From 9cc60e81d700f12a5fa7e2246301268bbaafc6fb Mon Sep 17 00:00:00 2001
From: Ben Gruver <bgruv@google.com>
Date: Fri, 5 Apr 2013 09:56:51 -0700
Subject: [PATCH] Remove the sender package filter from the intent firewall

Change-Id: I3124c6969984eef646f22216c709bdfb324d6679
---
 .../java/com/android/server/am/ActivityStack.java  |  3 +-
 .../com/android/server/firewall/AndFilter.java     |  7 ++-
 .../android/server/firewall/CategoryFilter.java    |  2 +-
 .../java/com/android/server/firewall/Filter.java   | 11 ++---
 .../android/server/firewall/IntentFirewall.java    | 10 ++--
 .../com/android/server/firewall/NotFilter.java     |  7 ++-
 .../java/com/android/server/firewall/OrFilter.java |  7 ++-
 .../com/android/server/firewall/PortFilter.java    |  3 +-
 .../com/android/server/firewall/SenderFilter.java  | 12 ++---
 .../server/firewall/SenderPermissionFilter.java    |  3 +-
 .../com/android/server/firewall/StringFilter.java  | 57 +++++++++-------------
 11 files changed, 48 insertions(+), 74 deletions(-)

diff --git a/services/java/com/android/server/am/ActivityStack.java b/services/java/com/android/server/am/ActivityStack.java
index 3d7da7bb70ec..3d2e912d69fa 100644
--- a/services/java/com/android/server/am/ActivityStack.java
+++ b/services/java/com/android/server/am/ActivityStack.java
@@ -2594,8 +2594,7 @@ final class ActivityStack {
         }
 
         boolean abort = !mService.mIntentFirewall.checkStartActivity(intent,
-                callerApp==null?null:callerApp.info, callingPackage, callingUid, callingPid,
-                resolvedType, aInfo);
+                callerApp==null?null:callerApp.info, callingUid, callingPid, resolvedType, aInfo);
 
         if (mMainStack) {
             if (mService.mController != null) {
diff --git a/services/java/com/android/server/firewall/AndFilter.java b/services/java/com/android/server/firewall/AndFilter.java
index cabf00b3b271..e4276d085196 100644
--- a/services/java/com/android/server/firewall/AndFilter.java
+++ b/services/java/com/android/server/firewall/AndFilter.java
@@ -26,11 +26,10 @@ import java.io.IOException;
 class AndFilter extends FilterList {
     @Override
     public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp) {
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
         for (int i=0; i<children.size(); i++) {
-            if (!children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid,
-                    callerPid, resolvedType, resolvedApp)) {
+            if (!children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
+                    resolvedApp)) {
                 return false;
             }
         }
diff --git a/services/java/com/android/server/firewall/CategoryFilter.java b/services/java/com/android/server/firewall/CategoryFilter.java
index d5e9fe843306..4938cb89bba9 100644
--- a/services/java/com/android/server/firewall/CategoryFilter.java
+++ b/services/java/com/android/server/firewall/CategoryFilter.java
@@ -34,7 +34,7 @@ class CategoryFilter implements Filter {
     }
 
     @Override
-    public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage,
+    public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
             int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
         Set<String> categories = intent.getCategories();
         if (categories == null) {
diff --git a/services/java/com/android/server/firewall/Filter.java b/services/java/com/android/server/firewall/Filter.java
index 76394662572d..0e783e80316f 100644
--- a/services/java/com/android/server/firewall/Filter.java
+++ b/services/java/com/android/server/firewall/Filter.java
@@ -26,17 +26,14 @@ interface Filter {
      * @param ifw The IntentFirewall instance
      * @param intent The intent being started/bound/broadcast
      * @param callerApp An ApplicationInfo of an application in the caller's process. This may not
- *                  be the specific app that is actually sending the intent. This also may be
- *                  null, if the caller is the system process, or an unrecognized process (e.g.
- *                  am start)
-     * @param callerPackage The package name of the component sending the intent. This value is
-*                      provided by the caller and might be forged/faked.
+     *                  be the specific app that is actually sending the intent. This also may be
+     *                  null, if the caller is the system process, or an unrecognized process (e.g.
+     *                  am start)
      * @param callerUid
      * @param callerPid
      * @param resolvedType The resolved mime type of the intent
      * @param resolvedApp The application that contains the resolved component that the intent is
      */
     boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp);
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp);
 }
diff --git a/services/java/com/android/server/firewall/IntentFirewall.java b/services/java/com/android/server/firewall/IntentFirewall.java
index 062183b1b090..46a0917b0795 100644
--- a/services/java/com/android/server/firewall/IntentFirewall.java
+++ b/services/java/com/android/server/firewall/IntentFirewall.java
@@ -76,7 +76,6 @@ public class IntentFirewall {
                 StringFilter.HOST,
                 StringFilter.MIME_TYPE,
                 StringFilter.PATH,
-                StringFilter.SENDER_PACKAGE,
                 StringFilter.SSP,
 
                 CategoryFilter.FACTORY,
@@ -98,17 +97,16 @@ public class IntentFirewall {
         readRules(getRulesFile());
     }
 
-    public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ActivityInfo resolvedActivity) {
+    public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp, int callerUid,
+            int callerPid, String resolvedType, ActivityInfo resolvedActivity) {
         List<Rule> matchingRules = mActivityResolver.queryIntent(intent, resolvedType, false, 0);
         boolean log = false;
         boolean block = false;
 
         for (int i=0; i< matchingRules.size(); i++) {
             Rule rule = matchingRules.get(i);
-            if (rule.matches(this, intent, callerApp, callerPackage, callerUid, callerPid,
-                    resolvedType, resolvedActivity.applicationInfo)) {
+            if (rule.matches(this, intent, callerApp, callerUid, callerPid, resolvedType,
+                    resolvedActivity.applicationInfo)) {
                 block |= rule.getBlock();
                 log |= rule.getLog();
 
diff --git a/services/java/com/android/server/firewall/NotFilter.java b/services/java/com/android/server/firewall/NotFilter.java
index 2ff108a1db8b..f0fc337c5be2 100644
--- a/services/java/com/android/server/firewall/NotFilter.java
+++ b/services/java/com/android/server/firewall/NotFilter.java
@@ -33,10 +33,9 @@ class NotFilter implements Filter {
 
     @Override
     public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp) {
-        return !mChild.matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid,
-                resolvedType, resolvedApp);
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
+        return !mChild.matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
+                resolvedApp);
     }
 
     public static final FilterFactory FACTORY = new FilterFactory("not") {
diff --git a/services/java/com/android/server/firewall/OrFilter.java b/services/java/com/android/server/firewall/OrFilter.java
index 1ed1c85ae1b0..72db31e2edf1 100644
--- a/services/java/com/android/server/firewall/OrFilter.java
+++ b/services/java/com/android/server/firewall/OrFilter.java
@@ -26,11 +26,10 @@ import java.io.IOException;
 class OrFilter extends FilterList {
     @Override
     public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp) {
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
         for (int i=0; i<children.size(); i++) {
-            if (children.get(i).matches(ifw, intent, callerApp, callerPackage, callerUid, callerPid,
-                    resolvedType, resolvedApp)) {
+            if (children.get(i).matches(ifw, intent, callerApp, callerUid, callerPid, resolvedType,
+                    resolvedApp)) {
                 return true;
             }
         }
diff --git a/services/java/com/android/server/firewall/PortFilter.java b/services/java/com/android/server/firewall/PortFilter.java
index 2b2a19898785..fe7e085f0b5d 100644
--- a/services/java/com/android/server/firewall/PortFilter.java
+++ b/services/java/com/android/server/firewall/PortFilter.java
@@ -42,8 +42,7 @@ class PortFilter implements Filter {
 
     @Override
     public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp) {
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
         int port = -1;
         Uri uri = intent.getData();
         if (uri != null) {
diff --git a/services/java/com/android/server/firewall/SenderFilter.java b/services/java/com/android/server/firewall/SenderFilter.java
index 0b790bd58ff9..58bdd7318c08 100644
--- a/services/java/com/android/server/firewall/SenderFilter.java
+++ b/services/java/com/android/server/firewall/SenderFilter.java
@@ -68,8 +68,7 @@ class SenderFilter {
     private static final Filter SIGNATURE = new Filter() {
         @Override
         public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-                String callerPackage, int callerUid, int callerPid, String resolvedType,
-                ApplicationInfo resolvedApp) {
+                int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
             if (callerApp == null) {
                 return false;
             }
@@ -80,8 +79,7 @@ class SenderFilter {
     private static final Filter SYSTEM = new Filter() {
         @Override
         public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-                String callerPackage, int callerUid, int callerPid, String resolvedType,
-                ApplicationInfo resolvedApp) {
+                int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
             if (callerApp == null) {
                 // if callerApp is null, the caller is the system process
                 return false;
@@ -93,8 +91,7 @@ class SenderFilter {
     private static final Filter SYSTEM_OR_SIGNATURE = new Filter() {
         @Override
         public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-                String callerPackage, int callerUid, int callerPid, String resolvedType,
-                ApplicationInfo resolvedApp) {
+                int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
             return isSystemApp(callerApp, callerUid, callerPid) ||
                     ifw.signaturesMatch(callerUid, resolvedApp.uid);
         }
@@ -103,8 +100,7 @@ class SenderFilter {
     private static final Filter USER_ID = new Filter() {
         @Override
         public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-                String callerPackage, int callerUid, int callerPid, String resolvedType,
-                ApplicationInfo resolvedApp) {
+                int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
             // This checks whether the caller is either the system process, or has the same user id
             // I.e. the same app, or an app that uses the same shared user id.
             // This is the same set of applications that would be able to access the component if
diff --git a/services/java/com/android/server/firewall/SenderPermissionFilter.java b/services/java/com/android/server/firewall/SenderPermissionFilter.java
index 02d8b15f36ec..310da20eebf5 100644
--- a/services/java/com/android/server/firewall/SenderPermissionFilter.java
+++ b/services/java/com/android/server/firewall/SenderPermissionFilter.java
@@ -34,8 +34,7 @@ class SenderPermissionFilter implements Filter {
 
     @Override
     public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
-            String callerPackage, int callerUid, int callerPid, String resolvedType,
-            ApplicationInfo resolvedApp) {
+            int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
         // We assume the component is exported here. If the component is not exported, then
         // ActivityManager would only resolve to this component for callers from the same uid.
         // In this case, it doesn't matter whether the component is exported or not.
diff --git a/services/java/com/android/server/firewall/StringFilter.java b/services/java/com/android/server/firewall/StringFilter.java
index de5a69fb8aaa..ed5d3f316083 100644
--- a/services/java/com/android/server/firewall/StringFilter.java
+++ b/services/java/com/android/server/firewall/StringFilter.java
@@ -119,10 +119,9 @@ abstract class StringFilter implements Filter {
     protected abstract boolean matchesValue(String value);
 
     @Override
-    public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, String callerPackage,
+    public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp,
             int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) {
-        String value = mValueProvider.getValue(intent, callerApp, callerPackage, resolvedType,
-                resolvedApp);
+        String value = mValueProvider.getValue(intent, callerApp, resolvedType, resolvedApp);
         return matchesValue(value);
     }
 
@@ -137,7 +136,7 @@ abstract class StringFilter implements Filter {
         }
 
         public abstract String getValue(Intent intent, ApplicationInfo callerApp,
-                String callerPackage, String resolvedType, ApplicationInfo resolvedApp);
+                String resolvedType, ApplicationInfo resolvedApp);
     }
 
     private static class EqualsFilter extends StringFilter {
@@ -231,8 +230,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider COMPONENT = new ValueProvider("component") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             ComponentName cn = intent.getComponent();
             if (cn != null) {
                 return cn.flattenToString();
@@ -243,8 +242,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider COMPONENT_NAME = new ValueProvider("component-name") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             ComponentName cn = intent.getComponent();
             if (cn != null) {
                 return cn.getClassName();
@@ -255,8 +254,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider COMPONENT_PACKAGE = new ValueProvider("component-package") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             ComponentName cn = intent.getComponent();
             if (cn != null) {
                 return cn.getPackageName();
@@ -265,28 +264,18 @@ abstract class StringFilter implements Filter {
         }
     };
 
-    public static final ValueProvider SENDER_PACKAGE = new ValueProvider("sender-package") {
-        @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
-            // TODO: We can't trust this value, so maybe should check all packages in the caller process?
-            return callerPackage;
-        }
-    };
-
-
     public static final FilterFactory ACTION = new ValueProvider("action") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             return intent.getAction();
         }
     };
 
     public static final ValueProvider DATA = new ValueProvider("data") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             Uri data = intent.getData();
             if (data != null) {
                 return data.toString();
@@ -297,16 +286,16 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider MIME_TYPE = new ValueProvider("mime-type") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             return resolvedType;
         }
     };
 
     public static final ValueProvider SCHEME = new ValueProvider("scheme") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             Uri data = intent.getData();
             if (data != null) {
                 return data.getScheme();
@@ -317,8 +306,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider SSP = new ValueProvider("scheme-specific-part") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             Uri data = intent.getData();
             if (data != null) {
                 return data.getSchemeSpecificPart();
@@ -329,8 +318,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider HOST = new ValueProvider("host") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             Uri data = intent.getData();
             if (data != null) {
                 return data.getHost();
@@ -341,8 +330,8 @@ abstract class StringFilter implements Filter {
 
     public static final ValueProvider PATH = new ValueProvider("path") {
         @Override
-        public String getValue(Intent intent, ApplicationInfo callerApp, String callerPackage,
-                String resolvedType, ApplicationInfo resolvedApp) {
+        public String getValue(Intent intent, ApplicationInfo callerApp, String resolvedType,
+                ApplicationInfo resolvedApp) {
             Uri data = intent.getData();
             if (data != null) {
                 return data.getPath();
-- 
2.11.0