14efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver/* 24efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * Copyright (C) 2013 The Android Open Source Project 34efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * 44efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * Licensed under the Apache License, Version 2.0 (the "License"); 54efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * you may not use this file except in compliance with the License. 64efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * You may obtain a copy of the License at 74efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * 84efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * http://www.apache.org/licenses/LICENSE-2.0 94efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * 104efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * Unless required by applicable law or agreed to in writing, software 114efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * distributed under the License is distributed on an "AS IS" BASIS, 124efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * See the License for the specific language governing permissions and 144efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver * limitations under the License. 154efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver */ 164efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 174efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverpackage com.android.server.firewall; 184efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 19dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruverimport android.app.AppGlobals; 20f5323fee2a7deaf264ed10fbe3d9c69055987e55Ben Gruverimport android.content.ComponentName; 214efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport android.content.Intent; 224efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport android.content.pm.ApplicationInfo; 23dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruverimport android.content.pm.IPackageManager; 244efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport android.os.Process; 25dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruverimport android.os.RemoteException; 26dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruverimport android.util.Slog; 274efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport org.xmlpull.v1.XmlPullParser; 284efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport org.xmlpull.v1.XmlPullParserException; 294efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 304efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverimport java.io.IOException; 314efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 324efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruverclass SenderFilter { 334efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final String ATTR_TYPE = "type"; 344efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 354efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final String VAL_SIGNATURE = "signature"; 364efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final String VAL_SYSTEM = "system"; 374efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final String VAL_SYSTEM_OR_SIGNATURE = "system|signature"; 384efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final String VAL_USER_ID = "userId"; 394efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 40dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver static boolean isPrivilegedApp(int callerUid, int callerPid) { 41dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver if (callerUid == Process.SYSTEM_UID || callerUid == 0 || 42dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver callerPid == Process.myPid() || callerPid == 0) { 434efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver return true; 444efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 45dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver 46dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver IPackageManager pm = AppGlobals.getPackageManager(); 47dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver try { 48b9f8a5204a1b0b3919fa921e858d04124c582828Alex Klyubin return (pm.getPrivateFlagsForUid(callerUid) & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) 49b9f8a5204a1b0b3919fa921e858d04124c582828Alex Klyubin != 0; 50dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver } catch (RemoteException ex) { 51dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver Slog.e(IntentFirewall.TAG, "Remote exception while retrieving uid flags", 52dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver ex); 534efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 54dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver 55dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver return false; 564efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 574efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 584efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver public static final FilterFactory FACTORY = new FilterFactory("sender") { 594efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver @Override 604efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver public Filter newFilter(XmlPullParser parser) throws IOException, XmlPullParserException { 614efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver String typeString = parser.getAttributeValue(null, ATTR_TYPE); 624efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver if (typeString == null) { 634efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver throw new XmlPullParserException("type attribute must be specified for <sender>", 644efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver parser, null); 654efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 664efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver if (typeString.equals(VAL_SYSTEM)) { 674efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver return SYSTEM; 684efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } else if (typeString.equals(VAL_SIGNATURE)) { 694efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver return SIGNATURE; 704efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } else if (typeString.equals(VAL_SYSTEM_OR_SIGNATURE)) { 714efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver return SYSTEM_OR_SIGNATURE; 724efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } else if (typeString.equals(VAL_USER_ID)) { 734efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver return USER_ID; 744efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 754efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver throw new XmlPullParserException( 764efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver "Invalid type attribute for <sender>: " + typeString, parser, null); 774efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 784efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver }; 794efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 804efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final Filter SIGNATURE = new Filter() { 814efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver @Override 82f5323fee2a7deaf264ed10fbe3d9c69055987e55Ben Gruver public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent, 8349660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver int callerUid, int callerPid, String resolvedType, int receivingUid) { 8449660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver return ifw.signaturesMatch(callerUid, receivingUid); 854efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 864efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver }; 874efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 884efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final Filter SYSTEM = new Filter() { 894efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver @Override 90f5323fee2a7deaf264ed10fbe3d9c69055987e55Ben Gruver public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent, 9149660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver int callerUid, int callerPid, String resolvedType, int receivingUid) { 92dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver return isPrivilegedApp(callerUid, callerPid); 934efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 944efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver }; 954efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 964efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final Filter SYSTEM_OR_SIGNATURE = new Filter() { 974efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver @Override 98f5323fee2a7deaf264ed10fbe3d9c69055987e55Ben Gruver public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent, 9949660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver int callerUid, int callerPid, String resolvedType, int receivingUid) { 100dd72c9ed558158f889a8cdfed8a108553ba5a562Ben Gruver return isPrivilegedApp(callerUid, callerPid) || 10149660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver ifw.signaturesMatch(callerUid, receivingUid); 1024efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 1034efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver }; 1044efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver 1054efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver private static final Filter USER_ID = new Filter() { 1064efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver @Override 107f5323fee2a7deaf264ed10fbe3d9c69055987e55Ben Gruver public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent, 10849660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver int callerUid, int callerPid, String resolvedType, int receivingUid) { 1094efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver // This checks whether the caller is either the system process, or has the same user id 1104efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver // I.e. the same app, or an app that uses the same shared user id. 1114efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver // This is the same set of applications that would be able to access the component if 1124efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver // it wasn't exported. 11349660c7c24f24c3394233e3bbf94c96281e8c408Ben Gruver return ifw.checkComponentPermission(null, callerPid, callerUid, receivingUid, false); 1144efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver } 1154efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver }; 1164efe9403afb0ba3b83fa647eb82e4f90d29f131bBen Gruver} 117