Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b7e34d5508b41c421994eb70f96f56e5db7ede74^! / . / services / core / java / com / android / server / am / BroadcastQueue.java
commitb7e34d5508b41c421994eb70f96f56e5db7ede74[log] [tgz]
authorChad Brubaker <cbrubaker@google.com>Wed Feb 22 12:36:06 2017 -0800
committerChad Brubaker <cbrubaker@google.com>Mon Mar 06 11:11:33 2017 -0800
tree3a9e9b14d844c6f3331368b5365d85865c125203
parent748bf77274f6b1badc18c0f2b2f9e54fb7f282e8 [diff] [blame]
Only send exposed broadcasts to Instant Apps

In order to prevent Instant Apps from receiving potentially sensitive
broadcasts they will only receive those that the sender explicitly
exposes to Instant Apps by setting
Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS.

Bug:33350280
Test: `adb shell am broadcast` does not get delivered to Instant App
Test: `adb shell am broadcast -f 0x0x200000` gets delivered to Instant
App
Test: Verified that an Instant App can send a broadcast to itself
without FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS
Change-Id: Ie363448bf224abba530dd4caf69258939fff00af

diff --git a/services/core/java/com/android/server/am/BroadcastQueue.java b/services/core/java/com/android/server/am/BroadcastQueue.java
index c9d19cb..629f80d 100644
--- a/services/core/java/com/android/server/am/BroadcastQueue.java
+++ b/services/core/java/com/android/server/am/BroadcastQueue.java

@@ -623,6 +623,24 @@
             skip = true;
         }
 
+        // Ensure that broadcasts are only sent to other Instant Apps if they are marked as
+        // visible to Instant Apps.
+        final boolean visibleToInstantApps =
+                (r.intent.getFlags() & Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS) != 0;
+
+        if (!skip && !visibleToInstantApps && filter.instantApp
+                && filter.receiverList.uid != r.callingUid) {
+            Slog.w(TAG, "Instant App Denial: receiving "
+                    + r.intent.toString()
+                    + " to " + filter.receiverList.app
+                    + " (pid=" + filter.receiverList.pid
+                    + ", uid=" + filter.receiverList.uid + ")"
+                    + " due to sender " + r.callerPackage
+                    + " (uid " + r.callingUid + ")"
+                    + " not specifying FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS");
+            skip = true;
+        }
+
         if (skip) {
             r.delivery[index] = BroadcastRecord.DELIVERY_SKIPPED;
             return;
@@ -1121,6 +1139,19 @@
                     skip = true;
                 }
             }
+            final boolean visibleToInstantApps =
+                    (r.intent.getFlags() & Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS) != 0;
+            if (!skip && info.activityInfo.applicationInfo.isInstantApp()
+                    && !visibleToInstantApps
+                    && r.callingUid != info.activityInfo.applicationInfo.uid) {
+                Slog.w(TAG, "Instant App Denial: receiving "
+                        + r.intent
+                        + " to " + component.flattenToShortString()
+                        + " due to sender " + r.callerPackage
+                        + " (uid " + r.callingUid + ")"
+                        + " not specifying FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS");
+                skip = true;
+            }
             if (!skip) {
                 r.manifestCount++;
             } else {