am: Handle unchecked activity starts for protected components.

  Previously if you received a notification from a protected app,
  since AM would state that the calling package was also the target
  package, the protected apps implementation would allow you to
  launch into the application. Mitigate this by hooking into
  the unchecked activity start stack (pending intent launches)
  globally.

Change-Id: I0371593ade9e4af2554962873d89a0f82a639b57
TICKET: PAELLA-216 FEIJ-160 FEIJ-177

Author: Adnan Begovic

core/java/android/app/ApplicationPackageManager.java

@@ -2048,9 +2048,11 @@ public void setComponentProtectedSetting(ComponentName componentName, boolean ne
 
     /** @hide */
     @Override
-    public boolean isComponentProtected(String callingPackage, ComponentName componentName) {
+    public boolean isComponentProtected(String callingPackage, int callingUid,
+            ComponentName componentName) {
         try {
-            return mPM.isComponentProtected(callingPackage, componentName, mContext.getUserId());
+            return mPM.isComponentProtected(callingPackage, callingUid, componentName,
+                    mContext.getUserId());
         } catch (RemoteException re) {
             Log.e(TAG, "Failed to get component protected setting", re);
             return false;

core/java/android/content/pm/IPackageManager.aidl

@@ -521,6 +521,6 @@ interface IPackageManager {
     int processThemeResources(String themePkgName);
 
     /** Protected Apps */
-    boolean isComponentProtected(in String callingPackage, in ComponentName componentName,
-            int userId);
+    boolean isComponentProtected(in String callingPackage, in int callingUid,
+    in ComponentName componentName, int userId);
 }

core/java/android/content/pm/PackageManager.java

@@ -4564,7 +4564,7 @@ public void onCreated(int moveId, Bundle extras) {}
      * Return whether or not a specific component is protected
      * @hide
      */
-    public abstract boolean isComponentProtected(String callingPackage,
+    public abstract boolean isComponentProtected(String callingPackage, int callingUid,
             ComponentName componentName);
 
     /**

services/core/java/com/android/server/am/ActivityStackSupervisor.java

@@ -961,7 +961,8 @@ final int startActivityMayWait(IApplicationThread caller, int callingUid,
                 //TODO: This needs to be a flushed out API in the future.
                 boolean isProtected = intent.getComponent() != null
                         && AppGlobals.getPackageManager()
-                        .isComponentProtected(callingPackage, intent.getComponent(), userId) &&
+                        .isComponentProtected(callingPackage, callingUid,
+                                intent.getComponent(), userId) &&
                         (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;
 
                 if (isProtected) {
@@ -977,6 +978,7 @@ final int startActivityMayWait(IApplicationThread caller, int callingUid,
             } catch (RemoteException e) {
                 e.printStackTrace();
             }
+
             final int realCallingPid = Binder.getCallingPid();
             final int realCallingUid = Binder.getCallingUid();
             int callingPid;
@@ -1873,6 +1875,28 @@ final int startActivityUncheckedLocked(final ActivityRecord r, ActivityRecord so
             inTask = null;
         }
 
+        try {
+            //TODO: This needs to be a flushed out API in the future.
+            boolean isProtected = intent.getComponent() != null
+                    && AppGlobals.getPackageManager()
+                    .isComponentProtected(null, r.launchedFromUid,
+                            intent.getComponent(), r.userId) &&
+                    (intent.getFlags()&Intent.FLAG_GRANT_READ_URI_PERMISSION) == 0;
+
+            if (isProtected) {
+                Message msg = mService.mHandler.obtainMessage(
+                        ActivityManagerService.POST_COMPONENT_PROTECTED_MSG);
+                //Store start flags, userid
+                intent.setFlags(startFlags);
+                intent.putExtra("com.android.settings.PROTECTED_APPS_USER_ID", r.userId);
+                msg.obj = intent;
+                mService.mHandler.sendMessage(msg);
+                return ActivityManager.START_NOT_CURRENT_USER_ACTIVITY;
+            }
+        } catch (RemoteException e) {
+            e.printStackTrace();
+        }
+
         final boolean launchSingleTop = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TOP;
         final boolean launchSingleInstance = r.launchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE;
         final boolean launchSingleTask = r.launchMode == ActivityInfo.LAUNCH_SINGLE_TASK;

services/core/java/com/android/server/pm/PackageManagerService.java

@@ -17265,10 +17265,12 @@ public void setComponentProtectedSetting(ComponentName componentName, boolean ne
     }
 
     @Override
-    public boolean isComponentProtected(String callingPackage,
+    public boolean isComponentProtected(String callingPackage, int callingUid,
             ComponentName componentName, int userId) {
         if (DEBUG_PROTECTED) Log.d(TAG, "Checking if component is protected "
-                + componentName.flattenToShortString() + " from calling package " + callingPackage);
+                + componentName.flattenToShortString() + " from calling package " + callingPackage
+                + " and callinguid " + callingUid);
+
         enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "set protected");
 
         //Allow managers full access
@@ -17289,8 +17291,24 @@ public boolean isComponentProtected(String callingPackage,
             return false;
         }
 
+        //If this component is launched from a validation component, allow it.
         if (TextUtils.equals(PROTECTED_APPS_TARGET_VALIDATION_COMPONENT,
-                componentName.flattenToString())) {
+                componentName.flattenToString()) && callingUid == Process.SYSTEM_UID) {
+            return false;
+        }
+
+        //If this component is launched from the system or a uid of a protected component, allow it.
+        boolean fromProtectedComponentUid = false;
+        for (String protectedComponentManager : protectedComponentManagers) {
+            if (callingUid == getPackageUid(protectedComponentManager, userId)) {
+                fromProtectedComponentUid = true;
+            }
+        }
+
+        if (callingPackage == null && (callingUid == Process.SYSTEM_UID
+                || fromProtectedComponentUid)) {
+            if (DEBUG_PROTECTED) Log.d(TAG, "Calling package is android and from system or " +
+                    "protected manager, allow");
             return false;
         }
 

test-runner/src/android/test/mock/MockPackageManager.java

@@ -904,7 +904,8 @@ public void setComponentProtectedSetting(ComponentName componentName, boolean ne
      * @hide
      */
     @Override
-    public boolean isComponentProtected(String callingPackage, ComponentName componentName) {
+    public boolean isComponentProtected(String callingPackage, int callingUid,
+            ComponentName componentName) {
         throw new UnsupportedOperationException();
     }