Merge tag 'android-security-11.0.0_r54' into int/11/fp3
Android security 11.0.0 release 54
* tag 'android-security-11.0.0_r54':
Add caller check to com.android.credentials.RESET
Change-Id: Idcdc33aec8a6ba070a1c431d06e6b2d67cc35bf1
diff --git a/src/com/android/car/settings/security/CredentialStorageActivity.java b/src/com/android/car/settings/security/CredentialStorageActivity.java
index 22e7fd7..f40fccc 100644
--- a/src/com/android/car/settings/security/CredentialStorageActivity.java
+++ b/src/com/android/car/settings/security/CredentialStorageActivity.java
@@ -76,7 +76,7 @@
Intent intent = getIntent();
String action = intent.getAction();
- if (ACTION_RESET.equals(action)) {
+ if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
showResetConfirmationDialog();
} else if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
Bundle installBundle = intent.getExtras();
@@ -119,6 +119,19 @@
}
/**
+ * Check that the caller is Settings.
+ */
+ private boolean checkCallerIsSelf() {
+ try {
+ return Process.myUid() == android.app.ActivityManager.getService()
+ .getLaunchedFromUid(getActivityToken());
+ } catch (RemoteException re) {
+ // Error talking to ActivityManager, just give up
+ return false;
+ }
+ }
+
+ /**
* Check that the caller is either CertInstaller or Settings running in a profile of this user.
*/
private boolean checkCallerIsCertInstallerOrSelfInProfile() {