Anonymous avatar Anonymous committed 6490b54

Use uid for package (and types) information.

With the removal of the ptrace attach block in the SELinux policy, we
can't rely on separation by pid.

Comments (0)

Files changed (4)

core/java/android/app/ActivityManagerNative.java

     }
 
     private IBinder mRemote;
-
-    @Override
-    public List<String> getPackagesForPid(int pid) throws RemoteException {
-        throw new RemoteException("Unimplemented");
-    }
 }

core/java/android/app/IActivityManager.java

     
     public ComponentName getActivityClassForToken(IBinder token) throws RemoteException;
     public String getPackageForToken(IBinder token) throws RemoteException;
-    public List<String> getPackagesForPid(int pid) throws RemoteException;
 
     public IIntentSender getIntentSender(int type,
             String packageName, IBinder token, String resultWho,

services/java/com/android/server/am/ActivityManagerService.java

         }
     }
 
-    public List<String> getPackagesForPid(int pid) {
-        synchronized (mPidsSelfLocked) {
-            ProcessRecord rec = mPidsSelfLocked.get(pid);
-            if (rec == null) {
-                return null;
-            }
-            return new ArrayList<String>(rec.pkgList);
-        }
-    }
-
     public IIntentSender getIntentSender(int type,
             String packageName, IBinder token, String resultWho,
             int requestCode, Intent[] intents, String[] resolvedTypes,
                     Intent intent = (Intent)allSticky.get(i);
 
                     // filter on receivers (sticky)
-                    filterBroadcastFilterReceivers(intent, callerApp.pid, receivers);
+                    filterBroadcastFilterReceivers(intent, callerApp.pid, callerApp.uid, receivers);
 
                     BroadcastQueue queue = broadcastQueueForIntent(intent);
                     BroadcastRecord r = new BroadcastRecord(queue, intent, null,
 
     // filter on registered receivers (non-ordered)
     private void filterBroadcastFilterReceivers(Intent intent,
-            int callingPid, List<BroadcastFilter> receivers) {
+            int callingPid, int callingUid, List<BroadcastFilter> receivers) {
         if (IntentMAC.DEBUG_BROADCASTS) {
             Slog.v("SELINUX_MMAC_BROADCASTS", "FILTER_LIST intent="+intent
                     + " callingPid="+callingPid
+                    + " callingUid="+callingUid
                     + " receivers="+receivers);
+            //If callingPid is -1, this likely was called by broadcastIntentLocked()
             if (IntentMAC.DEBUG_ICC_TRACE) {
                 Slog.v("SELINUX_MMAC", "", new Exception("GIMME_A_TRACE"));
             }
             List<String> srcPackages;
             Set<String> srcTypes;
 
-            srcPackages = getPackagesForPid(callingPid);
+            srcPackages = Arrays.asList(AppGlobals.getPackageManager().getPackagesForUid(callingUid));
             if (srcPackages == null || srcPackages.size() == 0) {
                 // No packages associated with source of ICC. Do the safe thing.
                 receivers.clear();
         }
 
         // filter on registered receivers (non-ordered)
-        filterBroadcastFilterReceivers(intent, callingPid, registeredReceivers);
+        filterBroadcastFilterReceivers(intent, callingPid, callingUid, registeredReceivers);
 
         final boolean replacePending =
                 (intent.getFlags()&Intent.FLAG_RECEIVER_REPLACE_PENDING) != 0;

services/java/com/android/server/pm/PackageManagerService.java

 
     //XXX When do we need to lock mPackages? To be safe, force callers to lock
     //    around the entire call.
-    private void filterResolveInfoListByPolicyLPr(Intent intent,
-            int callingPid, List<ResolveInfo> list) {
+    private void filterResolveInfoListByPolicyLPr(Intent intent, int callingPid, int callingUid,
+            List<ResolveInfo> list) {
         if (IntentMAC.DEBUG_ICC) {
             Slog.v("SELINUX_MMAC", "FILTER_LIST intent="+intent
                     + " callingPid="+callingPid
+                    + " callingUid="+callingUid
                     + " list="+list);
             if (IntentMAC.DEBUG_ICC_TRACE) {
                 Slog.v("SELINUX_MMAC", "", new Exception("GIMME_A_TRACE"));
 
         if (IntentMAC.checkAllowAllBooleans(intent, callingPid)) return;
 
-        try {
-            // Figure out what packages (and package types) sent this intent
-            // If we can't find any, nobody receives the intent.
-            List<String> callingPkgNames =
-                    ActivityManagerNative.getDefault().getPackagesForPid(callingPid);
-            if (null == callingPkgNames || 0 == callingPkgNames.size()) {
-                // No packages associated with source of ICC. Do the safe thing.
-                list.clear();
-                return;
-            }
-            List<PackageParser.Package> callingPkgs =
-                    new ArrayList<PackageParser.Package>(callingPkgNames.size());
-            Set<String> callingTypes = new HashSet<String>();
-            for (String pkgName : callingPkgNames) {
-                PackageParser.Package pkg = mPackages.get(pkgName);
-                callingPkgs.add(pkg);
-                callingTypes.addAll(getMMACtypesForPackage(pkgName));
-            }
-
-            Iterator<ResolveInfo> iter = list.iterator();
-            destinations:
-                while (iter.hasNext()) {
-                    ResolveInfo ri = iter.next();
+        // Figure out what packages (and package types) sent this intent
+        // If we can't find any, nobody receives the intent.
+        String[] callingPkgNames = getPackagesForUid(callingUid);
+        if (null == callingPkgNames || 0 == callingPkgNames.length) {
+            // No packages associated with source of ICC. Do the safe thing.
+            list.clear();
+            return;
+        }
+        List<PackageParser.Package> callingPkgs =
+                new ArrayList<PackageParser.Package>(callingPkgNames.length);
+        Set<String> callingTypes = new HashSet<String>();
+        for (String pkgName : callingPkgNames) {
+            PackageParser.Package pkg = mPackages.get(pkgName);
+            callingPkgs.add(pkg);
+            callingTypes.addAll(getMMACtypesForPackage(pkgName));
+        }
 
-                    // Figure out what package (and package types) will receive this intent
-                    // If we can't find any, that package doesn't receive the intent.
-                    PackageParser.Package dstPkg;
-                    Set<String> dstTypes;
-                    if (null != ri.activityInfo) {
-                        dstPkg = mPackages.get(ri.activityInfo.packageName);
-                        dstTypes = dstPkg.applicationInfo.mmacTypes;
-                    } else if (null != ri.serviceInfo) {
-                        dstPkg = mPackages.get(ri.serviceInfo.packageName);
-                        dstTypes = dstPkg.applicationInfo.mmacTypes;
-                    } else { // This should never happen
-                        iter.remove();
-                        continue destinations;
-                    }
+        Iterator<ResolveInfo> iter = list.iterator();
+        destinations:
+            while (iter.hasNext()) {
+                ResolveInfo ri = iter.next();
+
+                // Figure out what package (and package types) will receive this intent
+                // If we can't find any, that package doesn't receive the intent.
+                PackageParser.Package dstPkg;
+                Set<String> dstTypes;
+                if (null != ri.activityInfo) {
+                    dstPkg = mPackages.get(ri.activityInfo.packageName);
+                    dstTypes = dstPkg.applicationInfo.mmacTypes;
+                } else if (null != ri.serviceInfo) {
+                    dstPkg = mPackages.get(ri.serviceInfo.packageName);
+                    dstTypes = dstPkg.applicationInfo.mmacTypes;
+                } else { // This should never happen
+                    iter.remove();
+                    continue destinations;
+                }
 
-                    if (IntentMAC.DEBUG_ICC) {
-                        Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+
-                                dstPkg+"{"+dstTypes+"}");
-                    }
+                if (IntentMAC.DEBUG_ICC) {
+                    Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+
+                            dstPkg+"{"+dstTypes+"}");
+                }
 
-                    if (IntentMAC.checkAllowPkgBooleans(intent, callingPkgs, dstPkg)) {
-                        continue destinations;
-                    }
+                if (IntentMAC.checkAllowPkgBooleans(intent, callingPkgs, dstPkg)) {
+                    continue destinations;
+                }
 
-                    if (IntentMAC.checkIntentPolicy(intent, callingTypes, dstTypes)) {
-                        continue destinations;
-                    }
+                if (IntentMAC.checkIntentPolicy(intent, callingTypes, dstTypes)) {
+                    continue destinations;
+                }
 
-                    Slog.e(TAG, IntentMAC.generateDenialString(intent,
-                            callingPkgs, callingTypes, dstPkg, dstTypes));
-                    if (!IntentMAC.isEnforcing()) {
-                        //permissive mode, don't remove this ResolveInfo from list
-                        continue destinations;
-                    }
-                    iter.remove();
+                Slog.e(TAG, IntentMAC.generateDenialString(intent,
+                        callingPkgs, callingTypes, dstPkg, dstTypes));
+                if (!IntentMAC.isEnforcing()) {
+                    //permissive mode, don't remove this ResolveInfo from list
+                    continue destinations;
                 }
-        } catch (RemoteException e) {
-            // Should never happen
-            list.clear();
-            Slog.e(TAG, "SELINUX_MMAC SHOULD NEVER HAPPEN", e);
-        }
+                iter.remove();
+            }
     }
 
-    private boolean checkIntentPolicyForPackage(Intent intent, int callingPid,
+    private boolean checkIntentPolicyForPackage(Intent intent, int callingPid, int callingUid,
             PackageParser.Package dstPkg) {
         if (IntentMAC.DEBUG_ICC) {
             Slog.v("SELINUX_MMAC", "FILTER_PKG intent="+intent
                     + " callingPid="+callingPid
+                    + " callingUid="+callingUid
                     + " dstPkg="+dstPkg.packageName);
             if (IntentMAC.DEBUG_ICC_TRACE) {
                 Slog.v("SELINUX_MMAC", "", new Exception("GIMME_A_TRACE"));
 
         if (IntentMAC.checkAllowAllBooleans(intent, callingPid)) return true;
 
-        try {
-            // Figure out what packages (and package types) sent this intent
-            // If we can't find any, nobody receives the intent.
-            List<String> callingPkgNames =
-                    ActivityManagerNative.getDefault().getPackagesForPid(callingPid);
-            if (null == callingPkgNames || 0 == callingPkgNames.size()) {
-                // No packages associated with source of ICC. Do the safe thing.
-                return false;
-            }
-            List<PackageParser.Package> callingPkgs =
-                    new ArrayList<PackageParser.Package>(callingPkgNames.size());
-            Set<String> callingTypes = new HashSet<String>();
-            for (String pkgName : callingPkgNames) {
-                PackageParser.Package pkg = mPackages.get(pkgName);
-                callingPkgs.add(pkg);
-                callingTypes.addAll(getMMACtypesForPackage(pkgName));
-            }
+        // Figure out what packages (and package types) sent this intent
+        // If we can't find any, nobody receives the intent.
+        String[] callingPkgNames = getPackagesForUid(callingUid);
+        if (null == callingPkgNames || 0 == callingPkgNames.length) {
+            // No packages associated with source of ICC. Do the safe thing.
+            return false;
+        }
+        List<PackageParser.Package> callingPkgs =
+                new ArrayList<PackageParser.Package>(callingPkgNames.length);
+        Set<String> callingTypes = new HashSet<String>();
+        for (String pkgName : callingPkgNames) {
+            PackageParser.Package pkg = mPackages.get(pkgName);
+            callingPkgs.add(pkg);
+            callingTypes.addAll(getMMACtypesForPackage(pkgName));
+        }
 
-            Set<String> dstTypes = dstPkg.applicationInfo.mmacTypes;
+        Set<String> dstTypes = dstPkg.applicationInfo.mmacTypes;
 
-            if (IntentMAC.DEBUG_ICC) {
-                Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+
-                        dstPkg+"{"+dstTypes+"}");
-            }
-            if (IntentMAC.checkAllowPkgBooleans(intent, callingPkgs, dstPkg)) {
-                return true;
-            }
-            if (IntentMAC.checkIntentPolicy(intent, callingTypes, dstTypes)) {
-                return true;
-            }
+        if (IntentMAC.DEBUG_ICC) {
+            Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+
+                    dstPkg+"{"+dstTypes+"}");
+        }
+        if (IntentMAC.checkAllowPkgBooleans(intent, callingPkgs, dstPkg)) {
+            return true;
+        }
+        if (IntentMAC.checkIntentPolicy(intent, callingTypes, dstTypes)) {
+            return true;
+        }
 
-            Slog.e(TAG, IntentMAC.generateDenialString(intent,
-                    callingPkgs, callingTypes, dstPkg, dstTypes));
-            if (!IntentMAC.isEnforcing()) {
-                //permissive mode, don't remove this ResolveInfo from list
-                return true;
-            }
-            return false;
-        } catch (RemoteException e) {
-            // Should never happen
-            Slog.e(TAG, "SELINUX_MMAC SHOULD NEVER HAPPEN", e);
-            return false;
+        Slog.e(TAG, IntentMAC.generateDenialString(intent,
+                callingPkgs, callingTypes, dstPkg, dstTypes));
+        if (!IntentMAC.isEnforcing()) {
+            //permissive mode, don't remove this ResolveInfo from list
+            return true;
         }
+        return false;
     }
 
     public boolean checkIntentBooleans(Intent intent, List<String> srcPackageNames,
             String resolvedType, int flags, int userId) {
         if (!sUserManager.exists(userId)) return Collections.emptyList();
         enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "query intent activities");
+        int callingUid = Binder.getCallingUid();
         int callingPid = Binder.getCallingPid();
         ComponentName comp = intent.getComponent();
         if (comp == null) {
                 list.add(ri);
             }
             synchronized (mPackages) {
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
             }
             return list;
         }
             final String pkgName = intent.getPackage();
             if (pkgName == null) {
                 final List<ResolveInfo> list = mActivities.queryIntent(intent, resolvedType, flags, userId);
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
                 return list;
             }
             final PackageParser.Package pkg = mPackages.get(pkgName);
-            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, pkg)) {
+            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, callingUid, pkg)) {
                 return mActivities.queryIntentForPackage(intent, resolvedType, flags,
                         pkg.activities, userId);
             }
     public List<ResolveInfo> queryIntentReceivers(Intent intent, String resolvedType, int flags,
             int userId) {
         if (!sUserManager.exists(userId)) return Collections.emptyList();
+        int callingUid = Binder.getCallingUid();
         int callingPid = Binder.getCallingPid();
         ComponentName comp = intent.getComponent();
         if (comp == null) {
                 list.add(ri);
             }
             synchronized (mPackages) {
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
             }
             return list;
         }
             if (pkgName == null) {
                 final List<ResolveInfo> list = mReceivers.queryIntent(intent, resolvedType, flags,
                         userId);
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
                 return list;
             }
             final PackageParser.Package pkg = mPackages.get(pkgName);
-            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, pkg)) {
+            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, callingUid, pkg)) {
                 return mReceivers.queryIntentForPackage(intent, resolvedType, flags, pkg.receivers,
                         userId);
             }
             int userId) {
         if (!sUserManager.exists(userId)) return Collections.emptyList();
         int callingPid = Binder.getCallingPid();
+        int callingUid = Binder.getCallingUid();
         ComponentName comp = intent.getComponent();
         if (comp == null) {
             if (intent.getSelector() != null) {
                 list.add(ri);
             }
             synchronized (mPackages) {
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
             }
             return list;
         }
             String pkgName = intent.getPackage();
             if (pkgName == null) {
                 final List<ResolveInfo> list = mServices.queryIntent(intent, resolvedType, flags, userId);
-                filterResolveInfoListByPolicyLPr(intent, callingPid, list);
+                filterResolveInfoListByPolicyLPr(intent, callingPid, callingUid, list);
                 return list;
             }
             final PackageParser.Package pkg = mPackages.get(pkgName);
-            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, pkg)) {
+            if (pkg != null && checkIntentPolicyForPackage(intent, callingPid, callingUid, pkg)) {
                 return mServices.queryIntentForPackage(intent, resolvedType, flags, pkg.services,
                         userId);
             }
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.