Fix exploit where can hide the fact that a location was mocked am: a2…

…06a0f am: d417e54 am: 3380a77 am: 0a8978f am: 1684e5f am: d28eef0 am: 1f458fd am: d82f8a6 am: 1ac8aff am: 56098f8 am: 7cec76d

am: 2da05d0

Change-Id: I8c94a06f5fa722312436484609bafcb0585d6d18

services/java/com/android/server/LocationManagerService.java

@@ -57,6 +57,8 @@
 import android.os.UserHandle;
 import android.os.WorkSource;
 import android.provider.Settings;
+import android.text.TextUtils;
+import android.util.EventLog;
 import android.util.Log;
 import android.util.Slog;
 import com.android.internal.content.PackageMonitor;
@@ -2247,9 +2249,22 @@ public void setTestProviderLocation(String provider, Location loc) {
             if (mockProvider == null) {
                 throw new IllegalArgumentException("Provider \"" + provider + "\" unknown");
             }
+
+             // Ensure that the location is marked as being mock. There's some logic to do this in
+             // handleLocationChanged(), but it fails if loc has the wrong provider (bug 33091107).
+             Location mock = new Location(loc);
+             mock.setIsFromMockProvider(true);
+
+             if (!TextUtils.isEmpty(loc.getProvider()) && !provider.equals(loc.getProvider())) {
+                 // The location has an explicit provider that is different from the mock provider
+                 // name. The caller may be trying to fool us via bug 33091107.
+                 EventLog.writeEvent(0x534e4554, "33091107", Binder.getCallingUid(),
+                        provider + "!=" + loc.getProvider());
+             }
+
             // clear calling identity so INSTALL_LOCATION_PROVIDER permission is not required
             long identity = Binder.clearCallingIdentity();
-            mockProvider.setLocation(loc);
+            mockProvider.setLocation(mock);
             Binder.restoreCallingIdentity(identity);
         }
     }