Gitiles
Code Review Sign In
gerrit.witaqua.org / frameworks_base / d81f8270bec71ec9a569c8308c42cacd7aba0d23^! / .
commitd81f8270bec71ec9a569c8308c42cacd7aba0d23[log] [tgz]
authorAmith Yamasani <yamasani@google.com>Thu Jul 23 17:15:45 2015 -0700
committerAmith Yamasani <yamasani@google.com>Thu Jul 23 17:59:41 2015 -0700
tree6c7deada0df81831aec43d9059669b906aae76d1
parentb3e407609f567884f9322e7b34461baa14e3f3ae [diff]
Require permission for internal broadcast

It was possible for other apps to request removal of the guest user
that was handled by an internal receiver in SystemUI.

Fix requires the broadcast sender to have an internal permission
so that only SystemUI can send that broadcast (PendingIntent).

Bug: 22671268
Change-Id: I63a8ced692e6d1cb2872b962ad247a827dbafbc6

diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index fea7f94..bd58366 100644
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml

@@ -125,6 +125,11 @@
     <!-- Assist -->
     <uses-permission android:name="android.permission.ACCESS_VOICE_INTERACTION_SERVICE" />
 
+    <!-- Self permission for internal broadcasts. -->
+    <permission android:name="com.android.systemui.permission.SELF"
+            android:protectionLevel="signature" />
+    <uses-permission android:name="com.android.systemui.permission.SELF" />
+
     <application
         android:name=".SystemUIApplication"
         android:persistent="true"

diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
index 6fabe9b..acf1415 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java

@@ -69,6 +69,10 @@
             "lockscreenSimpleUserSwitcher";
     private static final String ACTION_REMOVE_GUEST = "com.android.systemui.REMOVE_GUEST";
 
+    private static final int ID_REMOVE_GUEST = 1010;
+    private static final String TAG_REMOVE_GUEST = "remove_guest";
+    private static final String PERMISSION_SELF = "com.android.systemui.permission.SELF";
+
     private final Context mContext;
     private final UserManager mUserManager;
     private final ArrayList<WeakReference<BaseUserAdapter>> mAdapters = new ArrayList<>();
@@ -94,10 +98,13 @@
         filter.addAction(Intent.ACTION_USER_INFO_CHANGED);
         filter.addAction(Intent.ACTION_USER_SWITCHED);
         filter.addAction(Intent.ACTION_USER_STOPPING);
-        filter.addAction(ACTION_REMOVE_GUEST);
         mContext.registerReceiverAsUser(mReceiver, UserHandle.OWNER, filter,
                 null /* permission */, null /* scheduler */);
 
+        filter = new IntentFilter();
+        filter.addAction(ACTION_REMOVE_GUEST);
+        mContext.registerReceiverAsUser(mReceiver, UserHandle.OWNER, filter,
+                PERMISSION_SELF, null /* scheduler */);
 
         mContext.getContentResolver().registerContentObserver(
                 Settings.Global.getUriFor(SIMPLE_USER_SWITCHER_GLOBAL_SETTING), true,
@@ -366,8 +373,8 @@
                             mContext.getString(R.string.guest_notification_remove_action),
                             removeGuestPI)
                     .build();
-            NotificationManager.from(mContext).notifyAsUser(null, 0, notification,
-                    new UserHandle(guestUserId));
+            NotificationManager.from(mContext).notifyAsUser(TAG_REMOVE_GUEST, ID_REMOVE_GUEST,
+                    notification, new UserHandle(guestUserId));
         }
     };