Merge "Deliver realCallingUid and realCallingPid to AMS.broadcastIntentLocked() and make permission checks on them"
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index 69c450c..7d828d8 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -259,10 +259,11 @@
public abstract void tempWhitelistForPendingIntent(int callerPid, int callerUid, int targetUid,
long duration, String tag);
- public abstract int broadcastIntentInPackage(String packageName, int uid, Intent intent,
- String resolvedType, IIntentReceiver resultTo, int resultCode, String resultData,
- Bundle resultExtras, String requiredPermission, Bundle bOptions, boolean serialized,
- boolean sticky, int userId, boolean allowBackgroundActivityStarts);
+ public abstract int broadcastIntentInPackage(String packageName, int uid, int realCallingUid,
+ int realCallingPid, Intent intent, String resolvedType, IIntentReceiver resultTo,
+ int resultCode, String resultData, Bundle resultExtras, String requiredPermission,
+ Bundle bOptions, boolean serialized, boolean sticky, int userId,
+ boolean allowBackgroundActivityStarts);
public abstract ComponentName startServiceInPackage(int uid, Intent service,
String resolvedType, boolean fgRequired, String callingPackage, int userId,
boolean allowBackgroundActivityStarts) throws TransactionTooLargeException;
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 2f20572..3c0430f 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -2704,8 +2704,8 @@
public void batterySendBroadcast(Intent intent) {
synchronized (this) {
broadcastIntentLocked(null, null, intent, null, null, 0, null, null, null,
- OP_NONE, null, false, false,
- -1, SYSTEM_UID, UserHandle.USER_ALL);
+ OP_NONE, null, false, false, -1, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
}
}
@@ -3823,12 +3823,13 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, resolvedUserId);
if (isInstantApp) {
intent.putExtra(Intent.EXTRA_PACKAGE_NAME, packageName);
- broadcastIntentInPackage("android", SYSTEM_UID, intent, null, null, 0,
- null, null, permission.ACCESS_INSTANT_APPS, null, false, false,
- resolvedUserId, false);
+ broadcastIntentInPackage("android", SYSTEM_UID, uid, pid, intent, null,
+ null, 0, null, null, permission.ACCESS_INSTANT_APPS, null, false,
+ false, resolvedUserId, false);
} else {
- broadcastIntentInPackage("android", SYSTEM_UID, intent, null, null, 0,
- null, null, null, null, false, false, resolvedUserId, false);
+ broadcastIntentInPackage("android", SYSTEM_UID, uid, pid, intent, null,
+ null, 0, null, null, null, null, false, false, resolvedUserId,
+ false);
}
if (observer != null) {
@@ -4263,7 +4264,8 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, UserHandle.getUserId(uid));
broadcastIntentLocked(null, null, intent,
null, null, 0, null, null, null, OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID, UserHandle.getUserId(uid));
+ null, false, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.getUserId(uid));
}
private void cleanupDisabledPackageComponentsLocked(
@@ -8709,6 +8711,8 @@
mAtmInternal.showSystemReadyErrorDialogsIfNeeded();
+ final int callingUid = Binder.getCallingUid();
+ final int callingPid = Binder.getCallingPid();
long ident = Binder.clearCallingIdentity();
try {
Intent intent = new Intent(Intent.ACTION_USER_STARTED);
@@ -8717,7 +8721,7 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, currentUserId);
broadcastIntentLocked(null, null, intent,
null, null, 0, null, null, null, OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID,
+ null, false, false, MY_PID, SYSTEM_UID, callingUid, callingPid,
currentUserId);
intent = new Intent(Intent.ACTION_USER_STARTING);
intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
@@ -8731,7 +8735,8 @@
}
}, 0, null, null,
new String[] {INTERACT_ACROSS_USERS}, OP_NONE,
- null, true, false, MY_PID, SYSTEM_UID, UserHandle.USER_ALL);
+ null, true, false, MY_PID, SYSTEM_UID, callingUid, callingPid,
+ UserHandle.USER_ALL);
} catch (Throwable t) {
Slog.wtf(TAG, "Failed sending first user broadcasts", t);
} finally {
@@ -14369,10 +14374,12 @@
String callerPackage, Intent intent, String resolvedType,
IIntentReceiver resultTo, int resultCode, String resultData,
Bundle resultExtras, String[] requiredPermissions, int appOp, Bundle bOptions,
- boolean ordered, boolean sticky, int callingPid, int callingUid, int userId) {
+ boolean ordered, boolean sticky, int callingPid, int callingUid, int realCallingUid,
+ int realCallingPid, int userId) {
return broadcastIntentLocked(callerApp, callerPackage, intent, resolvedType, resultTo,
resultCode, resultData, resultExtras, requiredPermissions, appOp, bOptions, ordered,
- sticky, callingPid, callingUid, userId, false /* allowBackgroundActivityStarts */);
+ sticky, callingPid, callingUid, realCallingUid, realCallingPid, userId,
+ false /* allowBackgroundActivityStarts */);
}
@GuardedBy("this")
@@ -14380,8 +14387,8 @@
String callerPackage, Intent intent, String resolvedType,
IIntentReceiver resultTo, int resultCode, String resultData,
Bundle resultExtras, String[] requiredPermissions, int appOp, Bundle bOptions,
- boolean ordered, boolean sticky, int callingPid, int callingUid, int userId,
- boolean allowBackgroundActivityStarts) {
+ boolean ordered, boolean sticky, int callingPid, int callingUid, int realCallingUid,
+ int realCallingPid, int userId, boolean allowBackgroundActivityStarts) {
intent = new Intent(intent);
final boolean callerInstantApp = isInstantApp(callerApp, callerPackage, callingUid);
@@ -14430,7 +14437,7 @@
// PendingIntent), because that who is actually supplied the arguments.
if (checkComponentPermission(
android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST,
- Binder.getCallingPid(), Binder.getCallingUid(), -1, true)
+ realCallingPid, realCallingUid, -1, true)
!= PackageManager.PERMISSION_GRANTED) {
String msg = "Permission Denial: " + intent.getAction()
+ " broadcast from " + callerPackage + " (pid=" + callingPid
@@ -15118,15 +15125,15 @@
callerApp != null ? callerApp.info.packageName : null,
intent, resolvedType, resultTo, resultCode, resultData, resultExtras,
requiredPermissions, appOp, bOptions, serialized, sticky,
- callingPid, callingUid, userId);
+ callingPid, callingUid, callingUid, callingPid, userId);
Binder.restoreCallingIdentity(origId);
return res;
}
}
- int broadcastIntentInPackage(String packageName, int uid,
- Intent intent, String resolvedType, IIntentReceiver resultTo,
+ int broadcastIntentInPackage(String packageName, int uid, int realCallingUid,
+ int realCallingPid, Intent intent, String resolvedType, IIntentReceiver resultTo,
int resultCode, String resultData, Bundle resultExtras,
String requiredPermission, Bundle bOptions, boolean serialized, boolean sticky,
int userId, boolean allowBackgroundActivityStarts) {
@@ -15139,7 +15146,8 @@
int res = broadcastIntentLocked(null, packageName, intent, resolvedType,
resultTo, resultCode, resultData, resultExtras,
requiredPermissions, OP_NONE, bOptions, serialized,
- sticky, -1, uid, userId, allowBackgroundActivityStarts);
+ sticky, -1, uid, realCallingUid, realCallingPid, userId,
+ allowBackgroundActivityStarts);
Binder.restoreCallingIdentity(origId);
return res;
}
@@ -17721,15 +17729,16 @@
}
@Override
- public int broadcastIntentInPackage(String packageName, int uid, Intent intent,
- String resolvedType, IIntentReceiver resultTo, int resultCode, String resultData,
- Bundle resultExtras, String requiredPermission, Bundle bOptions, boolean serialized,
- boolean sticky, int userId, boolean allowBackgroundActivityStarts) {
+ public int broadcastIntentInPackage(String packageName, int uid, int realCallingUid,
+ int realCallingPid, Intent intent, String resolvedType, IIntentReceiver resultTo,
+ int resultCode, String resultData, Bundle resultExtras, String requiredPermission,
+ Bundle bOptions, boolean serialized, boolean sticky, int userId,
+ boolean allowBackgroundActivityStarts) {
synchronized (ActivityManagerService.this) {
return ActivityManagerService.this.broadcastIntentInPackage(packageName, uid,
- intent, resolvedType, resultTo, resultCode, resultData, resultExtras,
- requiredPermission, bOptions, serialized, sticky, userId,
- allowBackgroundActivityStarts);
+ realCallingUid, realCallingPid, intent, resolvedType, resultTo, resultCode,
+ resultData, resultExtras, requiredPermission, bOptions, serialized, sticky,
+ userId, allowBackgroundActivityStarts);
}
}
@@ -17830,8 +17839,8 @@
| Intent.FLAG_RECEIVER_FOREGROUND
| Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS);
broadcastIntentLocked(null, null, intent, null, null, 0, null, null, null,
- OP_NONE, null, false, false, MY_PID, SYSTEM_UID,
- UserHandle.USER_ALL);
+ OP_NONE, null, false, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
if ((changes & ActivityInfo.CONFIG_LOCALE) != 0) {
intent = new Intent(Intent.ACTION_LOCALE_CHANGED);
intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND
@@ -17841,8 +17850,8 @@
intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
}
broadcastIntentLocked(null, null, intent, null, null, 0, null, null, null,
- OP_NONE, null, false, false, MY_PID, SYSTEM_UID,
- UserHandle.USER_ALL);
+ OP_NONE, null, false, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
}
// Send a broadcast to PackageInstallers if the configuration change is interesting
@@ -17857,7 +17866,7 @@
new String[] { android.Manifest.permission.INSTALL_PACKAGES };
broadcastIntentLocked(null, null, intent, null, null, 0, null, null,
permissions, OP_NONE, null, false, false, MY_PID, SYSTEM_UID,
- UserHandle.USER_ALL);
+ Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.USER_ALL);
}
}
}
@@ -17881,7 +17890,8 @@
}
broadcastIntentLocked(null, null, intent, null, null, 0, null, null, null,
- OP_NONE, null, false, false, -1, SYSTEM_UID, UserHandle.USER_ALL);
+ OP_NONE, null, false, false, -1, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
}
}
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java
index af56352..a08c829 100644
--- a/services/core/java/com/android/server/am/PendingIntentRecord.java
+++ b/services/core/java/com/android/server/am/PendingIntentRecord.java
@@ -423,9 +423,9 @@
// If a completion callback has been requested, require
// that the broadcast be delivered synchronously
int sent = controller.mAmInternal.broadcastIntentInPackage(key.packageName,
- uid, finalIntent, resolvedType, finishedReceiver, code, null, null,
- requiredPermission, options, (finishedReceiver != null),
- false, userId,
+ uid, callingUid, callingPid, finalIntent, resolvedType,
+ finishedReceiver, code, null, null, requiredPermission, options,
+ (finishedReceiver != null), false, userId,
mAllowBgActivityStartsForBroadcastSender.contains(whitelistToken)
|| allowTrampoline);
if (sent == ActivityManager.BROADCAST_SUCCESS) {
diff --git a/services/core/java/com/android/server/am/PreBootBroadcaster.java b/services/core/java/com/android/server/am/PreBootBroadcaster.java
index 3ea1147..376999d 100644
--- a/services/core/java/com/android/server/am/PreBootBroadcaster.java
+++ b/services/core/java/com/android/server/am/PreBootBroadcaster.java
@@ -27,6 +27,7 @@
import android.content.IIntentReceiver;
import android.content.Intent;
import android.content.pm.ResolveInfo;
+import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
@@ -108,7 +109,7 @@
mIntent.setComponent(componentName);
mService.broadcastIntentLocked(null, null, mIntent, null, this, 0, null, null, null,
AppOpsManager.OP_NONE, null, true, false, ActivityManagerService.MY_PID,
- Process.SYSTEM_UID, mUserId);
+ Process.SYSTEM_UID, Binder.getCallingUid(), Binder.getCallingPid(), mUserId);
}
@Override
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 7f6648a..ac20f6c 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -371,7 +371,8 @@
| Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
mInjector.broadcastIntent(intent, null, resultTo, 0, null, null,
new String[]{android.Manifest.permission.RECEIVE_BOOT_COMPLETED},
- AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID, userId);
+ AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID,
+ Binder.getCallingUid(), Binder.getCallingPid(), userId);
}
// We need to delay unlocking managed profiles until the parent user
@@ -471,7 +472,7 @@
Intent.FLAG_RECEIVER_REGISTERED_ONLY | Intent.FLAG_RECEIVER_FOREGROUND);
mInjector.broadcastIntent(unlockedIntent, null, null, 0, null,
null, null, AppOpsManager.OP_NONE, null, false, false, MY_PID, SYSTEM_UID,
- userId);
+ Binder.getCallingUid(), Binder.getCallingPid(), userId);
if (getUserInfo(userId).isManagedProfile()) {
UserInfo parent = mInjector.getUserManager().getProfileParent(userId);
@@ -484,8 +485,8 @@
| Intent.FLAG_RECEIVER_FOREGROUND);
mInjector.broadcastIntent(profileUnlockedIntent,
null, null, 0, null, null, null, AppOpsManager.OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID,
- parent.id);
+ null, false, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), parent.id);
}
}
@@ -543,7 +544,8 @@
mInjector.getUserManager().makeInitialized(userInfo.id);
}
}, 0, null, null, null, AppOpsManager.OP_NONE,
- null, true, false, MY_PID, SYSTEM_UID, userId);
+ null, true, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), userId);
}
}
@@ -573,7 +575,8 @@
}
}, 0, null, null,
new String[]{android.Manifest.permission.RECEIVE_BOOT_COMPLETED},
- AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID, userId);
+ AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID,
+ Binder.getCallingUid(), Binder.getCallingPid(), userId);
}
int restartUser(final int userId, final boolean foreground) {
@@ -696,7 +699,8 @@
mInjector.broadcastIntent(stoppingIntent,
null, stoppingReceiver, 0, null, null,
new String[]{INTERACT_ACROSS_USERS}, AppOpsManager.OP_NONE,
- null, true, false, MY_PID, SYSTEM_UID, UserHandle.USER_ALL);
+ null, true, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
});
}
}
@@ -735,7 +739,8 @@
mInjector.broadcastIntent(shutdownIntent,
null, shutdownReceiver, 0, null, null, null,
AppOpsManager.OP_NONE,
- null, true, false, MY_PID, SYSTEM_UID, userId);
+ null, true, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), userId);
}
void finishUserStopped(UserState uss) {
@@ -834,7 +839,8 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
mInjector.broadcastIntent(intent,
null, null, 0, null, null, null, AppOpsManager.OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID, UserHandle.USER_ALL);
+ null, false, false, MY_PID, SYSTEM_UID, Binder.getCallingUid(),
+ Binder.getCallingPid(), UserHandle.USER_ALL);
}
/**
@@ -950,6 +956,8 @@
Slog.i(TAG, "Starting userid:" + userId + " fg:" + foreground);
+ final int callingUid = Binder.getCallingUid();
+ final int callingPid = Binder.getCallingPid();
final long ident = Binder.clearCallingIdentity();
try {
final int oldUserId = getCurrentUserId();
@@ -1088,7 +1096,7 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
mInjector.broadcastIntent(intent,
null, null, 0, null, null, null, AppOpsManager.OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID, userId);
+ null, false, false, MY_PID, SYSTEM_UID, callingUid, callingPid, userId);
}
if (foreground) {
@@ -1111,7 +1119,8 @@
}
}, 0, null, null,
new String[]{INTERACT_ACROSS_USERS}, AppOpsManager.OP_NONE,
- null, true, false, MY_PID, SYSTEM_UID, UserHandle.USER_ALL);
+ null, true, false, MY_PID, SYSTEM_UID, callingUid, callingPid,
+ UserHandle.USER_ALL);
}
} finally {
Binder.restoreCallingIdentity(ident);
@@ -1427,6 +1436,8 @@
}
void sendUserSwitchBroadcasts(int oldUserId, int newUserId) {
+ final int callingUid = Binder.getCallingUid();
+ final int callingPid = Binder.getCallingPid();
long ident = Binder.clearCallingIdentity();
try {
Intent intent;
@@ -1442,7 +1453,8 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, profileUserId);
mInjector.broadcastIntent(intent,
null, null, 0, null, null, null, AppOpsManager.OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID, profileUserId);
+ null, false, false, MY_PID, SYSTEM_UID, callingUid, callingPid,
+ profileUserId);
}
}
if (newUserId >= 0) {
@@ -1457,7 +1469,8 @@
intent.putExtra(Intent.EXTRA_USER_HANDLE, profileUserId);
mInjector.broadcastIntent(intent,
null, null, 0, null, null, null, AppOpsManager.OP_NONE,
- null, false, false, MY_PID, SYSTEM_UID, profileUserId);
+ null, false, false, MY_PID, SYSTEM_UID, callingUid, callingPid,
+ profileUserId);
}
intent = new Intent(Intent.ACTION_USER_SWITCHED);
intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY
@@ -1466,8 +1479,8 @@
mInjector.broadcastIntent(intent,
null, null, 0, null, null,
new String[] {android.Manifest.permission.MANAGE_USERS},
- AppOpsManager.OP_NONE, null, false, false, MY_PID, SYSTEM_UID,
- UserHandle.USER_ALL);
+ AppOpsManager.OP_NONE, null, false, false, MY_PID, SYSTEM_UID, callingUid,
+ callingPid, UserHandle.USER_ALL);
}
} finally {
Binder.restoreCallingIdentity(ident);
@@ -2107,12 +2120,14 @@
protected int broadcastIntent(Intent intent, String resolvedType,
IIntentReceiver resultTo, int resultCode, String resultData,
Bundle resultExtras, String[] requiredPermissions, int appOp, Bundle bOptions,
- boolean ordered, boolean sticky, int callingPid, int callingUid, int userId) {
+ boolean ordered, boolean sticky, int callingPid, int callingUid, int realCallingUid,
+ int realCallingPid, int userId) {
// TODO b/64165549 Verify that mLock is not held before calling AMS methods
synchronized (mService) {
return mService.broadcastIntentLocked(null, null, intent, resolvedType, resultTo,
resultCode, resultData, resultExtras, requiredPermissions, appOp, bOptions,
- ordered, sticky, callingPid, callingUid, userId);
+ ordered, sticky, callingPid, callingUid, realCallingUid, realCallingPid,
+ userId);
}
}
diff --git a/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java b/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java
index bd03a8d..04abeca1 100644
--- a/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java
+++ b/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java
@@ -403,7 +403,8 @@
protected int broadcastIntent(Intent intent, String resolvedType,
IIntentReceiver resultTo, int resultCode, String resultData, Bundle resultExtras,
String[] requiredPermissions, int appOp, Bundle bOptions, boolean ordered,
- boolean sticky, int callingPid, int callingUid, int userId) {
+ boolean sticky, int callingPid, int callingUid, int realCallingUid,
+ int realCallingPid, int userId) {
Log.i(TAG, "broadcastIntentLocked " + intent);
mSentIntents.add(intent);
return 0;