1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.firewall; 18 19 import android.content.Intent; 20 import android.content.pm.ApplicationInfo; 21 import android.os.Process; 22 import org.xmlpull.v1.XmlPullParser; 23 import org.xmlpull.v1.XmlPullParserException; 24 25 import java.io.IOException; 26 27 class SenderFilter { 28 private static final String ATTR_TYPE = "type"; 29 30 private static final String VAL_SIGNATURE = "signature"; 31 private static final String VAL_SYSTEM = "system"; 32 private static final String VAL_SYSTEM_OR_SIGNATURE = "system|signature"; 33 private static final String VAL_USER_ID = "userId"; 34 35 static boolean isSystemApp(ApplicationInfo callerApp, int callerUid, int callerPid) { 36 if (callerUid == Process.SYSTEM_UID || 37 callerPid == Process.myPid()) { 38 return true; 39 } 40 if (callerApp == null) { 41 return false; 42 } 43 return (callerApp.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 44 } 45 46 public static final FilterFactory FACTORY = new FilterFactory("sender") { 47 @Override 48 public Filter newFilter(XmlPullParser parser) throws IOException, XmlPullParserException { 49 String typeString = parser.getAttributeValue(null, ATTR_TYPE); 50 if (typeString == null) { 51 throw new XmlPullParserException("type attribute must be specified for <sender>", 52 parser, null); 53 } 54 if (typeString.equals(VAL_SYSTEM)) { 55 return SYSTEM; 56 } else if (typeString.equals(VAL_SIGNATURE)) { 57 return SIGNATURE; 58 } else if (typeString.equals(VAL_SYSTEM_OR_SIGNATURE)) { 59 return SYSTEM_OR_SIGNATURE; 60 } else if (typeString.equals(VAL_USER_ID)) { 61 return USER_ID; 62 } 63 throw new XmlPullParserException( 64 "Invalid type attribute for <sender>: " + typeString, parser, null); 65 } 66 }; 67 68 private static final Filter SIGNATURE = new Filter() { 69 @Override 70 public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, 71 int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { 72 if (callerApp == null) { 73 return false; 74 } 75 return ifw.signaturesMatch(callerUid, resolvedApp.uid); 76 } 77 }; 78 79 private static final Filter SYSTEM = new Filter() { 80 @Override 81 public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, 82 int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { 83 if (callerApp == null) { 84 // if callerApp is null, the caller is the system process 85 return false; 86 } 87 return isSystemApp(callerApp, callerUid, callerPid); 88 } 89 }; 90 91 private static final Filter SYSTEM_OR_SIGNATURE = new Filter() { 92 @Override 93 public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, 94 int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { 95 return isSystemApp(callerApp, callerUid, callerPid) || 96 ifw.signaturesMatch(callerUid, resolvedApp.uid); 97 } 98 }; 99 100 private static final Filter USER_ID = new Filter() { 101 @Override 102 public boolean matches(IntentFirewall ifw, Intent intent, ApplicationInfo callerApp, 103 int callerUid, int callerPid, String resolvedType, ApplicationInfo resolvedApp) { 104 // This checks whether the caller is either the system process, or has the same user id 105 // I.e. the same app, or an app that uses the same shared user id. 106 // This is the same set of applications that would be able to access the component if 107 // it wasn't exported. 108 return ifw.checkComponentPermission(null, callerPid, callerUid, resolvedApp.uid, false); 109 } 110 }; 111 } 112