diff options
| author | Kenny Root <kroot@google.com> | 2011-08-09 09:43:03 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2011-08-09 11:08:34 -0700 |
| commit | 461ff1f03c803a9a0a01f6a834101f811ea85c61 (patch) | |
| tree | 9c9732e2730217b400c1ddbfea9ffc7589636513 /services | |
| parent | a4418e0fd94f27c0b40abe17d42af0880cb3effb (diff) | |
| download | frameworks_base-461ff1f03c803a9a0a01f6a834101f811ea85c61.zip frameworks_base-461ff1f03c803a9a0a01f6a834101f811ea85c61.tar.gz frameworks_base-461ff1f03c803a9a0a01f6a834101f811ea85c61.tar.bz2 | |
Add security checks for new API
Bug: 5137679
Change-Id: Ic0c1e0cf2960a7062ba318b60ee2c92506f6aab6
Diffstat (limited to 'services')
| -rw-r--r-- | services/java/com/android/server/pm/PackageManagerService.java | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index 463f801..6ddd7bf 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -2814,7 +2814,23 @@ public class PackageManagerService extends IPackageManager.Stub { return true; } + /** + * Enforces that only the system UID or root's UID can call a method exposed + * via Binder. + * + * @param message used as message if SecurityException is thrown + * @throws SecurityException if the caller is not system or root + */ + private static final void enforceSystemOrRoot(String message) { + final int uid = Binder.getCallingUid(); + if (uid != Process.SYSTEM_UID && uid != 0) { + throw new SecurityException(message); + } + } + public boolean performDexOpt(String packageName) { + enforceSystemOrRoot("Only the system can request dexopt be performed"); + if (!mNoDexOpt) { return false; } @@ -4687,8 +4703,13 @@ public class PackageManagerService extends IPackageManager.Stub { } public void finishPackageInstall(int token) { - if (DEBUG_INSTALL) Log.v(TAG, "BM finishing package install for " + token); - Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0); + enforceSystemOrRoot("Only the system is allowed to finish installs"); + + if (DEBUG_INSTALL) { + Slog.v(TAG, "BM finishing package install for " + token); + } + + final Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0); mHandler.sendMessage(msg); } @@ -7184,6 +7205,8 @@ public class PackageManagerService extends IPackageManager.Stub { } public void enterSafeMode() { + enforceSystemOrRoot("Only the system can request entering safe mode"); + if (!mSystemReady) { mSafeMode = true; } @@ -8086,12 +8109,18 @@ public class PackageManagerService extends IPackageManager.Stub { } public UserInfo createUser(String name, int flags) { + // TODO(kroot): Add a real permission for creating users + enforceSystemOrRoot("Only the system can create users"); + // TODO(kroot): fix this API UserInfo userInfo = mUserManager.createUser(name, flags, new ArrayList<ApplicationInfo>()); return userInfo; } public boolean removeUser(int userId) { + // TODO(kroot): Add a real permission for removing users + enforceSystemOrRoot("Only the system can remove users"); + if (userId == 0) { return false; } |