From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Alex Johnston Date: Wed, 5 Jan 2022 22:19:29 +0000 Subject: [PATCH] Add caller check to com.android.credentials.RESET * Only the Settings app can reset credentials via com.android.credentials.RESET. * com.android.credentials.INSTALL should still be callable by CertInstaller. Manual testing steps: * Install certificate via Settings * Verify unable to reset certificates via test app provided in the bug (app-debug.apk) * Verify able to reset certificates via Settings * Verify com.android.credentials.INSTALL isn't changed Bug: 200164168 Test: manual Change-Id: I9dfde586616d004befbee529f2ae842d22795065 (cherry picked from commit 4c1272a921bb9037e17a01e1e5a0692f7f704c3d) Merged-In: I9dfde586616d004befbee529f2ae842d22795065 (cherry picked from commit 35e3d0c1b0598b2032fc6c134c657255f1907594) Merged-In: I9dfde586616d004befbee529f2ae842d22795065 --- src/com/android/settings/CredentialStorage.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java index e5d40b7add..c0726719e0 100644 --- a/src/com/android/settings/CredentialStorage.java +++ b/src/com/android/settings/CredentialStorage.java @@ -131,7 +131,7 @@ public final class CredentialStorage extends Activity { String action = intent.getAction(); UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE); if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) { - if (ACTION_RESET.equals(action)) { + if (ACTION_RESET.equals(action) && checkCallerIsSelf()) { new ResetDialog(); } else { if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) { @@ -390,6 +390,19 @@ public final class CredentialStorage extends Activity { } } + /** + * Check that the caller is Settings. + */ + private boolean checkCallerIsSelf() { + try { + return Process.myUid() == android.app.ActivityManager.getService() + .getLaunchedFromUid(getActivityToken()); + } catch (RemoteException re) { + // Error talking to ActivityManager, just give up + return false; + } + } + /** * Check that the caller is either certinstaller or Settings running in a profile of this user. */