/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.firewall;
import android.app.AppGlobals;
import android.content.ComponentName;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
import android.os.Process;
import android.os.RemoteException;
import android.util.Slog;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import java.io.IOException;
class SenderFilter {
private static final String ATTR_TYPE = "type";
private static final String VAL_SIGNATURE = "signature";
private static final String VAL_SYSTEM = "system";
private static final String VAL_SYSTEM_OR_SIGNATURE = "system|signature";
private static final String VAL_USER_ID = "userId";
static boolean isPrivilegedApp(int callerUid, int callerPid) {
if (callerUid == Process.SYSTEM_UID || callerUid == 0 ||
callerPid == Process.myPid() || callerPid == 0) {
return true;
}
IPackageManager pm = AppGlobals.getPackageManager();
try {
return (pm.getFlagsForUid(callerUid) & ApplicationInfo.FLAG_PRIVILEGED) != 0;
} catch (RemoteException ex) {
Slog.e(IntentFirewall.TAG, "Remote exception while retrieving uid flags",
ex);
}
return false;
}
public static final FilterFactory FACTORY = new FilterFactory("sender") {
@Override
public Filter newFilter(XmlPullParser parser) throws IOException, XmlPullParserException {
String typeString = parser.getAttributeValue(null, ATTR_TYPE);
if (typeString == null) {
throw new XmlPullParserException("type attribute must be specified for <sender>",
parser, null);
}
if (typeString.equals(VAL_SYSTEM)) {
return SYSTEM;
} else if (typeString.equals(VAL_SIGNATURE)) {
return SIGNATURE;
} else if (typeString.equals(VAL_SYSTEM_OR_SIGNATURE)) {
return SYSTEM_OR_SIGNATURE;
} else if (typeString.equals(VAL_USER_ID)) {
return USER_ID;
}
throw new XmlPullParserException(
"Invalid type attribute for <sender>: " + typeString, parser, null);
}
};
private static final Filter SIGNATURE = new Filter() {
@Override
public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
int callerUid, int callerPid, String resolvedType, int receivingUid) {
return ifw.signaturesMatch(callerUid, receivingUid);
}
};
private static final Filter SYSTEM = new Filter() {
@Override
public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
int callerUid, int callerPid, String resolvedType, int receivingUid) {
return isPrivilegedApp(callerUid, callerPid);
}
};
private static final Filter SYSTEM_OR_SIGNATURE = new Filter() {
@Override
public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
int callerUid, int callerPid, String resolvedType, int receivingUid) {
return isPrivilegedApp(callerUid, callerPid) ||
ifw.signaturesMatch(callerUid, receivingUid);
}
};
private static final Filter USER_ID = new Filter() {
@Override
public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
int callerUid, int callerPid, String resolvedType, int receivingUid) {
// This checks whether the caller is either the system process, or has the same user id
// I.e. the same app, or an app that uses the same shared user id.
// This is the same set of applications that would be able to access the component if
// it wasn't exported.
return ifw.checkComponentPermission(null, callerPid, callerUid, receivingUid, false);
}
};
}
|
