Add checks for AuthManager

2024-11-19 02:29:25 +01:00 · 2014-09-18 16:43:24 +02:00 · 2014-09-18 16:43:24 +02:00 · 84becfe18e
commit 84becfe18e
parent 3685879902
1 changed files with 15 additions and 2 deletions
--- a/src/org/microg/gms/auth/AuthManagerServiceImpl.java
+++ b/src/org/microg/gms/auth/AuthManagerServiceImpl.java
@ -28,6 +28,8 @@ import android.os.RemoteException;
 import android.util.Log;
 import com.google.android.auth.IAuthManagerService;
 import java.util.Arrays;
 public class AuthManagerServiceImpl extends IAuthManagerService.Stub {
    public static final String GOOGLE_ACCOUNT_TYPE = "com.google";
@ -58,8 +60,9 @@ public class AuthManagerServiceImpl extends IAuthManagerService.Stub {
    @Override
    public Bundle getToken(String accountName, String scope, Bundle extras) throws RemoteException {
-        String packageName = extras.containsKey(KEY_ANDROID_PACKAGE_NAME) ? extras.getString(KEY_ANDROID_PACKAGE_NAME)
+        String packageName = extras.getString(KEY_ANDROID_PACKAGE_NAME, extras.getString(KEY_CLIENT_PACKAGE_NAME, null));
-                : extras.containsKey(KEY_CLIENT_PACKAGE_NAME) ? extras.getString(KEY_CLIENT_PACKAGE_NAME) : null;
+        int callerUid = extras.getInt(KEY_CALLER_UID, 0);
        checkPackage(packageName, callerUid, getCallingUid());
        boolean notify = extras.getBoolean(KEY_HANDLE_NOTIFICATION, false);
        Log.d("AuthManagerService", "getToken: account:" + accountName + " scope:" + scope + " extras:" + extras);
@ -83,6 +86,16 @@ public class AuthManagerServiceImpl extends IAuthManagerService.Stub {
        }
    }
    private void checkPackage(String packageName, int callerUid, int callingUid) {
        if (callerUid != callingUid) {
            throw new SecurityException("callerUid [" + callerUid + "] and real calling uid [" + callingUid + "] mismatch!");
        }
        String[] packagesForUid = context.getPackageManager().getPackagesForUid(callerUid);
        if (!Arrays.asList(packagesForUid).contains(packageName)) {
            throw new SecurityException("callerUid [" + callerUid + "] is not related to packageName [" + packageName + "]");
        }
    }
    @Override
    public Bundle clearToken(String token, Bundle extras) throws RemoteException {
        return null;