ActivityManagerService Permission Calling WiFiManage Methods

148 views
Skip to first unread message

Oyin Oluwatimi

unread,
Nov 30, 2012, 12:12:02 PM11/30/12
to android-...@googlegroups.com
Hi! 

I am having a permission issue in the ActivityManagerService.java class. I created a more or less a utility class MyUtils.java for example.  I have a static method checkWifi().  In this method, I instantiated a wifi manager object and called the iswifienabled() method. I inserted checkWifi() in AMS's startActivity() method, and now it I cannot launch any application in the emulator.  It throws a security exception stating that neither you or the process have sufficient privilege.  Can anyone be of help?! I have a deadline and this is the last step in test my custom ROM. 

Thanks in advance!
Below is the logcat dump

E/Launcher(  318): Launcher does not have the permission to launch Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.contacts/.activities.PeopleActivity bnds=[96,706][192,802] }. Make sure to create a MAIN intent-filter for the corresponding activity or use the exported attribute for this activity. tag=ShortcutInfo(title=Peopleintent=Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.contacts/.activities.PeopleActivity bnds=[96,706][192,802] }id=10 type=0 container=-101 screen=1 cellX=1 cellY=0 spanX=1 spanY=1 isGesture=false dropPos=null) intent=Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.contacts/.activities.PeopleActivity bnds=[96,706][192,802] }
E/Launcher(  318): java.lang.SecurityException: WifiService: Neither user 10009 nor current process has android.permission.ACCESS_WIFI_STATE.
E/Launcher(  318): at android.os.Parcel.readException(Parcel.java:1425)
E/Launcher(  318): at android.os.Parcel.readException(Parcel.java:1379)
E/Launcher(  318): at android.app.ActivityManagerProxy.startActivity(ActivityManagerNative.java:1761)
E/Launcher(  318): at android.app.Instrumentation.execStartActivity(Instrumentation.java:1411)
E/Launcher(  318): at android.app.Activity.startActivityForResult(Activity.java:3351)
E/Launcher(  318): at android.app.Activity.startActivity(Activity.java:3521)
E/Launcher(  318): at com.android.launcher2.Launcher.startActivity(Launcher.java:1951)
E/Launcher(  318): at com.android.launcher2.Launcher.startActivitySafely(Launcher.java:1969)
E/Launcher(  318): at com.android.launcher2.Launcher.onClick(Launcher.java:1827)
E/Launcher(  318): at android.view.View.performClick(View.java:4084)
E/Launcher(  318): at android.view.View$PerformClick.run(View.java:16966)
E/Launcher(  318): at android.os.Handler.handleCallback(Handler.java:615)
E/Launcher(  318): at android.os.Handler.dispatchMessage(Handler.java:92)
E/Launcher(  318): at android.os.Looper.loop(Looper.java:137)
E/Launcher(  318): at android.app.ActivityThread.main(ActivityThread.java:4745)
E/Launcher(  318): at java.lang.reflect.Method.invokeNative(Native Method)
E/Launcher(  318): at java.lang.reflect.Method.invoke(Method.java:511)
E/Launcher(  318): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
E/Launcher(  318): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
E/Launcher(  318): at dalvik.system.NativeStart.main(Native Method)

Christopher Tate

unread,
Nov 30, 2012, 3:54:34 PM11/30/12
to android-...@googlegroups.com
(Why would the Activity Manager need to know the state of wifi?  That suggests a major leakage of product implementation details across irrelevant functional areas in your custom product.)

Assuming you're intending to look at the state of wifi for the Activity Manager's own purposes, not on behalf of the calling application, the problem here is that you haven't cleared the Binder calling identity around your call into the Wifi Manager, so when it checks permissions it looks at the calling application's identity rather than the system's.

This is worrisome, though; with this kind of thing it's easy to accidentally open a security hole through which apps can get unpermissioned access to information that the should need to declare a permission for.  In this case, you might wind up providing a backchannel for "secret" access to wifi state.  I'd encourage you to think very carefully about whether this is actually an appropriate design to pursue.

--
christopher tate
android framework engineer


--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To view this discussion on the web visit https://groups.google.com/d/msg/android-platform/-/jfOzbZZarXsJ.
To post to this group, send email to android-...@googlegroups.com.
To unsubscribe from this group, send email to android-platfo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-platform?hl=en.

Oyin Oluwatimi

unread,
Nov 30, 2012, 5:06:59 PM11/30/12
to android-...@googlegroups.com, ct...@google.com
Thank you for your response.  I had thought this might open some vulnerabilities, but I wanted to consider that after demonstrating a proof of concept.  If I may ask, how would I would like your suggestion on my objective.  I want to prevent an application from opening if a specific service is enabled.  This service could be bluetooth, wifi, network, etc.  Where would you suggest in the framework to modify in order to prevent a user from opening an application? So it is not necessarily on behalf of an application, but restricting application access under certain conditions?  I really appreciate your explanation.

Oyin
Reply all
Reply to author
Forward
0 new messages