Merge "Assert that VmsPublisherClient caller is the system user." into qt-dev
diff --git a/car-lib/src/android/car/vms/VmsPublisherClientService.java b/car-lib/src/android/car/vms/VmsPublisherClientService.java
index b89c558..b4dcc68 100644
--- a/car-lib/src/android/car/vms/VmsPublisherClientService.java
+++ b/car-lib/src/android/car/vms/VmsPublisherClientService.java
@@ -21,11 +21,14 @@
import android.annotation.SystemApi;
import android.app.Service;
import android.content.Intent;
+import android.os.Binder;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
import android.os.Message;
+import android.os.Process;
import android.os.RemoteException;
+import android.os.UserHandle;
import android.util.Log;
import com.android.internal.annotations.GuardedBy;
@@ -219,8 +222,9 @@
}
@Override
- public void setVmsPublisherService(IBinder token, IVmsPublisherService service)
- throws RemoteException {
+ public void setVmsPublisherService(IBinder token, IVmsPublisherService service) {
+ assertSystemOrSelf();
+
VmsPublisherClientService vmsPublisherClientService = mVmsPublisherClientService.get();
if (vmsPublisherClientService == null) return;
if (DBG) {
@@ -233,8 +237,9 @@
}
@Override
- public void onVmsSubscriptionChange(VmsSubscriptionState subscriptionState)
- throws RemoteException {
+ public void onVmsSubscriptionChange(VmsSubscriptionState subscriptionState) {
+ assertSystemOrSelf();
+
VmsPublisherClientService vmsPublisherClientService = mVmsPublisherClientService.get();
if (vmsPublisherClientService == null) return;
if (DBG) {
@@ -255,6 +260,13 @@
handler.obtainMessage(VmsEventHandler.ON_SUBSCRIPTION_CHANGE_EVENT,
subscriptionState));
}
+
+ private void assertSystemOrSelf() {
+ if (!(Binder.getCallingUid() == UserHandle.USER_SYSTEM
+ || Binder.getCallingPid() == Process.myPid())) {
+ throw new SecurityException("Caller must be system user or same process");
+ }
+ }
}
/**
diff --git a/service/src/com/android/car/VmsPublisherService.java b/service/src/com/android/car/VmsPublisherService.java
index 647b102..11cef1f 100644
--- a/service/src/com/android/car/VmsPublisherService.java
+++ b/service/src/com/android/car/VmsPublisherService.java
@@ -170,7 +170,7 @@
publisherProxy.register();
try {
publisherClient.setVmsPublisherService(publisherToken, publisherProxy);
- } catch (RemoteException e) {
+ } catch (Throwable e) {
Log.e(TAG, "unable to configure publisher: " + publisherName, e);
return;
}
@@ -296,7 +296,7 @@
public void onSubscriptionChange(VmsSubscriptionState subscriptionState) {
try {
mPublisherClient.onVmsSubscriptionChange(subscriptionState);
- } catch (RemoteException e) {
+ } catch (Throwable e) {
Log.e(TAG, String.format("Unable to send subscription state to: %s", mName), e);
}
}