Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / apps / PackageInstaller / 10ef8cbc7affa8c90e510e6e8bff3b226e964acb^1..10ef8cbc7affa8c90e510e6e8bff3b226e964acb / .
commit10ef8cbc7affa8c90e510e6e8bff3b226e964acb[log] [tgz]
authorKarsten Tausche <karsten@fairphone.com>Thu Aug 26 18:58:37 2021 +0200
committerKarsten Tausche <karsten@fairphone.com>Thu Aug 26 18:58:37 2021 +0200
treee18860c4ed75d21f8c927f49854d77fe086031b3
parente53e09c62053188e80dc6ca88878134b16c75431 [diff]
parent56b6c9ddce9026828bdc8e42e75db391f4e79503 [diff]
Merge tag 'android-security-10.0.0_r53' into int/10/fp2

Android security 10.0.0 release 53

* tag 'android-security-10.0.0_r53':
  RESTRICT AUTOMERGE Don't allow tapjacking permissioncontroller
  DO NOT MERGE Use permission group definintion if defined in PermissionController
  Update PermissionChecker usages to avoid unnecessary attribution.
  Fix assistant role availability on low ram devices.
  Use EXTRA_CALLING_PACKAGE for legacy change default dialer/SMS intents.
  Only kill when needed when changing permissions
  Do not kill admin when changing own permissions

Change-Id: I9026bbb603a08519d839f47ef71a0106e7b9c6a3

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 5af86a1..0cb7815 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml

@@ -49,7 +49,8 @@
             android:allowClearUserData="false"
             android:supportsRtl="true"
             android:defaultToDeviceProtectedStorage="true"
-            android:directBootAware="true">
+            android:directBootAware="true"
+            android:theme="@style/FilterTouches">
 
         <provider
             android:name="androidx.lifecycle.ProcessLifecycleOwnerInitializer"
@@ -82,7 +83,7 @@
         <activity android:name="com.android.packageinstaller.permission.ui.GrantPermissionsActivity"
                 android:configChanges="keyboardHidden|screenSize"
                 android:excludeFromRecents="true"
-                android:theme="@style/GrantPermissions"
+                android:theme="@style/GrantPermissions.FilterTouches"
                 android:visibleToInstantApps="true"
                 android:inheritShowWhenLocked="true">
             <intent-filter android:priority="1">
@@ -94,7 +95,7 @@
         <activity android:name="com.android.packageinstaller.permission.ui.ManagePermissionsActivity"
                   android:configChanges="orientation|keyboardHidden|screenSize"
                   android:label="@string/app_permissions"
-                  android:theme="@style/Settings"
+                  android:theme="@style/Settings.FilterTouches"
                   android:permission="android.permission.GRANT_RUNTIME_PERMISSIONS">
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.MANAGE_APP_PERMISSIONS" />
@@ -125,7 +126,7 @@
 
         <activity android:name="com.android.packageinstaller.permission.ui.AppPermissionActivity"
                   android:configChanges="orientation|keyboardHidden|screenSize"
-                  android:theme="@style/Settings"
+                  android:theme="@style/Settings.FilterTouches"
                   android:permission="android.permission.GRANT_RUNTIME_PERMISSIONS">
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.MANAGE_APP_PERMISSION" />
@@ -135,7 +136,7 @@
 
         <activity android:name="com.android.packageinstaller.permission.ui.ReviewPermissionsActivity"
                   android:excludeFromRecents="true"
-                  android:theme="@style/ReviewPermissions"
+                  android:theme="@style/ReviewPermissions.FilterTouches"
                   android:permission="android.permission.GRANT_RUNTIME_PERMISSIONS">
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.REVIEW_PERMISSIONS" />
@@ -149,7 +150,7 @@
 
         <activity android:name="com.android.packageinstaller.permission.ui.LocationProviderInterceptDialog"
                   android:excludeFromRecents="true"
-                  android:theme="@style/PermissionDialog" />
+                  android:theme="@style/PermissionDialog.FilterTouches" />
 
         <activity android:name="com.android.packageinstaller.permission.ui.ReviewOngoingUsageActivity"
                   android:excludeFromRecents="true"
@@ -164,7 +165,7 @@
 
         <activity android:name="com.android.packageinstaller.permission.ui.ReviewAccessibilityServicesActivity"
                   android:excludeFromRecents="true"
-                  android:theme="@style/PermissionDialog"
+                  android:theme="@style/PermissionDialog.FilterTouches"
                   android:permission="android.permission.REVIEW_ACCESSIBILITY_SERVICES" >
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.REVIEW_ACCESSIBILITY_SERVICES" />
@@ -174,7 +175,7 @@
 
         <activity android:name="com.android.packageinstaller.role.ui.RequestRoleActivity"
                   android:excludeFromRecents="true"
-                  android:theme="@style/RequestRole">
+                  android:theme="@style/RequestRole.FilterTouches">
             <intent-filter android:priority="1">
                 <action android:name="android.app.role.action.REQUEST_ROLE" />
                 <category android:name="android.intent.category.DEFAULT" />
@@ -191,7 +192,7 @@
 
         <activity android:name="com.android.packageinstaller.role.ui.DefaultAppListActivity"
                   android:label="@string/default_apps"
-                  android:theme="@style/Settings">
+                  android:theme="@style/Settings.FilterTouches">
             <intent-filter android:priority="2">
                 <action android:name="android.settings.MANAGE_DEFAULT_APPS_SETTINGS" />
                 <category android:name="android.intent.category.DEFAULT" />
@@ -200,7 +201,7 @@
 
         <activity android:name="com.android.packageinstaller.role.ui.DefaultAppActivity"
                   android:permission="android.permission.MANAGE_ROLE_HOLDERS"
-                  android:theme="@style/Settings">
+                  android:theme="@style/Settings.FilterTouches">
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.MANAGE_DEFAULT_APP" />
                 <category android:name="android.intent.category.DEFAULT" />
@@ -220,7 +221,7 @@
         <activity android:name="com.android.packageinstaller.role.ui.SpecialAppAccessListActivity"
                   android:label="@string/special_app_access"
                   android:permission="android.permission.MANAGE_ROLE_HOLDERS"
-                  android:theme="@style/Settings">
+                  android:theme="@style/Settings.FilterTouches">
             <intent-filter android:priority="1">
                 <action android:name="android.intent.action.MANAGE_SPECIAL_APP_ACCESSES" />
                 <category android:name="android.intent.category.DEFAULT" />
@@ -229,7 +230,7 @@
 
         <!-- TODO: Override other Settings intents when we've done migrating them. -->
         <activity android:name="com.android.packageinstaller.role.ui.SpecialAppAccessActivity"
-                  android:theme="@style/Settings" />
+                  android:theme="@style/Settings.FilterTouches" />
 
         <activity android:name="com.android.packageinstaller.role.ui.RoleSearchTrampolineActivity"
                   android:excludeFromRecents="true"

diff --git a/res/values/themes.xml b/res/values/themes.xml
index fb45640..2f48505 100644
--- a/res/values/themes.xml
+++ b/res/values/themes.xml

@@ -81,4 +81,30 @@
         <item name="carDividerColor">@*android:color/car_list_divider</item>
     </style>
 
+<!-- Do not allow OEMs to overlay these themes.
+ Must Guarantee that filterTouches is set for these activities -->
+    <style name="FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
+    <style name="Settings.FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
+    <style name="ReviewPermissions.FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
+    <style name="GrantPermissions.FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
+    <style name="RequestRole.FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
+    <style name="PermissionDialog.FilterTouches">
+        <item name="android:filterTouchesWhenObscured">true</item>
+    </style>
+
 </resources>

diff --git a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
index 18de0cd..3649b0e 100644
--- a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
+++ b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java

@@ -268,6 +268,8 @@
         // Cache this as this can only read on onCreate, not later.
         mCallingPackage = getCallingPackage();
 
+        SafetyNetLogger.logIfHasUndefinedPermissionGroup(getPackageManager(), mCallingPackage);
+
         setFinishOnTouchOutside(false);
 
         setTitle(R.string.permission_request_title);

diff --git a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java
index b77502a..c4376ac 100644
--- a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java
+++ b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java

@@ -16,10 +16,15 @@
 
 package com.android.packageinstaller.permission.utils;
 
+import android.Manifest;
 import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PermissionInfo;
+import android.text.TextUtils;
 import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.EventLog;
+import android.util.Log;
 
 import com.android.packageinstaller.permission.model.AppPermissionGroup;
 import com.android.packageinstaller.permission.model.Permission;
@@ -37,6 +42,7 @@
 
     // Log tag for the result of permissions toggling.
     private static final String PERMISSIONS_TOGGLED = "individual_permissions_toggled";
+    public static final String LOG_TAG = SafetyNetLogger.class.getSimpleName();
 
     private SafetyNetLogger() {
         /* do nothing */
@@ -129,4 +135,27 @@
 
         return builder.toString();
     }
+
+    /**
+     * Log if the given package has defined a permission in the undefined group.
+     *
+     * @param pm A PackageManager to look up the package.
+     * @param packageName The name of the package to check.
+     */
+    public static void logIfHasUndefinedPermissionGroup(PackageManager pm, String packageName) {
+        try { //Avoid crashing for any reason
+            PermissionInfo[] permissions =
+                    pm.getPackageInfo(packageName, PackageManager.GET_PERMISSIONS).permissions;
+            if (permissions == null) {
+                return;
+            }
+            for (PermissionInfo permission : permissions) {
+                if (TextUtils.equals(permission.group, Manifest.permission_group.UNDEFINED)) {
+                    EventLog.writeEvent(SNET_NET_EVENT_LOG_TAG, "153879813");
+                }
+            }
+        } catch (Throwable e) {
+            Log.e(LOG_TAG, "Unable to log undefined permission event for " + packageName + ".", e);
+        }
+    }
 }

diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/com/android/packageinstaller/permission/utils/Utils.java
index 707b9f7..f4389b0 100644
--- a/src/com/android/packageinstaller/permission/utils/Utils.java
+++ b/src/com/android/packageinstaller/permission/utils/Utils.java

@@ -316,7 +316,13 @@
     public static @NonNull List<PermissionInfo> getPermissionInfosForGroup(
             @NonNull PackageManager pm, @NonNull String group)
             throws PackageManager.NameNotFoundException {
-        List<PermissionInfo> permissions = pm.queryPermissionsByGroup(group, 0);
+        List<PermissionInfo> permissions = new ArrayList<>();
+        for (PermissionInfo permission : pm.queryPermissionsByGroup(group, 0)) {
+            // PermissionController's mapping takes precedence
+            if (getGroupOfPermission(permission).equals(group)) {
+                permissions.add(permission);
+            }
+        }
         permissions.addAll(getPlatformPermissionsOfGroup(pm, group));
 
         return permissions;