[Backport] Prevent getting data from Clipboard if device is locked

Clipboard should not return data if the device is locked. This CL checks for device locked state before returning values from get/has functions. Test: bit -t CtsContentTestCases:android.content.cts.ClipboardManagerTest Bug: 64934810 CVE-2017-0846 Change-Id: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
author: Siyamed Sinir <siyamed@google.com> 2017-09-06 15:15:44 -0700
committer: mse1969 <mse1969@posteo.de> 2018-02-11 17:34:19 +0100
commit: e1607fac2414539a76b754b124716e26549fbb09 (patch)
tree: 4e9d103f66804ca2ee8e58ae0657c8c84a42ec8b
parent: 96bd4eb1a8480da892d4a014060fc47f97ef2ff5 (diff)
download: frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.gz
frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.bz2
frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.zip
1 files changed, 23 insertions, 8 deletions
diff --git a/services/core/java/com/android/server/clipboard/ClipboardService.java b/services/core/java/com/android/server/clipboard/ClipboardService.java
index 1c2684642c5..96a66b34421 100644
--- a/services/core/java/com/android/server/clipboard/ClipboardService.java
+++ b/services/core/java/com/android/server/clipboard/ClipboardService.java
@@ -20,6 +20,8 @@ import android.app.ActivityManagerNative;
 import android.app.AppGlobals;
 import android.app.AppOpsManager;
 import android.app.IActivityManager;
+import android.app.KeyguardManager;
+import android.os.PowerManager;
 import android.content.BroadcastReceiver;
 import android.content.ClipData;
 import android.content.ClipDescription;
@@ -246,8 +248,8 @@ public class ClipboardService extends IClipboard.Stub {
     
     public ClipData getPrimaryClip(String pkg) {
         synchronized (this) {
-            if (mAppOps.noteOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
-                    pkg) != AppOpsManager.MODE_ALLOWED) {
+            if ((mAppOps.noteOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
+                    pkg) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) {
                 return null;
             }
             addActiveOwnerLocked(Binder.getCallingUid(), pkg);
@@ -257,8 +259,8 @@ public class ClipboardService extends IClipboard.Stub {
 
     public ClipDescription getPrimaryClipDescription(String callingPackage) {
         synchronized (this) {
-            if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
-                    callingPackage) != AppOpsManager.MODE_ALLOWED) {
+            if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
+                    callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) {
                 return null;
             }
             PerUserClipboard clipboard = getClipboard();
@@ -268,8 +270,8 @@ public class ClipboardService extends IClipboard.Stub {
 
     public boolean hasPrimaryClip(String callingPackage) {
         synchronized (this) {
-            if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
-                    callingPackage) != AppOpsManager.MODE_ALLOWED) {
+            if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
+                    callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) {
                 return false;
             }
             return getClipboard().primaryClip != null;
@@ -292,8 +294,8 @@ public class ClipboardService extends IClipboard.Stub {
 
     public boolean hasClipboardText(String callingPackage) {
         synchronized (this) {
-            if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
-                    callingPackage) != AppOpsManager.MODE_ALLOWED) {
+            if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(),
+                    callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) {
                 return false;
             }
             PerUserClipboard clipboard = getClipboard();
@@ -305,6 +307,19 @@ public class ClipboardService extends IClipboard.Stub {
         }
     }
 
+    private boolean isDeviceLocked() {
+        boolean isLocked = false;
+        KeyguardManager keyguardManager = (KeyguardManager) mContext.getSystemService(Context.KEYGUARD_SERVICE);
+        boolean inKeyguardRestrictedInputMode = keyguardManager.inKeyguardRestrictedInputMode();
+        if (inKeyguardRestrictedInputMode) {
+            isLocked = true;
+        } else {
+            PowerManager powerManager = (PowerManager)mContext.getSystemService(Context.POWER_SERVICE);
+            isLocked = !powerManager.isScreenOn();
+        }
+        return isLocked;
+    }
+
     private final void checkUriOwnerLocked(Uri uri, int uid) {
         if (!"content".equals(uri.getScheme())) {
             return;
author	Siyamed Sinir <siyamed@google.com>	2017-09-06 15:15:44 -0700
committer	mse1969 <mse1969@posteo.de>	2018-02-11 17:34:19 +0100
commit	e1607fac2414539a76b754b124716e26549fbb09 (patch)
tree	4e9d103f66804ca2ee8e58ae0657c8c84a42ec8b
parent	96bd4eb1a8480da892d4a014060fc47f97ef2ff5 (diff)
download	frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.gz frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.bz2 frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.zip