Update design to fix non-protected broadcast from system issue

ActivityManager checks if there is any non-protected broadcast sent from the system to prevent malwares sending the fake intent. This could be fixed with declaring it as a protected broadcast which is the current implementation. However, the uid in the AndroidManifest for tethering is networkstack uid. Though system only check whether the intent is defined as protected broadcast or not regardless of where the protected intent is defined, it is confusing to define the protected intent in tethering AndroidManifest. Thus, update to alternative way to fulfill the protection in ActivityManager to declare the required permission in the broadcast filter and specify the expected package name of the intent. Bug: 269383522 Bug: 259000745 Test: atest FrameworksNetTests Test: manually check no am_wtf log complains sending non-protected broadcast from system Change-Id: I04986aed4fb92f85adcbac8a61665f3f465e2eab
2023-02-17 02:48:47 +00:00
parent b5ebe944b5
commit 378fd10aa7
2 changed files with 4 additions and 2 deletions
--- a/Tethering/AndroidManifest.xml
+++ b/Tethering/AndroidManifest.xml
@@ -45,7 +45,6 @@

    <!-- Sending non-protected broadcast from system uid is not allowed. -->
    <protected-broadcast android:name="com.android.server.connectivity.tethering.DISABLE_TETHERING" />
-    <protected-broadcast android:name="com.android.server.connectivity.KeepaliveTracker.TCP_POLLING_ALARM" />

    <application
        android:process="com.android.networkstack.process"
--- a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
@@ -16,6 +16,8 @@

 package com.android.server.connectivity;

+import static android.Manifest.permission.NETWORK_STACK;
+import static android.content.Context.RECEIVER_NOT_EXPORTED;
 import static android.net.NetworkAgent.CMD_START_SOCKET_KEEPALIVE;
 import static android.net.SocketKeepalive.ERROR_INVALID_SOCKET;
 import static android.net.SocketKeepalive.SUCCESS_PAUSED;
@@ -235,6 +237,7 @@ public class AutomaticOnOffKeepaliveTracker {
        private PendingIntent createTcpPollingAlarmIntent(@NonNull Context context,
                @NonNull IBinder token) {
            final Intent intent = new Intent(ACTION_TCP_POLLING_ALARM);
+            intent.setPackage(context.getPackageName());
            // Intent doesn't expose methods to put extra Binders, but Bundle does.
            final Bundle b = new Bundle();
            b.putBinder(EXTRA_BINDER_TOKEN, token);
@@ -272,7 +275,7 @@ public class AutomaticOnOffKeepaliveTracker {

        if (SdkLevel.isAtLeastU()) {
            mContext.registerReceiver(mReceiver, new IntentFilter(ACTION_TCP_POLLING_ALARM),
-                    null, handler);
+                    NETWORK_STACK, handler, RECEIVER_NOT_EXPORTED);
        }
        mAlarmManager = mContext.getSystemService(AlarmManager.class);
    }