Merge "Add caller check to com.android.credentials.RESET" into qt-dev am: 50b65a168a am: 1ef5f42b54 am: f43f129dc0

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/16577205 Change-Id: I7080ca5b236b6dd34cfe66789ef1a141d3b735cb
2022-01-13 19:35:50 +00:00
parent 9624c50ac3 f43f129dc0
commit d902f8c7d6
1 changed files with 14 additions and 1 deletions
--- a/src/com/android/settings/security/CredentialStorage.java
+++ b/src/com/android/settings/security/CredentialStorage.java
@@ -87,7 +87,7 @@ public final class CredentialStorage extends FragmentActivity {
        final String action = intent.getAction();
        final UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
        if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
-            if (ACTION_RESET.equals(action)) {
+            if (ACTION_RESET.equals(action) && checkCallerIsSelf()) {
                new ResetDialog();
            } else {
                if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
@@ -319,6 +319,19 @@ public final class CredentialStorage extends FragmentActivity {
        finish();
    }

+    /**
+     * Check that the caller is Settings.
+     */
+    private boolean checkCallerIsSelf() {
+        try {
+            return Process.myUid() == android.app.ActivityManager.getService()
+                    .getLaunchedFromUid(getActivityToken());
+        } catch (RemoteException re) {
+            // Error talking to ActivityManager, just give up
+            return false;
+        }
+    }
+
    /**
     * Check that the caller is either certinstaller or Settings running in a profile of this user.
     */