Add caller check to com.android.credentials.RESET
* Only the Car Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: Ibf6a02a35beed08c769fda9b3044d2e7933186dd
(cherry picked from commit f366a7f52cee0a50c1f672158c4a70d007b61cae)
(cherry picked from commit 6a6489935d203715a755b21b374e1e3b3085aa3f)
Merged-In:Ibf6a02a35beed08c769fda9b3044d2e7933186dd
diff --git a/src/com/android/car/settings/security/CredentialStorageActivity.java b/src/com/android/car/settings/security/CredentialStorageActivity.java
index 265f7a3..072e703 100644
--- a/src/com/android/car/settings/security/CredentialStorageActivity.java
+++ b/src/com/android/car/settings/security/CredentialStorageActivity.java
@@ -84,7 +84,7 @@
Intent intent = getIntent();
String action = intent.getAction();
- if (ACTION_RESET.equals(action)) {
+ if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
showResetConfirmationDialog();
} else if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
Bundle installBundle = intent.getExtras();
@@ -127,6 +127,19 @@
}
/**
+ * Check that the caller is Settings.
+ */
+ private boolean checkCallerIsSelf() {
+ try {
+ return Process.myUid() == android.app.ActivityManager.getService()
+ .getLaunchedFromUid(getActivityToken());
+ } catch (RemoteException re) {
+ // Error talking to ActivityManager, just give up
+ return false;
+ }
+ }
+
+ /**
* Check that the caller is either CertInstaller or Settings running in a profile of this user.
*/
private boolean checkCallerIsCertInstallerOrSelfInProfile() {