Add checks for AuthManager

2024-11-19 02:29:25 +01:00 · 2014-09-18 16:43:24 +02:00 · 2014-09-18 16:43:24 +02:00 · 84becfe18e
commit 84becfe18e
parent 3685879902
1 changed files with 15 additions and 2 deletions
--- a/src/org/microg/gms/auth/AuthManagerServiceImpl.java
+++ b/src/org/microg/gms/auth/AuthManagerServiceImpl.java
@ -28,6 +28,8 @@ import android.os.RemoteException;
 import android.util.Log;
 import com.google.android.auth.IAuthManagerService;

+import java.util.Arrays;
+
 public class AuthManagerServiceImpl extends IAuthManagerService.Stub {
    public static final String GOOGLE_ACCOUNT_TYPE = "com.google";

@ -58,8 +60,9 @@ public class AuthManagerServiceImpl extends IAuthManagerService.Stub {

    @Override
    public Bundle getToken(String accountName, String scope, Bundle extras) throws RemoteException {
-        String packageName = extras.containsKey(KEY_ANDROID_PACKAGE_NAME) ? extras.getString(KEY_ANDROID_PACKAGE_NAME)
-                : extras.containsKey(KEY_CLIENT_PACKAGE_NAME) ? extras.getString(KEY_CLIENT_PACKAGE_NAME) : null;
+        String packageName = extras.getString(KEY_ANDROID_PACKAGE_NAME, extras.getString(KEY_CLIENT_PACKAGE_NAME, null));
+        int callerUid = extras.getInt(KEY_CALLER_UID, 0);
+        checkPackage(packageName, callerUid, getCallingUid());
        boolean notify = extras.getBoolean(KEY_HANDLE_NOTIFICATION, false);

        Log.d("AuthManagerService", "getToken: account:" + accountName + " scope:" + scope + " extras:" + extras);
@ -83,6 +86,16 @@ public class AuthManagerServiceImpl extends IAuthManagerService.Stub {
        }
    }

+    private void checkPackage(String packageName, int callerUid, int callingUid) {
+        if (callerUid != callingUid) {
+            throw new SecurityException("callerUid [" + callerUid + "] and real calling uid [" + callingUid + "] mismatch!");
+        }
+        String[] packagesForUid = context.getPackageManager().getPackagesForUid(callerUid);
+        if (!Arrays.asList(packagesForUid).contains(packageName)) {
+            throw new SecurityException("callerUid [" + callerUid + "] is not related to packageName [" + packageName + "]");
+        }
+    }
+
    @Override
    public Bundle clearToken(String token, Bundle extras) throws RemoteException {
        return null;