From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Tue, 19 Apr 2022 10:54:18 -0700
Subject: [PATCH] Only allow the system server to connect to sync adapters

Bug: 203229608
Test: Manual test with changing the check logic + debug log
Change-Id: If18009f61360564d02dcda9b1e5fa15685e3250f
(cherry picked from commit 58270527d11ac7e5f07d337a402d8edf046a63ee)
(cherry picked from commit 7d1397a54475ed7fee632339ef7c60b432f0fbff)
Merged-In: If18009f61360564d02dcda9b1e5fa15685e3250f
---
 .../content/AbstractThreadedSyncAdapter.java  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/core/java/android/content/AbstractThreadedSyncAdapter.java b/core/java/android/content/AbstractThreadedSyncAdapter.java
index a086a308d0d9..da4ecdd8c1f2 100644
--- a/core/java/android/content/AbstractThreadedSyncAdapter.java
+++ b/core/java/android/content/AbstractThreadedSyncAdapter.java
@@ -21,6 +21,7 @@ import static com.android.internal.util.function.pooled.PooledLambda.obtainMessa
 import android.accounts.Account;
 import android.annotation.MainThread;
 import android.annotation.NonNull;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -171,8 +172,20 @@ public abstract class AbstractThreadedSyncAdapter {
     }
 
     private class ISyncAdapterImpl extends ISyncAdapter.Stub {
+        private boolean isCallerSystem() {
+            final long callingUid = Binder.getCallingUid();
+            if (callingUid != Process.SYSTEM_UID) {
+                android.util.EventLog.writeEvent(0x534e4554, "203229608", -1, "");
+                return false;
+            }
+            return true;
+        }
+
         @Override
         public void onUnsyncableAccount(ISyncAdapterUnsyncableAccountCallback cb) {
+            if (!isCallerSystem()) {
+                return;
+            }
             Handler.getMain().sendMessage(obtainMessage(
                     AbstractThreadedSyncAdapter::handleOnUnsyncableAccount,
                     AbstractThreadedSyncAdapter.this, cb));
@@ -181,12 +194,16 @@ public abstract class AbstractThreadedSyncAdapter {
         @Override
         public void startSync(ISyncContext syncContext, String authority, Account account,
                 Bundle extras) {
+            if (!isCallerSystem()) {
+                return;
+            }
             if (ENABLE_LOG) {
                 if (extras != null) {
                     extras.size(); // Unparcel so its toString() will show the contents.
                 }
                 Log.d(TAG, "startSync() start " + authority + " " + account + " " + extras);
             }
+
             try {
                 final SyncContext syncContextClient = new SyncContext(syncContext);
 
@@ -242,6 +259,9 @@ public abstract class AbstractThreadedSyncAdapter {
 
         @Override
         public void cancelSync(ISyncContext syncContext) {
+            if (!isCallerSystem()) {
+                return;
+            }
             try {
                 // synchronize to make sure that mSyncThreads doesn't change between when we
                 // check it and when we use it