class ActivityContainer extends android.app.IActivityContainer.Stub {
final static int FORCE_NEW_TASK_FLAGS = FLAG_ACTIVITY_NEW_TASK |
FLAG_ACTIVITY_MULTIPLE_TASK | Intent.FLAG_ACTIVITY_NO_ANIMATION;
diff --git a/services/core/java/com/android/server/location/GnssLocationProvider.java b/services/core/java/com/android/server/location/GnssLocationProvider.java
index 48694fe..a2d3afd 100644
--- a/services/core/java/com/android/server/location/GnssLocationProvider.java
+++ b/services/core/java/com/android/server/location/GnssLocationProvider.java
@@ -679,6 +679,17 @@
Log.e(TAG, "unable to parse SUPL_ES: " + suplESProperty);
}
}
+
+ String emergencyExtensionSecondsString
+ = properties.getProperty("ES_EXTENSION_SEC", "0");
+ try {
+ int emergencyExtensionSeconds =
+ Integer.parseInt(emergencyExtensionSecondsString);
+ mNIHandler.setEmergencyExtensionSeconds(emergencyExtensionSeconds);
+ } catch (NumberFormatException e) {
+ Log.e(TAG, "unable to parse ES_EXTENSION_SEC: "
+ + emergencyExtensionSecondsString);
+ }
}
private void loadPropertiesFromResource(Context context,
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 22df8bf..e5242fc 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -1442,6 +1442,12 @@
@Override
public boolean areNotificationsEnabledForPackage(String pkg, int uid) {
checkCallerIsSystemOrSameApp(pkg);
+ if (UserHandle.getCallingUserId() != UserHandle.getUserId(uid)) {
+ getContext().enforceCallingPermission(
+ android.Manifest.permission.INTERACT_ACROSS_USERS,
+ "canNotifyAsPackage for uid " + uid);
+ }
+
return (mAppOps.checkOpNoThrow(AppOpsManager.OP_POST_NOTIFICATION, uid, pkg)
== AppOpsManager.MODE_ALLOWED) && !isPackageSuspendedForUser(pkg, uid);
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index edf2a39..e27da71 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -15955,6 +15955,13 @@
@Override
public boolean isPackageDeviceAdminOnAnyUser(String packageName) {
+ final int callingUid = Binder.getCallingUid();
+ if (checkUidPermission(android.Manifest.permission.MANAGE_USERS, callingUid)
+ != PERMISSION_GRANTED) {
+ EventLog.writeEvent(0x534e4554, "128599183", -1, "");
+ throw new SecurityException(android.Manifest.permission.MANAGE_USERS
+ + " permission is required to call this API");
+ }
return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index f3b3c67..e6b1bdc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3155,6 +3155,9 @@
@Override
public boolean isSeparateProfileChallengeAllowed(int userHandle) {
+ if (!isCallerWithSystemUid()) {
+ throw new SecurityException("Caller must be system");
+ }
ComponentName profileOwner = getProfileOwner(userHandle);
// Profile challenge is supported on N or newer release.
return profileOwner != null &&
@@ -7117,6 +7120,7 @@
if (!mHasFeature) {
return null;
}
+ enforceManageUsers();
synchronized (this) {
List<String> result = null;
// If we have multiple profiles we return the intersection of the