Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0df1d5a2 authored by Rhed Jao's avatar Rhed Jao
Browse files

Fix cross user package visibility leakage for activitySupportsIntent 

Returns false if the target package does not install in the calling
user to fix the cross user package visibility leakage for the
activitySupportsIntent API.

This cl also adds a user id parameter to the API for the activity
starter module to specify a correct user id to query the package's
activity intent.

Bug: 229684723
Test: atest CrossUserPackageVisibilityTests
Test: atest ActivityStarterTests
Change-Id: I0e84c762a6861db263adbc5a2fd713f35468213f
parent 08544604

core/java/android/content/pm/IPackageManager.aidl

+2 −2
Original line number Diff line number Diff line
@@ -89,8 +89,8 @@ interface IPackageManager { 


    ActivityInfo getActivityInfo(in ComponentName className, long flags, int userId);



    boolean activitySupportsIntent(in ComponentName className, in Intent intent,

            String resolvedType);

    boolean activitySupportsIntentAsUser(in ComponentName className, in Intent intent,

            String resolvedType, int userId);



    ActivityInfo getReceiverInfo(in ComponentName className, long flags, int userId);

services/core/java/com/android/server/pm/Computer.java

+3 −2
Original line number Diff line number Diff line
@@ -349,8 +349,9 @@ public interface Computer extends PackageDataSnapshot { 


    int getTargetSdkVersion(@NonNull String packageName);



    boolean activitySupportsIntent(@NonNull ComponentName resolveComponentName,

            @NonNull ComponentName component, @NonNull Intent intent, String resolvedType);

    boolean activitySupportsIntentAsUser(@NonNull ComponentName resolveComponentName,

            @NonNull ComponentName component, @NonNull Intent intent, String resolvedType,

            int userId);



    @Nullable

    ActivityInfo getReceiverInfo(@NonNull ComponentName component,

services/core/java/com/android/server/pm/ComputerEngine.java

+7 −5
Original line number Diff line number Diff line
@@ -3821,14 +3821,16 @@ public class ComputerEngine implements Computer { 
    }



    @Override

    public boolean activitySupportsIntent(@NonNull ComponentName resolveComponentName,

            @NonNull ComponentName component, @NonNull Intent intent, String resolvedType) {

    public boolean activitySupportsIntentAsUser(@NonNull ComponentName resolveComponentName,

            @NonNull ComponentName component, @NonNull Intent intent, String resolvedType,

            int userId) {

        final int callingUid = Binder.getCallingUid();

        enforceCrossUserPermission(callingUid, userId, false /* requireFullPermission */,

                false /* checkShell */, "activitySupportsIntentAsUser");

        if (component.equals(resolveComponentName)) {

            // The resolver supports EVERYTHING!

            return true;

        }

        final int callingUid = Binder.getCallingUid();

        final int callingUserId = UserHandle.getUserId(callingUid);

        ParsedActivity a = mComponentResolver.getActivity(component);

        if (a == null) {

            return false;
@@ -3838,7 +3840,7 @@ public class ComputerEngine implements Computer { 
            return false;

        }

        if (shouldFilterApplication(

                ps, callingUid, component, TYPE_ACTIVITY, callingUserId)) {

                ps, callingUid, component, TYPE_ACTIVITY, userId, true /* filterUninstall */)) {

            return false;

        }

        for (int i=0; i< a.getIntents().size(); i++) {

services/core/java/com/android/server/pm/IPackageManagerBase.java

+4 −4
Original line number Diff line number Diff line
@@ -148,10 +148,10 @@ public abstract class IPackageManagerBase extends IPackageManager.Stub { 


    @Override

    @Deprecated

    public final boolean activitySupportsIntent(ComponentName component, Intent intent,

            String resolvedType) {

        return snapshot().activitySupportsIntent(mResolveComponentName, component, intent,

                resolvedType);

    public final boolean activitySupportsIntentAsUser(ComponentName component, Intent intent,

            String resolvedType, int userId) {

        return snapshot().activitySupportsIntentAsUser(mResolveComponentName, component, intent,

                resolvedType, userId);

    }



    @Override

services/core/java/com/android/server/wm/ActivityStarter.java

+4 −4
Original line number Diff line number Diff line
@@ -957,8 +957,8 @@ class ActivityStarter { 
                    && sourceRecord.info.applicationInfo.uid != aInfo.applicationInfo.uid) {

                try {

                    intent.addCategory(Intent.CATEGORY_VOICE);

                    if (!mService.getPackageManager().activitySupportsIntent(

                            intent.getComponent(), intent, resolvedType)) {

                    if (!mService.getPackageManager().activitySupportsIntentAsUser(

                            intent.getComponent(), intent, resolvedType, userId)) {

                        Slog.w(TAG, "Activity being started in current voice task does not support "

                                + "voice: " + intent);

                        err = ActivityManager.START_NOT_VOICE_COMPATIBLE;
@@ -974,8 +974,8 @@ class ActivityStarter { 
            // If the caller is starting a new voice session, just make sure the target

            // is actually allowing it to run this way.

            try {

                if (!mService.getPackageManager().activitySupportsIntent(intent.getComponent(),

                        intent, resolvedType)) {

                if (!mService.getPackageManager().activitySupportsIntentAsUser(

                        intent.getComponent(), intent, resolvedType, userId)) {

                    Slog.w(TAG,

                            "Activity being started in new voice task does not support: " + intent);

                    err = ActivityManager.START_NOT_VOICE_COMPATIBLE;