/* * Copyright (C) 2013 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.firewall; import android.app.AppGlobals; import android.content.ComponentName; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.IPackageManager; import android.content.pm.PackageManager; import android.os.Environment; import android.os.FileObserver; import android.os.Handler; import android.os.Looper; import android.os.Message; import android.os.RemoteException; import android.util.ArrayMap; import android.util.Slog; import android.util.Xml; import com.android.internal.util.ArrayUtils; import com.android.internal.util.XmlUtils; import com.android.server.EventLogTags; import com.android.server.IntentResolver; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; public class IntentFirewall { static final String TAG = "IntentFirewall"; // e.g. /data/system/ifw or /data/secure/system/ifw private static final File RULES_DIR = new File(Environment.getSystemSecureDirectory(), "ifw"); private static final int LOG_PACKAGES_MAX_LENGTH = 150; private static final int LOG_PACKAGES_SUFFICIENT_LENGTH = 125; private static final String TAG_RULES = "rules"; private static final String TAG_ACTIVITY = "activity"; private static final String TAG_SERVICE = "service"; private static final String TAG_BROADCAST = "broadcast"; private static final int TYPE_ACTIVITY = 0; private static final int TYPE_BROADCAST = 1; private static final int TYPE_SERVICE = 2; private static final HashMap factoryMap; private final AMSInterface mAms; private final RuleObserver mObserver; private FirewallIntentResolver mActivityResolver = new FirewallIntentResolver(); private FirewallIntentResolver mBroadcastResolver = new FirewallIntentResolver(); private FirewallIntentResolver mServiceResolver = new FirewallIntentResolver(); static { FilterFactory[] factories = new FilterFactory[] { AndFilter.FACTORY, OrFilter.FACTORY, NotFilter.FACTORY, StringFilter.ACTION, StringFilter.COMPONENT, StringFilter.COMPONENT_NAME, StringFilter.COMPONENT_PACKAGE, StringFilter.DATA, StringFilter.HOST, StringFilter.MIME_TYPE, StringFilter.SCHEME, StringFilter.PATH, StringFilter.SSP, CategoryFilter.FACTORY, SenderFilter.FACTORY, SenderPermissionFilter.FACTORY, PortFilter.FACTORY }; // load factor ~= .75 factoryMap = new HashMap(factories.length * 4 / 3); for (int i=0; i candidateRules; candidateRules = resolver.queryIntent(intent, resolvedType, false, 0); if (candidateRules == null) { candidateRules = new ArrayList(); } resolver.queryByComponent(resolvedComponent, candidateRules); // For the second pass, try to match the potentially more specific conditions in each // rule against the intent for (int i=0; i= LOG_PACKAGES_SUFFICIENT_LENGTH) { return sb.toString(); } } if (sb.length() == 0 && packages.length > 0) { String pkg = packages[0]; // truncating from the end - the last part of the package name is more likely to be // interesting/unique return pkg.substring(pkg.length() - LOG_PACKAGES_MAX_LENGTH + 1) + '-'; } return null; } public static File getRulesDir() { return RULES_DIR; } /** * Reads rules from all xml files (*.xml) in the given directory, and replaces our set of rules * with the newly read rules. * * We only check for files ending in ".xml", to allow for temporary files that are atomically * renamed to .xml * * All calls to this method from the file observer come through a handler and are inherently * serialized */ private void readRulesDir(File rulesDir) { FirewallIntentResolver[] resolvers = new FirewallIntentResolver[3]; for (int i=0; i> rulesByType = new ArrayList>(3); for (int i=0; i<3; i++) { rulesByType.add(new ArrayList()); } FileInputStream fis; try { fis = new FileInputStream(rulesFile); } catch (FileNotFoundException ex) { // Nope, no rules. Nothing else to do! return; } try { XmlPullParser parser = Xml.newPullParser(); parser.setInput(fis, null); XmlUtils.beginDocument(parser, TAG_RULES); int outerDepth = parser.getDepth(); while (XmlUtils.nextElementWithin(parser, outerDepth)) { int ruleType = -1; String tagName = parser.getName(); if (tagName.equals(TAG_ACTIVITY)) { ruleType = TYPE_ACTIVITY; } else if (tagName.equals(TAG_BROADCAST)) { ruleType = TYPE_BROADCAST; } else if (tagName.equals(TAG_SERVICE)) { ruleType = TYPE_SERVICE; } if (ruleType != -1) { Rule rule = new Rule(); List rules = rulesByType.get(ruleType); // if we get an error while parsing a particular rule, we'll just ignore // that rule and continue on with the next rule try { rule.readFromXml(parser); } catch (XmlPullParserException ex) { Slog.e(TAG, "Error reading an intent firewall rule from " + rulesFile, ex); continue; } rules.add(rule); } } } catch (XmlPullParserException ex) { // if there was an error outside of a specific rule, then there are probably // structural problems with the xml file, and we should completely ignore it Slog.e(TAG, "Error reading intent firewall rules from " + rulesFile, ex); return; } catch (IOException ex) { Slog.e(TAG, "Error reading intent firewall rules from " + rulesFile, ex); return; } finally { try { fis.close(); } catch (IOException ex) { Slog.e(TAG, "Error while closing " + rulesFile, ex); } } for (int ruleType=0; ruleType rules = rulesByType.get(ruleType); FirewallIntentResolver resolver = resolvers[ruleType]; for (int ruleIndex=0; ruleIndex mIntentFilters = new ArrayList(1); private final ArrayList mComponentFilters = new ArrayList(0); private boolean block; private boolean log; @Override public Rule readFromXml(XmlPullParser parser) throws IOException, XmlPullParserException { block = Boolean.parseBoolean(parser.getAttributeValue(null, ATTR_BLOCK)); log = Boolean.parseBoolean(parser.getAttributeValue(null, ATTR_LOG)); super.readFromXml(parser); return this; } @Override protected void readChild(XmlPullParser parser) throws IOException, XmlPullParserException { String currentTag = parser.getName(); if (currentTag.equals(TAG_INTENT_FILTER)) { FirewallIntentFilter intentFilter = new FirewallIntentFilter(this); intentFilter.readFromXml(parser); mIntentFilters.add(intentFilter); } else if (currentTag.equals(TAG_COMPONENT_FILTER)) { String componentStr = parser.getAttributeValue(null, ATTR_NAME); if (componentStr == null) { throw new XmlPullParserException("Component name must be specified.", parser, null); } ComponentName componentName = ComponentName.unflattenFromString(componentStr); if (componentName == null) { throw new XmlPullParserException("Invalid component name: " + componentStr); } mComponentFilters.add(componentName); } else { super.readChild(parser); } } public int getIntentFilterCount() { return mIntentFilters.size(); } public FirewallIntentFilter getIntentFilter(int index) { return mIntentFilters.get(index); } public int getComponentFilterCount() { return mComponentFilters.size(); } public ComponentName getComponentFilter(int index) { return mComponentFilters.get(index); } public boolean getBlock() { return block; } public boolean getLog() { return log; } } private static class FirewallIntentFilter extends IntentFilter { private final Rule rule; public FirewallIntentFilter(Rule rule) { this.rule = rule; } } private static class FirewallIntentResolver extends IntentResolver { @Override protected boolean allowFilterResult(FirewallIntentFilter filter, List dest) { return !dest.contains(filter.rule); } @Override protected boolean isPackageForFilter(String packageName, FirewallIntentFilter filter) { return true; } @Override protected FirewallIntentFilter[] newArray(int size) { return new FirewallIntentFilter[size]; } @Override protected Rule newResult(FirewallIntentFilter filter, int match, int userId) { return filter.rule; } @Override protected void sortResults(List results) { // there's no need to sort the results return; } public void queryByComponent(ComponentName componentName, List candidateRules) { Rule[] rules = mRulesByComponent.get(componentName); if (rules != null) { candidateRules.addAll(Arrays.asList(rules)); } } public void addComponentFilter(ComponentName componentName, Rule rule) { Rule[] rules = mRulesByComponent.get(componentName); rules = ArrayUtils.appendElement(Rule.class, rules, rule); mRulesByComponent.put(componentName, rules); } private final ArrayMap mRulesByComponent = new ArrayMap(0); } final FirewallHandler mHandler; private final class FirewallHandler extends Handler { public FirewallHandler(Looper looper) { super(looper, null, true); } @Override public void handleMessage(Message msg) { readRulesDir(getRulesDir()); } }; /** * Monitors for the creation/deletion/modification of any .xml files in the rule directory */ private class RuleObserver extends FileObserver { private static final int MONITORED_EVENTS = FileObserver.CREATE|FileObserver.MOVED_TO| FileObserver.CLOSE_WRITE|FileObserver.DELETE|FileObserver.MOVED_FROM; public RuleObserver(File monitoredDir) { super(monitoredDir.getAbsolutePath(), MONITORED_EVENTS); } @Override public void onEvent(int event, String path) { if (path.endsWith(".xml")) { // we wait 250ms before taking any action on an event, in order to dedup multiple // events. E.g. a delete event followed by a create event followed by a subsequent // write+close event mHandler.removeMessages(0); mHandler.sendEmptyMessageDelayed(0, 250); } } } /** * This interface contains the methods we need from ActivityManagerService. This allows AMS to * export these methods to us without making them public, and also makes it easier to test this * component. */ public interface AMSInterface { int checkComponentPermission(String permission, int pid, int uid, int owningUid, boolean exported); Object getAMSLock(); } /** * Checks if the caller has access to a component * * @param permission If present, the caller must have this permission * @param pid The pid of the caller * @param uid The uid of the caller * @param owningUid The uid of the application that owns the component * @param exported Whether the component is exported * @return True if the caller can access the described component */ boolean checkComponentPermission(String permission, int pid, int uid, int owningUid, boolean exported) { return mAms.checkComponentPermission(permission, pid, uid, owningUid, exported) == PackageManager.PERMISSION_GRANTED; } boolean signaturesMatch(int uid1, int uid2) { try { IPackageManager pm = AppGlobals.getPackageManager(); return pm.checkUidSignatures(uid1, uid2) == PackageManager.SIGNATURE_MATCH; } catch (RemoteException ex) { Slog.e(TAG, "Remote exception while checking signatures", ex); return false; } } }