SenderFilter.java revision 9158825f9c41869689d6b1786d7c7aa8bdd524ce 
1/*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.firewall;
18
19import android.app.AppGlobals;
20import android.content.ComponentName;
21import android.content.Intent;
22import android.content.pm.ApplicationInfo;
23import android.content.pm.IPackageManager;
24import android.os.Process;
25import android.os.RemoteException;
26import android.util.Slog;
27import org.xmlpull.v1.XmlPullParser;
28import org.xmlpull.v1.XmlPullParserException;
29
30import java.io.IOException;
31
32class SenderFilter {
33    private static final String ATTR_TYPE = "type";
34
35    private static final String VAL_SIGNATURE = "signature";
36    private static final String VAL_SYSTEM = "system";
37    private static final String VAL_SYSTEM_OR_SIGNATURE = "system|signature";
38    private static final String VAL_USER_ID = "userId";
39
40    static boolean isPrivilegedApp(int callerUid, int callerPid) {
41        if (callerUid == Process.SYSTEM_UID || callerUid == 0 ||
42                callerPid == Process.myPid() || callerPid == 0) {
43            return true;
44        }
45
46        IPackageManager pm = AppGlobals.getPackageManager();
47        try {
48            return (pm.getFlagsForUid(callerUid) & ApplicationInfo.FLAG_PRIVILEGED) != 0;
49        } catch (RemoteException ex) {
50            Slog.e(IntentFirewall.TAG, "Remote exception while retrieving uid flags",
51                    ex);
52        }
53
54        return false;
55    }
56
57    public static final FilterFactory FACTORY = new FilterFactory("sender") {
58        @Override
59        public Filter newFilter(XmlPullParser parser) throws IOException, XmlPullParserException {
60            String typeString = parser.getAttributeValue(null, ATTR_TYPE);
61            if (typeString == null) {
62                throw new XmlPullParserException("type attribute must be specified for <sender>",
63                        parser, null);
64            }
65            if (typeString.equals(VAL_SYSTEM)) {
66                return SYSTEM;
67            } else if (typeString.equals(VAL_SIGNATURE)) {
68                return SIGNATURE;
69            } else if (typeString.equals(VAL_SYSTEM_OR_SIGNATURE)) {
70                return SYSTEM_OR_SIGNATURE;
71            } else if (typeString.equals(VAL_USER_ID)) {
72                return USER_ID;
73            }
74            throw new XmlPullParserException(
75                    "Invalid type attribute for <sender>: " + typeString, parser, null);
76        }
77    };
78
79    private static final Filter SIGNATURE = new Filter() {
80        @Override
81        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
82                int callerUid, int callerPid, String resolvedType, int receivingUid) {
83            return ifw.signaturesMatch(callerUid, receivingUid);
84        }
85    };
86
87    private static final Filter SYSTEM = new Filter() {
88        @Override
89        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
90                int callerUid, int callerPid, String resolvedType, int receivingUid) {
91            return isPrivilegedApp(callerUid, callerPid);
92        }
93    };
94
95    private static final Filter SYSTEM_OR_SIGNATURE = new Filter() {
96        @Override
97        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
98                int callerUid, int callerPid, String resolvedType, int receivingUid) {
99            return isPrivilegedApp(callerUid, callerPid) ||
100                    ifw.signaturesMatch(callerUid, receivingUid);
101        }
102    };
103
104    private static final Filter USER_ID = new Filter() {
105        @Override
106        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,
107                int callerUid, int callerPid, String resolvedType, int receivingUid) {
108            // This checks whether the caller is either the system process, or has the same user id
109            // I.e. the same app, or an app that uses the same shared user id.
110            // This is the same set of applications that would be able to access the component if
111            // it wasn't exported.
112            return ifw.checkComponentPermission(null, callerPid, callerUid, receivingUid, false);
113        }
114    };
115}
116