return proceed(type, intent, Collections.<T>emptyList(), new WrappedValueProcedureThrows<List<T>, E>() { @Override public List<T> proceed() throws E { final List<T> candidates = procedure.proceed(); if (candidates != null && mOutboundJudge != null && (intent == null || getTargetPackage(intent) == null)) { // Package-targeted intent is already filtered by OutboundJudge in proceed(). final Iterator<T> iterator = candidates.iterator(); while (iterator.hasNext()) { final T candidate = iterator.next(); final String pkg = pkg_getter.apply(candidate); if (pkg != null && shouldBlockRequestTarget(type, intent, pkg)) // Dry-run is checked inside shouldBlockRequestTarget() iterator.remove(); // TODO: Not safe to assume the list returned from PackageManager is modifiable. } } return candidates; }}); }
@Override public boolean bindService(final Intent intent, final ServiceConnection conn, final int flags) { final boolean result = mCondom.proceed(OutboundType.BIND_SERVICE, intent, Boolean.FALSE, new CondomCore.WrappedValueProcedure<Boolean>() { @Override public Boolean proceed() { return mApplication.bindService(intent, conn, flags); }}); if (result) mCondom.logIfOutboundPass(TAG, intent, CondomCore.getTargetPackage(intent), CondomCore.CondomEvent.BIND_PASS); return result; }
@Override public boolean bindService(final Intent intent, final ServiceConnection conn, final int flags) { final boolean result = mCondom.proceed(OutboundType.BIND_SERVICE, intent, Boolean.FALSE, new CondomCore.WrappedValueProcedure<Boolean>() { @Override public Boolean proceed() { return CondomContext.super.bindService(intent, conn, flags); }}); if (result) mCondom.logIfOutboundPass(TAG, intent, CondomCore.getTargetPackage(intent), CondomCore.CondomEvent.BIND_PASS); return result; }
@CheckResult <R, T extends Throwable> R proceed(final OutboundType type, final @Nullable Intent intent, final @Nullable R negative_value, final WrappedValueProcedureThrows<R, T> procedure) throws T { final String target_pkg = intent != null ? getTargetPackage(intent) : null; if (target_pkg != null) { if (mBase.getPackageName().equals(target_pkg)) return procedure.proceed(); // Self-targeting request is allowed unconditionally if (shouldBlockRequestTarget(type, intent, target_pkg)) return negative_value; } final int original_flags = intent != null ? adjustIntentFlags(type, intent) : 0; try { return procedure.proceed(); } finally { if (intent != null) intent.setFlags(original_flags); } }
return (Integer) CondomProcessActivityManager.super.invoke(proxy, method, args); if (result > 0) mCondom.logIfOutboundPass(FULL_TAG, intent, CondomCore.getTargetPackage(intent), CondomCore.CondomEvent.BIND_PASS); return result; case "startService":
return proceed(type, intent, Collections.<ResolveInfo>emptyList(), new CondomCore.WrappedValueProcedureThrows<List<ResolveInfo>, T>() { @Override public List<ResolveInfo> proceed() throws T { final List<ResolveInfo> candidates = procedure.proceed(); if (mOutboundJudge != null && getTargetPackage(intent) == null) { // Package-targeted intent is already filtered by OutboundJudge in proceed(). final Iterator<ResolveInfo> iterator = candidates.iterator(); while (iterator.hasNext()) { final ResolveInfo candidate = iterator.next(); final String pkg = type == OutboundType.QUERY_SERVICES ? candidate.serviceInfo.packageName : (type == OutboundType.QUERY_RECEIVERS ? candidate.activityInfo.packageName : null); if (pkg != null && shouldBlockRequestTarget(type, intent, pkg)) // Dry-run is checked inside shouldBlockRequestTarget() iterator.remove(); // TODO: Not safe to assume the list returned from PackageManager is modifiable. } } return candidates; }}); }
@SuppressWarnings("TypeParameterHidesVisibleType") @CheckResult <R, T extends Throwable> R proceed(final OutboundType type, final Intent intent, final @Nullable R negative_value, final CondomCore.WrappedValueProcedureThrows<R, T> procedure) throws T { final String target_pkg = getTargetPackage(intent); if (target_pkg != null) { if (mBase.getPackageName().equals(target_pkg)) return procedure.proceed(); // Self-targeting request is allowed unconditionally if (shouldBlockRequestTarget(type, intent, target_pkg)) return negative_value; } final int original_flags = adjustIntentFlags(type, intent); try { return procedure.proceed(); } finally { intent.setFlags(original_flags); } }
@Override public boolean bindService(final Intent originalIntent, final ServiceConnection conn, final int flags) { final Intent intent = applyRedirect(originalIntent); final boolean result = mCondom.proceed(OutboundType.BIND_SERVICE, intent, Boolean.FALSE, new CondomCore.WrappedValueProcedure<Boolean>() { @Override public Boolean proceed() { return CondomContext.super.bindService(intent, conn, flags); }}); if (result) mCondom.logIfOutboundPass(TAG, intent, CondomCore.getTargetPackage(intent), CondomCore.CondomEvent.BIND_PASS); return result; }
private Object proceed(final Object proxy, final Method method, final Object[] args) throws Exception { final String method_name = method.getName(); final Intent intent; switch (method_name) { case "broadcastIntent": return mCondom.proceed(OutboundType.BROADCAST, (Intent) args[1], 0/* ActivityManager.BROADCAST_SUCCESS */, new CondomCore.WrappedValueProcedureThrows<Integer, Exception>() { @Override public Integer proceed() throws Exception { return (Integer) CondomProcessActivityManager.super.invoke(proxy, method, args); }}); case "bindService": intent = (Intent) args[2]; final Integer result = mCondom.proceed(OutboundType.BIND_SERVICE, intent, 0, new CondomCore.WrappedValueProcedureThrows<Integer, Exception>() { @Override public Integer proceed() throws Exception { return (Integer) CondomProcessActivityManager.super.invoke(proxy, method, args); }}); // Result: 0 - no match, >0 - succeed, <0 - SecurityException. if (result > 0) mCondom.logIfOutboundPass(FULL_TAG, intent, CondomCore.getTargetPackage(intent), CondomCore.CondomEvent.BIND_PASS); return result; case "startService": intent = (Intent) args[1]; final ComponentName component = mCondom.proceed(OutboundType.START_SERVICE, intent, null, new CondomCore.WrappedValueProcedureThrows<ComponentName, Exception>() { @Override public ComponentName proceed() throws Exception { return (ComponentName) CondomProcessActivityManager.super.invoke(proxy, method, args); }}); if (component != null) mCondom.logIfOutboundPass(FULL_TAG, intent, component.getPackageName(), CondomCore.CondomEvent.START_PASS); return component; case "getContentProvider": final String name = (String) args[1]; if (! mCondom.shouldAllowProvider(mCondom.mBase, name, PackageManager.GET_UNINSTALLED_PACKAGES)) return null; // Actually blocked by IPackageManager.resolveContentProvider() which is called in shouldAllowProvider() above. break; } return super.invoke(proxy, method, args); }