commit 06dbadf4e61a176a96627793ee68ea43a1c3068e
author Aurélien Pomini <pomini@google.com> Tue May 02 13:13:26 2023 +0000
committer Aurélien Pomini <pomini@google.com> Wed May 17 15:21:12 2023 +0000
tree 209d28fea4f48589d362b84800de0664f6acbeea
parent 4422c68b1460b7bb687f3f2b295a10a217a14e43

Add permission check in notifyWakingUp/GoingToSleep

These AIDL were not protected by any permission.

Although there is no security risk associated with that, those two
methods are not intended to be public.

Bug: 280419125
Test: atest WallpaperManagerTest
Change-Id: Ia5a22fb2926a533b1aaaaa2cf0f49b46783d07c6

services/core/java/com/android/server/wallpaper/WallpaperManagerService.java

diff --git a/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java b/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java
index 9add537..a079875 100644
--- a/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java
+++ b/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java
@@ -82,6 +82,7 @@
 import android.os.IInterface;
 import android.os.IRemoteCallback;
 import android.os.ParcelFileDescriptor;
+import android.os.Process;
 import android.os.RemoteCallbackList;
 import android.os.RemoteException;
 import android.os.ResultReceiver;
@@ -2514,6 +2515,7 @@
      * Propagate a wake event to the wallpaper engine(s).
      */
     public void notifyWakingUp(int x, int y, @NonNull Bundle extras) {
+        checkCallerIsSystemOrSystemUi();
         synchronized (mLock) {
             if (mIsLockscreenLiveWallpaperEnabled) {
                 for (WallpaperData data : getActiveWallpapers()) {
@@ -2551,6 +2553,7 @@
      * Propagate a sleep event to the wallpaper engine(s).
      */
     public void notifyGoingToSleep(int x, int y, @NonNull Bundle extras) {
+        checkCallerIsSystemOrSystemUi();
         synchronized (mLock) {
             if (mIsLockscreenLiveWallpaperEnabled) {
                 for (WallpaperData data : getActiveWallpapers()) {
@@ -3684,6 +3687,14 @@
                 mActivityManager.getPackageImportance(callingPackage) == IMPORTANCE_FOREGROUND);
     }
 
+    /** Check that the caller is either system_server or systemui */
+    private void checkCallerIsSystemOrSystemUi() {
+        if (Binder.getCallingUid() != Process.myUid() && mContext.checkCallingPermission(
+                android.Manifest.permission.STATUS_BAR_SERVICE) != PERMISSION_GRANTED) {
+            throw new SecurityException("Access denied: only system processes can call this");
+        }
+    }
+
     /**
      * Certain user types do not support wallpapers (e.g. managed profiles). The check is
      * implemented through through the OP_WRITE_WALLPAPER AppOp.