Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / services / Car / e0c8f80b8b882ce846918755ac07441ffc9a98f9^1..e0c8f80b8b882ce846918755ac07441ffc9a98f9 / .
commite0c8f80b8b882ce846918755ac07441ffc9a98f9[log] [tgz]
authorMark Tabry <mtab@google.com>Tue Jun 11 15:48:25 2019 -0700
committerandroid-build-merger <android-build-merger@google.com>Tue Jun 11 15:48:25 2019 -0700
treec7583f101b9d4bebc096b6f50e22a151036465fe
parentf653d45ebc0c28ea79136c8fbb921c33f5cb21b0 [diff]
parentc4fa60c00fdbe9981c39d3b7f4e5ebe1b1df12f4 [diff]
Merge "Assert that VmsPublisherClient caller is the system user." into qt-dev
am: c4fa60c00f

Change-Id: I2823597bebc7b24f13823c097db20226f3cc6b6d

diff --git a/car-lib/src/android/car/vms/VmsPublisherClientService.java b/car-lib/src/android/car/vms/VmsPublisherClientService.java
index b89c558..b4dcc68 100644
--- a/car-lib/src/android/car/vms/VmsPublisherClientService.java
+++ b/car-lib/src/android/car/vms/VmsPublisherClientService.java

@@ -21,11 +21,14 @@
 import android.annotation.SystemApi;
 import android.app.Service;
 import android.content.Intent;
+import android.os.Binder;
 import android.os.Handler;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Message;
+import android.os.Process;
 import android.os.RemoteException;
+import android.os.UserHandle;
 import android.util.Log;
 
 import com.android.internal.annotations.GuardedBy;
@@ -219,8 +222,9 @@
         }
 
         @Override
-        public void setVmsPublisherService(IBinder token, IVmsPublisherService service)
-                throws RemoteException {
+        public void setVmsPublisherService(IBinder token, IVmsPublisherService service) {
+            assertSystemOrSelf();
+
             VmsPublisherClientService vmsPublisherClientService = mVmsPublisherClientService.get();
             if (vmsPublisherClientService == null) return;
             if (DBG) {
@@ -233,8 +237,9 @@
         }
 
         @Override
-        public void onVmsSubscriptionChange(VmsSubscriptionState subscriptionState)
-                throws RemoteException {
+        public void onVmsSubscriptionChange(VmsSubscriptionState subscriptionState) {
+            assertSystemOrSelf();
+
             VmsPublisherClientService vmsPublisherClientService = mVmsPublisherClientService.get();
             if (vmsPublisherClientService == null) return;
             if (DBG) {
@@ -255,6 +260,13 @@
                     handler.obtainMessage(VmsEventHandler.ON_SUBSCRIPTION_CHANGE_EVENT,
                             subscriptionState));
         }
+
+        private void assertSystemOrSelf() {
+            if (!(Binder.getCallingUid() == UserHandle.USER_SYSTEM
+                    || Binder.getCallingPid() == Process.myPid())) {
+                throw new SecurityException("Caller must be system user or same process");
+            }
+        }
     }
 
     /**

diff --git a/service/src/com/android/car/VmsPublisherService.java b/service/src/com/android/car/VmsPublisherService.java
index 647b102..11cef1f 100644
--- a/service/src/com/android/car/VmsPublisherService.java
+++ b/service/src/com/android/car/VmsPublisherService.java

@@ -170,7 +170,7 @@
         publisherProxy.register();
         try {
             publisherClient.setVmsPublisherService(publisherToken, publisherProxy);
-        } catch (RemoteException e) {
+        } catch (Throwable e) {
             Log.e(TAG, "unable to configure publisher: " + publisherName, e);
             return;
         }
@@ -296,7 +296,7 @@
         public void onSubscriptionChange(VmsSubscriptionState subscriptionState) {
             try {
                 mPublisherClient.onVmsSubscriptionChange(subscriptionState);
-            } catch (RemoteException e) {
+            } catch (Throwable e) {
                 Log.e(TAG, String.format("Unable to send subscription state to: %s", mName), e);
             }
         }