Skip to content

Commit 1321616

Browse files
jdd510BayerischeMotorenWerke
jdd510
authored and
BayerischeMotorenWerke
committed
Restrict AdbManager broadcasts to apps with MANAGE_DEBUGGING permission.
Bug: 205836329 Test: atest AdbDebuggingManagerTest Change-Id: If18a874c6d6232d9131f2cc3de3614ef67a58bbd (cherry picked from commit b139e99) (cherry picked from commit 398b752) Merged-In:If18a874c6d6232d9131f2cc3de3614ef67a58bbd
1 parent d972ca6 commit 1321616

4 files changed

Lines changed: 129 additions & 7 deletions

File tree

core/java/android/debug/AdbManager.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ public class AdbManager {
3838
*
3939
* @hide
4040
*/
41+
@RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING)
4142
public static final String WIRELESS_DEBUG_STATE_CHANGED_ACTION =
4243
"com.android.server.adb.WIRELESS_DEBUG_STATUS";
4344

@@ -46,6 +47,7 @@ public class AdbManager {
4647
*
4748
* @hide
4849
*/
50+
@RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING)
4951
public static final String WIRELESS_DEBUG_PAIRED_DEVICES_ACTION =
5052
"com.android.server.adb.WIRELESS_DEBUG_PAIRED_DEVICES";
5153

@@ -59,6 +61,7 @@ public class AdbManager {
5961
*
6062
* @hide
6163
*/
64+
@RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING)
6265
public static final String WIRELESS_DEBUG_PAIRING_RESULT_ACTION =
6366
"com.android.server.adb.WIRELESS_DEBUG_PAIRING_RESULT";
6467

services/core/java/com/android/server/adb/AdbDebuggingManager.java

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
import static com.android.internal.util.dump.DumpUtils.writeStringIfNotNull;
2020

21+
import android.annotation.NonNull;
2122
import android.annotation.TestApi;
2223
import android.app.ActivityManager;
2324
import android.app.Notification;
@@ -171,6 +172,12 @@ protected AdbDebuggingManager(Context context, String confirmComponent, File tes
171172
mAdbConnectionInfo = new AdbConnectionInfo();
172173
}
173174

175+
static void sendBroadcastWithDebugPermission(@NonNull Context context, @NonNull Intent intent,
176+
@NonNull UserHandle userHandle) {
177+
context.sendBroadcastAsUser(intent, userHandle,
178+
android.Manifest.permission.MANAGE_DEBUGGING);
179+
}
180+
174181
class PairingThread extends Thread implements NsdManager.RegistrationListener {
175182
private NsdManager mNsdManager;
176183
private String mPublicKey;
@@ -1279,7 +1286,7 @@ private void sendServerConnectionState(boolean connected, int port) {
12791286
? AdbManager.WIRELESS_STATUS_CONNECTED
12801287
: AdbManager.WIRELESS_STATUS_DISCONNECTED);
12811288
intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port);
1282-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1289+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL);
12831290
}
12841291

12851292
private void onAdbdWifiServerConnected(int port) {
@@ -1351,7 +1358,8 @@ private void onPairingResult(String publicKey) {
13511358
if (publicKey == null) {
13521359
Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION);
13531360
intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA, AdbManager.WIRELESS_STATUS_FAIL);
1354-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1361+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent,
1362+
UserHandle.ALL);
13551363
} else {
13561364
Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION);
13571365
intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA,
@@ -1364,7 +1372,8 @@ private void onPairingResult(String publicKey) {
13641372
}
13651373
PairDevice device = new PairDevice(fingerprints, hostname, false);
13661374
intent.putExtra(AdbManager.WIRELESS_PAIR_DEVICE_EXTRA, device);
1367-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1375+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent,
1376+
UserHandle.ALL);
13681377
// Add the key into the keystore
13691378
mAdbKeyStore.setLastConnectionTime(publicKey,
13701379
System.currentTimeMillis());
@@ -1378,14 +1387,14 @@ private void sendPairingPortToUI(int port) {
13781387
intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA,
13791388
AdbManager.WIRELESS_STATUS_CONNECTED);
13801389
intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port);
1381-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1390+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL);
13821391
}
13831392

13841393
private void sendPairedDevicesToUI(Map<String, PairDevice> devices) {
13851394
Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION);
13861395
// Map is not serializable, so need to downcast
13871396
intent.putExtra(AdbManager.WIRELESS_DEVICES_EXTRA, (HashMap) devices);
1388-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1397+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL);
13891398
}
13901399

13911400
private void updateUIPairCode(String code) {
@@ -1395,7 +1404,7 @@ private void updateUIPairCode(String code) {
13951404
intent.putExtra(AdbManager.WIRELESS_PAIRING_CODE_EXTRA, code);
13961405
intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA,
13971406
AdbManager.WIRELESS_STATUS_PAIRING_CODE);
1398-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
1407+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL);
13991408
}
14001409
}
14011410

services/core/java/com/android/server/adb/AdbService.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -431,7 +431,7 @@ private void broadcastPortInfo(int port) {
431431
? AdbManager.WIRELESS_STATUS_CONNECTED
432432
: AdbManager.WIRELESS_STATUS_DISCONNECTED);
433433
intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port);
434-
mContext.sendBroadcastAsUser(intent, UserHandle.ALL);
434+
AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL);
435435
Slog.i(TAG, "sent port broadcast port=" + port);
436436
}
437437

services/tests/servicestests/src/com/android/server/adb/AdbDebuggingManagerTest.java

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,14 @@
2323
import static org.junit.Assert.assertTrue;
2424
import static org.junit.Assert.fail;
2525

26+
import android.content.BroadcastReceiver;
2627
import android.content.Context;
28+
import android.content.Intent;
29+
import android.content.IntentFilter;
30+
import android.content.pm.PackageManager;
31+
import android.debug.AdbManager;
32+
import android.debug.IAdbManager;
33+
import android.os.ServiceManager;
2734
import android.provider.Settings;
2835
import android.util.Log;
2936

@@ -105,6 +112,7 @@ public void setUp() throws Exception {
105112
public void tearDown() throws Exception {
106113
mKeyStore.deleteKeyStore();
107114
setAllowedConnectionTime(mOriginalAllowedConnectionTime);
115+
dropShellPermissionIdentity();
108116
}
109117

110118
/**
@@ -813,6 +821,108 @@ private boolean isValidMdnsServiceName(String name) {
813821
return hasAtLeastOneLetter;
814822
}
815823

824+
CountDownLatch mAdbActionLatch = new CountDownLatch(1);
825+
private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
826+
@Override
827+
public void onReceive(Context context, Intent intent) {
828+
String action = intent.getAction();
829+
Log.i(TAG, "Received intent action=" + action);
830+
if (AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION.equals(action)) {
831+
assertEquals("Received broadcast without MANAGE_DEBUGGING permission.",
832+
context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING),
833+
PackageManager.PERMISSION_GRANTED);
834+
Log.i(TAG, "action=" + action + " paired_device=" + intent.getSerializableExtra(
835+
AdbManager.WIRELESS_DEVICES_EXTRA).toString());
836+
mAdbActionLatch.countDown();
837+
} else if (AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION.equals(action)) {
838+
assertEquals("Received broadcast without MANAGE_DEBUGGING permission.",
839+
context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING),
840+
PackageManager.PERMISSION_GRANTED);
841+
int status = intent.getIntExtra(AdbManager.WIRELESS_STATUS_EXTRA,
842+
AdbManager.WIRELESS_STATUS_DISCONNECTED);
843+
Log.i(TAG, "action=" + action + " status=" + status);
844+
mAdbActionLatch.countDown();
845+
} else if (AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION.equals(action)) {
846+
assertEquals("Received broadcast without MANAGE_DEBUGGING permission.",
847+
context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING),
848+
PackageManager.PERMISSION_GRANTED);
849+
Integer res = intent.getIntExtra(
850+
AdbManager.WIRELESS_STATUS_EXTRA,
851+
AdbManager.WIRELESS_STATUS_FAIL);
852+
Log.i(TAG, "action=" + action + " result=" + res);
853+
854+
if (res.equals(AdbManager.WIRELESS_STATUS_PAIRING_CODE)) {
855+
String pairingCode = intent.getStringExtra(
856+
AdbManager.WIRELESS_PAIRING_CODE_EXTRA);
857+
Log.i(TAG, "pairingCode=" + pairingCode);
858+
} else if (res.equals(AdbManager.WIRELESS_STATUS_CONNECTED)) {
859+
int port = intent.getIntExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, 0);
860+
Log.i(TAG, "port=" + port);
861+
}
862+
mAdbActionLatch.countDown();
863+
}
864+
}
865+
};
866+
867+
private void adoptShellPermissionIdentity() {
868+
InstrumentationRegistry.getInstrumentation().getUiAutomation()
869+
.adoptShellPermissionIdentity(android.Manifest.permission.MANAGE_DEBUGGING);
870+
}
871+
872+
private void dropShellPermissionIdentity() {
873+
InstrumentationRegistry.getInstrumentation().getUiAutomation()
874+
.dropShellPermissionIdentity();
875+
}
876+
877+
@Test
878+
public void testBroadcastReceiverWithPermissions() throws Exception {
879+
adoptShellPermissionIdentity();
880+
final IAdbManager mAdbManager = IAdbManager.Stub.asInterface(
881+
ServiceManager.getService(Context.ADB_SERVICE));
882+
IntentFilter intentFilter =
883+
new IntentFilter(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION);
884+
intentFilter.addAction(AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION);
885+
intentFilter.addAction(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION);
886+
assertEquals("Context does not have MANAGE_DEBUGGING permission.",
887+
mContext.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING),
888+
PackageManager.PERMISSION_GRANTED);
889+
try {
890+
mContext.registerReceiver(mReceiver, intentFilter);
891+
mAdbManager.enablePairingByPairingCode();
892+
if (!mAdbActionLatch.await(TIMEOUT, TIMEOUT_TIME_UNIT)) {
893+
fail("Receiver did not receive adb intent action within the timeout duration");
894+
}
895+
} finally {
896+
mContext.unregisterReceiver(mReceiver);
897+
}
898+
}
899+
900+
@Test
901+
public void testBroadcastReceiverWithoutPermissions() throws Exception {
902+
adoptShellPermissionIdentity();
903+
final IAdbManager mAdbManager = IAdbManager.Stub.asInterface(
904+
ServiceManager.getService(Context.ADB_SERVICE));
905+
IntentFilter intentFilter =
906+
new IntentFilter(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION);
907+
intentFilter.addAction(AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION);
908+
intentFilter.addAction(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION);
909+
mAdbManager.enablePairingByPairingCode();
910+
911+
dropShellPermissionIdentity();
912+
assertEquals("Context has MANAGE_DEBUGGING permission.",
913+
mContext.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING),
914+
PackageManager.PERMISSION_DENIED);
915+
try {
916+
mContext.registerReceiver(mReceiver, intentFilter);
917+
918+
if (mAdbActionLatch.await(TIMEOUT, TIMEOUT_TIME_UNIT)) {
919+
fail("Broadcast receiver received adb action intent without debug permissions");
920+
}
921+
} finally {
922+
mContext.unregisterReceiver(mReceiver);
923+
}
924+
}
925+
816926
/**
817927
* Runs an adb test with the provided configuration.
818928
*

0 commit comments

Comments
 (0)