Add UPDATE_CONFIG permission check when start CTJob
To prevent untrusted apps from abusing the CTDownloader.
Flag: com.android.net.ct.flags.certificate_transparency_service
Bug: 384869526
Test: atest NetworkSecurityUnitTests
Change-Id: I7c701af673309a1fb854d690c85bfbf0b834fdc3
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java
index baca2e3..9c92d14 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java
@@ -22,6 +22,7 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
+import android.content.pm.PackageManager;
import android.os.Build;
import android.os.ConfigUpdate;
import android.os.SystemClock;
@@ -32,6 +33,7 @@
public class CertificateTransparencyJob extends BroadcastReceiver {
private static final String TAG = "CertificateTransparencyJob";
+ private static final String UPDATE_CONFIG_PERMISSION = "android.permission.UPDATE_CONFIG";
private final Context mContext;
private final DataStore mDataStore;
@@ -91,6 +93,11 @@
Log.w(TAG, "Received unexpected broadcast with action " + intent);
return;
}
+ if (context.checkCallingOrSelfPermission(UPDATE_CONFIG_PERMISSION)
+ != PackageManager.PERMISSION_GRANTED) {
+ Log.e(TAG, "Caller does not have UPDATE_CONFIG permission.");
+ return;
+ }
if (Config.DEBUG) {
Log.d(TAG, "Starting CT daily job.");
}