From abf3570f382b94d16cc8a06c4b7c434d7a7052aa Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Tue, 17 Feb 2015 14:12:48 +0000
Subject: [PATCH] DevicePolicy: Make uid parameter an int

This should not have been a long to begin with.

Change-Id: Icbf6e2e97cb6301b968b3eb8b3f9a46331f7983e
---
 api/current.txt                                              |  2 +-
 api/system-current.txt                                       |  2 +-
 core/java/android/app/admin/DeviceAdminReceiver.java         |  4 ++--
 core/java/android/app/admin/IDevicePolicyManager.aidl        |  2 +-
 .../server/devicepolicy/DevicePolicyManagerService.java      | 12 ++++++++----
 5 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/api/current.txt b/api/current.txt
index ae93e2bf7e03..5fffbb0f8aca 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5404,7 +5404,7 @@ package android.app.admin {
     ctor public DeviceAdminReceiver();
     method public android.app.admin.DevicePolicyManager getManager(android.content.Context);
     method public android.content.ComponentName getWho(android.content.Context);
-    method public java.lang.String onChoosePrivateKeyAlias(android.content.Context, android.content.Intent, long, java.lang.String, int, java.lang.String, java.lang.String);
+    method public java.lang.String onChoosePrivateKeyAlias(android.content.Context, android.content.Intent, int, java.lang.String, int, java.lang.String, java.lang.String);
     method public java.lang.CharSequence onDisableRequested(android.content.Context, android.content.Intent);
     method public void onDisabled(android.content.Context, android.content.Intent);
     method public void onEnabled(android.content.Context, android.content.Intent);
diff --git a/api/system-current.txt b/api/system-current.txt
index 6c4d28e510d5..c43f2c7e0357 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5498,7 +5498,7 @@ package android.app.admin {
     ctor public DeviceAdminReceiver();
     method public android.app.admin.DevicePolicyManager getManager(android.content.Context);
     method public android.content.ComponentName getWho(android.content.Context);
-    method public java.lang.String onChoosePrivateKeyAlias(android.content.Context, android.content.Intent, long, java.lang.String, int, java.lang.String, java.lang.String);
+    method public java.lang.String onChoosePrivateKeyAlias(android.content.Context, android.content.Intent, int, java.lang.String, int, java.lang.String, java.lang.String);
     method public java.lang.CharSequence onDisableRequested(android.content.Context, android.content.Intent);
     method public void onDisabled(android.content.Context, android.content.Intent);
     method public void onEnabled(android.content.Context, android.content.Intent);
diff --git a/core/java/android/app/admin/DeviceAdminReceiver.java b/core/java/android/app/admin/DeviceAdminReceiver.java
index a3d96bdd1119..9a8dc52dd8b9 100644
--- a/core/java/android/app/admin/DeviceAdminReceiver.java
+++ b/core/java/android/app/admin/DeviceAdminReceiver.java
@@ -438,7 +438,7 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
      * @return The private key alias to return and grant access to.
      * @see KeyChain#choosePrivateKeyAlias
      */
-    public String onChoosePrivateKeyAlias(Context context, Intent intent, long uid, String host,
+    public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, String host,
             int port, String url, String alias) {
         return null;
     }
@@ -473,7 +473,7 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
         } else if (ACTION_PROFILE_PROVISIONING_COMPLETE.equals(action)) {
             onProfileProvisioningComplete(context, intent);
         } else if (ACTION_CHOOSE_PRIVATE_KEY_ALIAS.equals(action)) {
-            long uid = intent.getLongExtra(EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, -1);
+            int uid = intent.getIntExtra(EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, -1);
             String host = intent.getStringExtra(EXTRA_CHOOSE_PRIVATE_KEY_HOST);
             int port = intent.getIntExtra(EXTRA_CHOOSE_PRIVATE_KEY_PORT, -1);
             String url = intent.getStringExtra(EXTRA_CHOOSE_PRIVATE_KEY_URL);
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 2179dff25c56..714e740fe899 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -129,7 +129,7 @@ interface IDevicePolicyManager {
     void enforceCanManageCaCerts(in ComponentName admin);
 
     boolean installKeyPair(in ComponentName who, in byte[] privKeyBuffer, in byte[] certBuffer, String alias);
-    void choosePrivateKeyAlias(in String host, int port, in String url, in String alias, IBinder aliasCallback);
+    void choosePrivateKeyAlias(int uid, in String host, int port, in String url, in String alias, IBinder aliasCallback);
 
     void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);
     void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName);
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 1381eef33b4f..1e372ab493b0 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2982,11 +2982,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
-    public void choosePrivateKeyAlias(final String host, int port, final String url,
+    public void choosePrivateKeyAlias(final int uid, final String host, int port, final String url,
             final String alias, final IBinder response) {
-        final ComponentName profileOwner = getProfileOwner(UserHandle.getCallingUserId());
+        // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers.
+        if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {
+            return;
+        }
+
         final UserHandle caller = Binder.getCallingUserHandle();
-        final int callerUid = Binder.getCallingUid();
+        final ComponentName profileOwner = getProfileOwner(caller.getIdentifier());
 
         if (profileOwner == null) {
             sendPrivateKeyAliasResponse(null, response);
@@ -2995,7 +2999,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
         Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS);
         intent.setComponent(profileOwner);
-        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, callerUid);
+        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid);
         intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_HOST, host);
         intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_PORT, port);
         intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URL, url);
-- 
2.11.0