OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a08c6a1)
[DO NOT MERGE] Don't allow permission change to runtime
authorSvetoslav Ganov <svetoslavganov@google.com>
Thu, 29 Dec 2016 22:36:58 +0000 (14:36 -0800)
committerZach Jang <zachjang@google.com>
Thu, 9 Mar 2017 19:16:55 +0000 (19:16 +0000)
Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.

Test: Added a CTS test which passes.

Bug: 33860747

Change-Id: I1ccf546f78ee79ff027cb98124be81c8e5265a82

services/core/java/com/android/server/pm/PackageManagerService.java patch | blob | history

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 4e542e1..1583f90 100644 (file)
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -15075,6 +15075,20 @@ public class PackageManagerService extends IPackageManager.Stub {
                                     + perm.info.name + "; ignoring new declaration");
                             pkg.permissions.remove(i);
                         }
+                    } else if (!PLATFORM_PACKAGE_NAME.equals(pkg.packageName)) {
+                        // Prevent apps to change protection level to dangerous from any other
+                        // type as this would allow a privilege escalation where an app adds a
+                        // normal/signature permission in other app's group and later redefines
+                        // it as dangerous leading to the group auto-grant.
+                        if ((perm.info.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
+                                == PermissionInfo.PROTECTION_DANGEROUS) {
+                            if (bp != null && !bp.isRuntime()) {
+                                Slog.w(TAG, "Package " + pkg.packageName + " trying to change a "
+                                        + "non-runtime permission " + perm.info.name
+                                        + " to runtime; keeping old protection level");
+                                perm.info.protectionLevel = bp.protectionLevel;
+                            }
+                        }
                     }
                 }
             }
frameworks/base
About OSDN
Find Software
Develop Software
Help