Systemservice change to propagate userId to MMSService
Convey the originating user ID across the nested binder calls to MMSService to validate the contentURI is coming from the same userId.
For detailed design please follow: go/mms-failure-multiuser
Bug: 350760118
Test: manually verfied the functionalities after the change (1) Incoming and outgoing SMS/MMS (2) Incoming and outgoing Voice calls
Flag: EXEMPT this involves changing the method signature in aidl with flags its not possible currently as aidl doesn't support method overloading
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3df02a7df8488e04e31ae1d9d081ed1b881dd6ad)
Merged-In: I9beb19f1a94aae76e6cd48a72feeb6c1dc47cf5a
Change-Id: I9beb19f1a94aae76e6cd48a72feeb6c1dc47cf5a
diff --git a/mms/java/android/telephony/MmsManager.java b/mms/java/android/telephony/MmsManager.java
index b893b45..ac29277 100644
--- a/mms/java/android/telephony/MmsManager.java
+++ b/mms/java/android/telephony/MmsManager.java
@@ -26,6 +26,7 @@
import android.os.Bundle;
import android.os.RemoteException;
import android.os.ServiceManager;
+import android.os.UserHandle;
import com.android.internal.telephony.IMms;
@@ -69,9 +70,9 @@
return;
}
- iMms.sendMessage(subId, ActivityThread.currentPackageName(), contentUri,
- locationUrl, configOverrides, sentIntent, messageId,
- mContext.getAttributionTag());
+ iMms.sendMessage(subId, /* placeholder callingUser= */ UserHandle.USER_NULL,
+ ActivityThread.currentPackageName(), contentUri, locationUrl,
+ configOverrides, sentIntent, messageId, mContext.getAttributionTag());
} catch (RemoteException e) {
// Ignore it
}
@@ -101,9 +102,9 @@
if (iMms == null) {
return;
}
- iMms.downloadMessage(subId, ActivityThread.currentPackageName(),
- locationUrl, contentUri, configOverrides, downloadedIntent,
- messageId, mContext.getAttributionTag());
+ iMms.downloadMessage(subId, /* placeholder callingUser= */ UserHandle.USER_NULL,
+ ActivityThread.currentPackageName(), locationUrl, contentUri,
+ configOverrides, downloadedIntent, messageId, mContext.getAttributionTag());
} catch (RemoteException e) {
// Ignore it
}
diff --git a/mms/java/com/android/internal/telephony/IMms.aidl b/mms/java/com/android/internal/telephony/IMms.aidl
index 3cdde10..1c75951 100644
--- a/mms/java/com/android/internal/telephony/IMms.aidl
+++ b/mms/java/com/android/internal/telephony/IMms.aidl
@@ -29,6 +29,7 @@
* Send an MMS message with attribution tag.
*
* @param subId the SIM id
+ * @param callingUser user id of the calling app
* @param callingPkg the package name of the calling app
* @param contentUri the content uri from which to read MMS message encoded in standard MMS
* PDU format
@@ -40,7 +41,7 @@
* @param messageId An id that uniquely identifies the message requested to be sent.
* @param attributionTag a tag that attributes the call to a client App.
*/
- void sendMessage(int subId, String callingPkg, in Uri contentUri,
+ void sendMessage(int subId, in int callingUser, String callingPkg, in Uri contentUri,
String locationUrl, in Bundle configOverrides, in PendingIntent sentIntent,
in long messageId, String attributionTag);
@@ -48,6 +49,7 @@
* Download an MMS message using known location and transaction id
*
* @param subId the SIM id
+ * @param callingUser user id of the calling app
* @param callingPkg the package name of the calling app
* @param locationUrl the location URL of the MMS message to be downloaded, usually obtained
* from the MMS WAP push notification
@@ -60,7 +62,7 @@
* @param messageId An id that uniquely identifies the message requested to be downloaded.
* @param attributionTag a tag that attributes the call to a client App.
*/
- void downloadMessage(int subId, String callingPkg, String locationUrl,
+ void downloadMessage(int subId, in int callingUser, String callingPkg, String locationUrl,
in Uri contentUri, in Bundle configOverrides,
in PendingIntent downloadedIntent, in long messageId, String attributionTag);
@@ -82,6 +84,7 @@
/**
* Import a multimedia message into system's MMS store
*
+ * @param callingUser user id of the calling app
* @param callingPkg the package name of the calling app
* @param contentUri the content uri from which to read PDU of the message to import
* @param messageId the optional message id
@@ -90,7 +93,7 @@
* @param read if the message is read
* @return the message URI, null if failed
*/
- Uri importMultimediaMessage(String callingPkg, in Uri contentUri, String messageId,
+ Uri importMultimediaMessage(in int callingUser, String callingPkg, in Uri contentUri, String messageId,
long timestampSecs, boolean seen, boolean read);
/**
@@ -146,11 +149,12 @@
/**
* Add a multimedia message draft to system MMS store
*
+ * @param callingUser user id of the calling app
* @param callingPkg the package name of the calling app
* @param contentUri the content Uri from which to read PDU data of the draft MMS
* @return the URI of the stored draft message
*/
- Uri addMultimediaMessageDraft(String callingPkg, in Uri contentUri);
+ Uri addMultimediaMessageDraft(in int callingUser, String callingPkg, in Uri contentUri);
/**
* Send a system stored MMS message
diff --git a/services/core/java/com/android/server/MmsServiceBroker.java b/services/core/java/com/android/server/MmsServiceBroker.java
index ced7773..11de258 100644
--- a/services/core/java/com/android/server/MmsServiceBroker.java
+++ b/services/core/java/com/android/server/MmsServiceBroker.java
@@ -130,17 +130,18 @@
}
@Override
- public void sendMessage(int subId, String callingPkg, Uri contentUri, String locationUrl,
- Bundle configOverrides, PendingIntent sentIntent, long messageId,
+ public void sendMessage(int subId, int callingUser, String callingPkg,
+ Uri contentUri, String locationUrl, Bundle configOverrides,
+ PendingIntent sentIntent, long messageId,
String attributionTag) throws RemoteException {
returnPendingIntentWithError(sentIntent);
}
@Override
- public void downloadMessage(int subId, String callingPkg, String locationUrl,
- Uri contentUri, Bundle configOverrides, PendingIntent downloadedIntent,
- long messageId, String attributionTag)
- throws RemoteException {
+ public void downloadMessage(int subId, int callingUser, String callingPkg,
+ String locationUrl, Uri contentUri, Bundle configOverrides,
+ PendingIntent downloadedIntent,
+ long messageId, String attributionTag) throws RemoteException {
returnPendingIntentWithError(downloadedIntent);
}
@@ -151,8 +152,9 @@
}
@Override
- public Uri importMultimediaMessage(String callingPkg, Uri contentUri, String messageId,
- long timestampSecs, boolean seen, boolean read) throws RemoteException {
+ public Uri importMultimediaMessage(int callingUser, String callingPkg,
+ Uri contentUri, String messageId, long timestampSecs,
+ boolean seen, boolean read) throws RemoteException {
return null;
}
@@ -187,8 +189,8 @@
}
@Override
- public Uri addMultimediaMessageDraft(String callingPkg, Uri contentUri)
- throws RemoteException {
+ public Uri addMultimediaMessageDraft(int callingUser, String callingPkg,
+ Uri contentUri) throws RemoteException {
return null;
}
@@ -333,9 +335,9 @@
private static final String PHONE_PACKAGE_NAME = "com.android.phone";
@Override
- public void sendMessage(int subId, String callingPkg, Uri contentUri,
- String locationUrl, Bundle configOverrides, PendingIntent sentIntent,
- long messageId, String attributionTag)
+ public void sendMessage(int subId, int callingUser, String callingPkg,
+ Uri contentUri, String locationUrl, Bundle configOverrides,
+ PendingIntent sentIntent, long messageId, String attributionTag)
throws RemoteException {
Slog.d(TAG, "sendMessage() by " + callingPkg);
mContext.enforceCallingPermission(Manifest.permission.SEND_SMS, "Send MMS message");
@@ -360,14 +362,15 @@
CarrierMessagingService.SERVICE_INTERFACE,
Intent.FLAG_GRANT_READ_URI_PERMISSION,
subId);
- getServiceGuarded().sendMessage(subId, callingPkg, contentUri, locationUrl,
- configOverrides, sentIntent, messageId, attributionTag);
+ getServiceGuarded().sendMessage(subId, getCallingUserId(), callingPkg, contentUri,
+ locationUrl, configOverrides, sentIntent, messageId, attributionTag);
}
@Override
- public void downloadMessage(int subId, String callingPkg, String locationUrl,
- Uri contentUri, Bundle configOverrides, PendingIntent downloadedIntent,
- long messageId, String attributionTag) throws RemoteException {
+ public void downloadMessage(int subId, int callingUser, String callingPkg,
+ String locationUrl, Uri contentUri, Bundle configOverrides,
+ PendingIntent downloadedIntent, long messageId, String attributionTag)
+ throws RemoteException {
Slog.d(TAG, "downloadMessage() by " + callingPkg);
mContext.enforceCallingPermission(Manifest.permission.RECEIVE_MMS,
"Download MMS message");
@@ -381,8 +384,8 @@
Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION,
subId);
- getServiceGuarded().downloadMessage(subId, callingPkg, locationUrl, contentUri,
- configOverrides, downloadedIntent, messageId, attributionTag);
+ getServiceGuarded().downloadMessage(subId, getCallingUserId(), callingPkg, locationUrl,
+ contentUri, configOverrides, downloadedIntent, messageId, attributionTag);
}
@Override
@@ -399,8 +402,8 @@
}
@Override
- public Uri importMultimediaMessage(String callingPkg, Uri contentUri,
- String messageId, long timestampSecs, boolean seen, boolean read)
+ public Uri importMultimediaMessage(int callingUser, String callingPkg,
+ Uri contentUri, String messageId, long timestampSecs, boolean seen, boolean read)
throws RemoteException {
if (getAppOpsManager().noteOp(AppOpsManager.OP_WRITE_SMS, Binder.getCallingUid(),
callingPkg, null, null) != AppOpsManager.MODE_ALLOWED) {
@@ -408,8 +411,8 @@
// while writing the TelephonyProvider
return FAKE_MMS_SENT_URI;
}
- return getServiceGuarded().importMultimediaMessage(
- callingPkg, contentUri, messageId, timestampSecs, seen, read);
+ return getServiceGuarded().importMultimediaMessage(getCallingUserId(), callingPkg,
+ contentUri, messageId, timestampSecs, seen, read);
}
@Override
@@ -467,15 +470,16 @@
}
@Override
- public Uri addMultimediaMessageDraft(String callingPkg, Uri contentUri)
- throws RemoteException {
+ public Uri addMultimediaMessageDraft(int callingUser, String callingPkg,
+ Uri contentUri) throws RemoteException {
if (getAppOpsManager().noteOp(AppOpsManager.OP_WRITE_SMS, Binder.getCallingUid(),
callingPkg, null, null) != AppOpsManager.MODE_ALLOWED) {
// Silently fail AppOps failure due to not being the default SMS app
// while writing the TelephonyProvider
return FAKE_MMS_DRAFT_URI;
}
- return getServiceGuarded().addMultimediaMessageDraft(callingPkg, contentUri);
+ return getServiceGuarded().addMultimediaMessageDraft(getCallingUserId(), callingPkg,
+ contentUri);
}
@Override
@@ -572,4 +576,13 @@
if (info == null) return INVALID_SIM_SLOT_INDEX;
return info.getSimSlotIndex();
}
+
+ /**
+ * Retrieves the calling user id.
+ * @return The id of the calling user.
+ */
+ private int getCallingUserId() {
+ return Binder.getCallingUserHandle().getIdentifier();
+ }
+
}