Denied policy fix

recluze · Mar 14, 2013 · 4c25934 · 4c25934
1 parent 4b163ec
commit 4c25934
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 15 deletions.
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java
@@ -16,7 +16,7 @@
 
 package com.android.server;
 
-import org.csrdu.apex.AccessManager; 
+import org.csrdu.apex.AccessManager;
 
 import com.android.internal.app.IMediaContainerService;
 import com.android.internal.app.ResolverActivity;
@@ -403,10 +403,9 @@ class PostInstallData {
     final SparseArray<PostInstallData> mRunningInstalls = new SparseArray<PostInstallData>();
     int mNextInstallToken = 1;  // nonzero; will be wrapped back to 1 when ++ overflows
 
-
-    // set a global AccessManager instance 
-    AccessManager acman = new AccessManager(); 
-
+    // set a global AccessManager instance
+    AccessManager acman = new AccessManager();
+
     class PackageHandler extends Handler {
         private boolean mBound = false;
         final ArrayList<HandlerParams> mPendingInstalls =
@@ -1693,24 +1692,40 @@ public int checkPermission(String permName, String pkgName) {
     }
 
     public int checkUidPermission(String permName, int uid) {
-    	// RECLY 
-    	Log.d("ACCESSMANAGER", "Check permission: " + permName + " for : " + String.valueOf(uid));
-
+        String pName = getNameForUid(uid);
+        Log.d("APEX:AccessManager", "Check permission: " + permName + " for : " + pName + "/" + String.valueOf(uid));
         synchronized (mPackages) {
             Object obj = mSettings.getUserIdLP(uid);
             if (obj != null) {
                 GrantedPermissions gp = (GrantedPermissions)obj;
                 if (gp.grantedPermissions.contains(permName)) {
-		    // recly -- Apex checks
-                    return PackageManager.PERMISSION_GRANTED;
+                    // it's a regular package. Lookup the name: and check extended Apex permmission
+                    boolean retval= acman.checkExtendedPermissionByPackage(permName, pName);
+
+                    if (retval) {
+                        Log.d("APEX:AccessManager", "Returning GRANTED from checkUidPermission 1");
+                        return PackageManager.PERMISSION_GRANTED;
+                    }
+                    else {
+                    	Log.d("APEX:AccessManager", "Returning DENIED from checkUidPermission 1");
+                    	throw new SecurityException("APEX:AccessManager SECURITYEXCEPTION");
+                    	// return PackageManager.PERMISSION_DENIED; 
+                    }
+                    // return PackageManager.PERMISSION_GRANTED;
                 }
             } else {
                 HashSet<String> perms = mSystemPermissions.get(uid);
                 if (perms != null && perms.contains(permName)) {
-			// it's a regular package. Lookup the name: and check extended Apex permmission
-                	String pName = ps.name; 
-                	acman.checkExtendedPermissionByPackage(permName, pName);
-                    return PackageManager.PERMISSION_GRANTED;
+                    // it's a regular package. Lookup the name: and check extended Apex permmission
+                    boolean retval= acman.checkExtendedPermissionByPackage(permName, pName);
+                    if (retval) {
+                        Log.d("APEX:AccessManager", "Returning GRANTED from checkUidPermission 2");
+                        return PackageManager.PERMISSION_GRANTED;
+                    }
+                    else {
+                        Log.d("APEX:AccessManager", "Returning DENIED from checkUidPermission 2");
+                        return PackageManager.PERMISSION_DENIED;
+                    }
                 }
             }
         }

diff --git a/services/java/org/csrdu/apex/AccessManager.java b/services/java/org/csrdu/apex/AccessManager.java
@@ -20,7 +20,8 @@
 
 public class AccessManager {
 	private String TAG = "APEX:AccessManager";
-	private String permDirectory = "/system/etc/apex/perms/";
+	// private String permDirectory = "/system/etc/apex/perms/";
+	private String permDirectory = "/sdcard/apex-";
 
 	private HashMap<String, ApexPackagePolicy> packagePolicies = new HashMap<String, ApexPackagePolicy>();
 	private AttributeManager attributeManager;
@@ -74,6 +75,7 @@ public boolean checkExtendedPermissionByPackage(String permName, String packageN
 		try {
 			Log.d(TAG, "Evaluating policy for: " + packageName);
 			evaluationResult = app.evaluatePolicies(attributeManager, permName);
+			Log.d(TAG, "Got final result for policy evaluation: " + evaluationResult);
 		} catch (Exception e) {
 			Log.d(TAG, "Unexpected error while evaluating policies for: " + packageName);
 			Log.d(TAG, "Grudgingly allowing access...");

diff --git a/services/java/org/csrdu/apex/AttributeManager.java b/services/java/org/csrdu/apex/AttributeManager.java
@@ -62,6 +62,23 @@ public Object lookupApplicationAttribute(String packageName, String attributeNam
 		}
 
 	}
+
+	public Boolean updateApplicationAttribute(String packageName, String attributeName, Object attributeValue) {
+		Log.d(TAG, "Attempting to updating attribute ["+attributeName+"] with value ["+attributeValue.toString()+"] for package "+ packageName );
+		Log.d(TAG, "Checking if application attributes are present in cache.");
+		if (!applicationAttributes.containsKey(packageName)) {
+			Log.d(TAG, "Package attributes not found in cache. Reading attributes from file.");
+			readPackageAttributes(packageName);	
+		}
+
+		Map<String, Object> attribs = applicationAttributes.get(packageName);
+		attribs.put(attributeName, attributeValue);
+		Log.d(TAG, "Attribute successfully updated in cache.");
+
+		// Now dump the cache in file 
+		writePackageAttributes(packageName);
+		return true; 
+	}
 
 	private void readPackageAttributes(String packageName){
 		HashMap<String, Object> packageAttributes = new HashMap<String, Object>();
@@ -95,6 +112,11 @@ private void readPackageAttributes(String packageName){
 		}
 	}
 
+	private static boolean writePackageAttributes(String packageName){
+		// TODO: Write the cached attributes to file (one attrib=val per line) 
+		return true; 
+	}
+
 	public static AttributeManager getSingletonInstance() {
 		if (_singletonInstance == null) {
 			Log.d(TAG, "Creating new singleton instance of AttributeManager.");

diff --git a/services/java/org/csrdu/apex/policy/ApexPolicy.java b/services/java/org/csrdu/apex/policy/ApexPolicy.java
@@ -103,9 +103,13 @@ public boolean evaluatePolicy(AttributeManager attributeManager, String packageN
 		Log.d(TAG, "Running updates for policy: " + this.name);
 		// updates are ALWAYS run. So, keeping them separate here...
 
+		Log.d(TAG, "Got policy result:" + String.valueOf(evaluationResult));
+		Log.d(TAG, "Policy effect is:" + String.valueOf(effect));
 		if (effect == PolicyEffect.PERMIT) {
+			Log.d(TAG, "Final evaluation result with permit is:" + String.valueOf(evaluationResult));
 			return evaluationResult;
 		} else if (effect == PolicyEffect.DENY) {
+			Log.d(TAG, "Final evaluation result with deny is:" + String.valueOf(!evaluationResult));
 			return !evaluationResult;
 		} else {
 			Log.d(TAG, "Found unexpected Policy Effect. Returning false.");