From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alex Johnston <acjohnston@google.com>
Date: Wed, 5 Jan 2022 22:19:29 +0000
Subject: [PATCH] Add caller check to com.android.credentials.RESET

* Only the Settings app can reset credentials
  via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
  callable by CertInstaller.

Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
  provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed

Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921bb9037e17a01e1e5a0692f7f704c3d)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 35e3d0c1b0598b2032fc6c134c657255f1907594)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
---
 src/com/android/settings/CredentialStorage.java | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index e5d40b7add..c0726719e0 100644
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -131,7 +131,7 @@ public final class CredentialStorage extends Activity {
         String action = intent.getAction();
         UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
         if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
-            if (ACTION_RESET.equals(action)) {
+            if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
                 new ResetDialog();
             } else {
                 if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
@@ -390,6 +390,19 @@ public final class CredentialStorage extends Activity {
         }
     }
 
+    /**
+     * Check that the caller is Settings.
+     */
+    private boolean checkCallerIsSelf() {
+        try {
+            return Process.myUid() == android.app.ActivityManager.getService()
+                    .getLaunchedFromUid(getActivityToken());
+        } catch (RemoteException re) {
+            // Error talking to ActivityManager, just give up
+            return false;
+        }
+    }
+
     /**
      * Check that the caller is either certinstaller or Settings running in a profile of this user.
      */