mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 23:49:32 -05:00
37 lines
1.6 KiB
Diff
37 lines
1.6 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||
|
Date: Thu, 15 Sep 2022 13:58:34 +0300
|
||
|
Subject: [PATCH] ignore pid when spoofing permission checks
|
||
|
|
||
|
Permissions are enforced per-uid, checking pid may break spoofing for multi-process apps.
|
||
|
---
|
||
|
core/java/android/app/ContextImpl.java | 8 +++-----
|
||
|
1 file changed, 3 insertions(+), 5 deletions(-)
|
||
|
|
||
|
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
|
||
|
index b50cd115382d..58d3702c7356 100644
|
||
|
--- a/core/java/android/app/ContextImpl.java
|
||
|
+++ b/core/java/android/app/ContextImpl.java
|
||
|
@@ -2166,18 +2166,16 @@ class ContextImpl extends Context {
|
||
|
if (permission == null) {
|
||
|
throw new IllegalArgumentException("permission is null");
|
||
|
}
|
||
|
-
|
||
|
- final boolean selfCheck = pid == android.os.Process.myPid() && uid == android.os.Process.myUid();
|
||
|
-
|
||
|
if (mParams.isRenouncedPermission(permission)
|
||
|
- && selfCheck) {
|
||
|
+ && pid == android.os.Process.myPid() && uid == android.os.Process.myUid()) {
|
||
|
Log.v(TAG, "Treating renounced permission " + permission + " as denied");
|
||
|
return PERMISSION_DENIED;
|
||
|
}
|
||
|
+
|
||
|
int res = PermissionManager.checkPermission(permission, pid, uid);
|
||
|
|
||
|
if (res != PERMISSION_GRANTED) {
|
||
|
- if (selfCheck) {
|
||
|
+ if (uid == android.os.Process.myUid()) {
|
||
|
if (AppPermissionUtils.shouldSpoofSelfCheck(permission)) {
|
||
|
return PERMISSION_GRANTED;
|
||
|
}
|