fix: Block malicious use of global Activity context via stack trace heuristics

Author: errorcodeQQ

CSGuard/src/main/kotlin/com/csguard/GuardedContext.kt

@@ -73,32 +73,67 @@ class GuardedContext(
     private val isStrictlyBlocked: Boolean
         get() = providerName != null && (policy.blockAllUnknown || AllowlistStore.blockedProviders().contains(providerName))
 
+    private fun detectCallerProvider(): String? {
+        val trace = Thread.currentThread().stackTrace
+        for (element in trace) {
+            val className = element.className
+            if (className.startsWith("com.csguard")) continue
+            if (className.startsWith("com.lagradost")) continue
+            if (className.startsWith("android.")) continue
+            if (className.startsWith("java.")) continue
+            if (className.startsWith("kotlin.")) continue
+            if (className.startsWith("dalvik.")) continue
+
+            try {
+                val providers = com.lagradost.cloudstream3.APIHolder.allProviders
+                for (provider in providers) {
+                    val pkg = provider.javaClass.`package`?.name ?: continue
+                    if (className.startsWith(pkg)) {
+                        return provider.name
+                    }
+                }
+            } catch (_: Throwable) {}
+        }
+        return null
+    }
+
+    private fun isCallerBlocked(): Boolean {
+        if (isStrictlyBlocked) return true
+        if (providerName == null) {
+            val caller = detectCallerProvider()
+            if (caller != null && (policy.blockAllUnknown || AllowlistStore.blockedProviders().contains(caller))) {
+                return true
+            }
+        }
+        return false
+    }
+
     override fun getSystemService(name: String): Any? {
-        if (isStrictlyBlocked) {
-            when (name) {
-                Context.WINDOW_SERVICE,
-                Context.CLIPBOARD_SERVICE,
-                Context.NOTIFICATION_SERVICE,
-                Context.VIBRATOR_SERVICE,
-                Context.LOCATION_SERVICE,
-                Context.AUDIO_SERVICE -> return null
+        when (name) {
+            Context.WINDOW_SERVICE,
+            Context.CLIPBOARD_SERVICE,
+            Context.NOTIFICATION_SERVICE,
+            Context.VIBRATOR_SERVICE,
+            Context.LOCATION_SERVICE,
+            Context.AUDIO_SERVICE -> {
+                if (isCallerBlocked()) return null
             }
         }
         return super.getSystemService(name)
     }
 
     override fun sendBroadcast(intent: Intent?) {
-        if (isStrictlyBlocked) return
+        if (isCallerBlocked()) return
         super.sendBroadcast(intent)
     }
 
     override fun startService(service: Intent?): android.content.ComponentName? {
-        if (isStrictlyBlocked) return null
+        if (isCallerBlocked()) return null
         return super.startService(service)
     }
 
     override fun bindService(service: Intent, conn: android.content.ServiceConnection, flags: Int): Boolean {
-        if (isStrictlyBlocked) return false
+        if (isCallerBlocked()) return false
         return super.bindService(service, conn, flags)
     }
 }