Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205 Change-Id: Ibc94e102fc69e4e2052526e1ee000684c5d7724f

commit: f43f129dc053ad1baee752857d1da029064bc722 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Thu Jan 13 19:18:08 2022 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Jan 13 19:18:08 2022 +0000
tree: 1660c923a5d1eb0827bbb8d50c3f5d22718cd359
parent: 7f848f44b66c5be7b4df15461ade86d6da7079bf [diff]
parent: 1ef5f42b54a0f3aaf8f2b025256b060edbcae339 [diff]
diff --git a/src/com/android/settings/security/CredentialStorage.java b/src/com/android/settings/security/CredentialStorage.java
index 5e64723..23913ce 100644
--- a/src/com/android/settings/security/CredentialStorage.java
+++ b/src/com/android/settings/security/CredentialStorage.java

@@ -85,7 +85,7 @@
         final String action = intent.getAction();
         final UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
         if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
-            if (ACTION_RESET.equals(action)) {
+            if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
                 new ResetDialog();
             } else {
                 if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
@@ -318,6 +318,19 @@
     }
 
     /**
+     * Check that the caller is Settings.
+     */
+    private boolean checkCallerIsSelf() {
+        try {
+            return Process.myUid() == android.app.ActivityManager.getService()
+                    .getLaunchedFromUid(getActivityToken());
+        } catch (RemoteException re) {
+            // Error talking to ActivityManager, just give up
+            return false;
+        }
+    }
+
+    /**
      * Check that the caller is either certinstaller or Settings running in a profile of this user.
      */
     private boolean checkCallerIsCertInstallerOrSelfInProfile() {
commit	f43f129dc053ad1baee752857d1da029064bc722	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Thu Jan 13 19:18:08 2022 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Jan 13 19:18:08 2022 +0000
tree	1660c923a5d1eb0827bbb8d50c3f5d22718cd359
parent	7f848f44b66c5be7b4df15461ade86d6da7079bf [diff]
parent	1ef5f42b54a0f3aaf8f2b025256b060edbcae339 [diff]