diff options
author | Siyamed Sinir <siyamed@google.com> | 2017-09-06 15:15:44 -0700 |
---|---|---|
committer | mse1969 <mse1969@posteo.de> | 2018-02-11 17:34:19 +0100 |
commit | e1607fac2414539a76b754b124716e26549fbb09 (patch) | |
tree | 4e9d103f66804ca2ee8e58ae0657c8c84a42ec8b | |
parent | 96bd4eb1a8480da892d4a014060fc47f97ef2ff5 (diff) | |
download | frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.gz frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.tar.bz2 frameworks_base-e1607fac2414539a76b754b124716e26549fbb09.zip |
[Backport] Prevent getting data from Clipboard if device is locked
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Test: bit -t CtsContentTestCases:android.content.cts.ClipboardManagerTest
Bug: 64934810
CVE-2017-0846
Change-Id: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
-rw-r--r-- | services/core/java/com/android/server/clipboard/ClipboardService.java | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/services/core/java/com/android/server/clipboard/ClipboardService.java b/services/core/java/com/android/server/clipboard/ClipboardService.java index 1c2684642c5..96a66b34421 100644 --- a/services/core/java/com/android/server/clipboard/ClipboardService.java +++ b/services/core/java/com/android/server/clipboard/ClipboardService.java @@ -20,6 +20,8 @@ import android.app.ActivityManagerNative; import android.app.AppGlobals; import android.app.AppOpsManager; import android.app.IActivityManager; +import android.app.KeyguardManager; +import android.os.PowerManager; import android.content.BroadcastReceiver; import android.content.ClipData; import android.content.ClipDescription; @@ -246,8 +248,8 @@ public class ClipboardService extends IClipboard.Stub { public ClipData getPrimaryClip(String pkg) { synchronized (this) { - if (mAppOps.noteOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), - pkg) != AppOpsManager.MODE_ALLOWED) { + if ((mAppOps.noteOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), + pkg) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) { return null; } addActiveOwnerLocked(Binder.getCallingUid(), pkg); @@ -257,8 +259,8 @@ public class ClipboardService extends IClipboard.Stub { public ClipDescription getPrimaryClipDescription(String callingPackage) { synchronized (this) { - if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), - callingPackage) != AppOpsManager.MODE_ALLOWED) { + if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), + callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) { return null; } PerUserClipboard clipboard = getClipboard(); @@ -268,8 +270,8 @@ public class ClipboardService extends IClipboard.Stub { public boolean hasPrimaryClip(String callingPackage) { synchronized (this) { - if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), - callingPackage) != AppOpsManager.MODE_ALLOWED) { + if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), + callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) { return false; } return getClipboard().primaryClip != null; @@ -292,8 +294,8 @@ public class ClipboardService extends IClipboard.Stub { public boolean hasClipboardText(String callingPackage) { synchronized (this) { - if (mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), - callingPackage) != AppOpsManager.MODE_ALLOWED) { + if ((mAppOps.checkOp(AppOpsManager.OP_READ_CLIPBOARD, Binder.getCallingUid(), + callingPackage) != AppOpsManager.MODE_ALLOWED) || isDeviceLocked()) { return false; } PerUserClipboard clipboard = getClipboard(); @@ -305,6 +307,19 @@ public class ClipboardService extends IClipboard.Stub { } } + private boolean isDeviceLocked() { + boolean isLocked = false; + KeyguardManager keyguardManager = (KeyguardManager) mContext.getSystemService(Context.KEYGUARD_SERVICE); + boolean inKeyguardRestrictedInputMode = keyguardManager.inKeyguardRestrictedInputMode(); + if (inKeyguardRestrictedInputMode) { + isLocked = true; + } else { + PowerManager powerManager = (PowerManager)mContext.getSystemService(Context.POWER_SERVICE); + isLocked = !powerManager.isScreenOn(); + } + return isLocked; + } + private final void checkUriOwnerLocked(Uri uri, int uid) { if (!"content".equals(uri.getScheme())) { return; |