Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 17e40d2f authored by Todd Kennedy's avatar Todd Kennedy
Browse files

Allow internal services access to instant apps 

Any system UID [those with a UID < Process.FIRST_APPLICATION_UID] should be
able to see instant applications. These are trusted processes and will often
need to verify permissions of the calling instant app.

Change-Id: I4ec899ffd45d931a17d4ea0bfacf3004d3e074ef
Fixes: 67849834
Test: Manual.
Test: Install hellozip_base.apk from bug:
Test:  $ adb install --instantapp -i com.android.vending hellozip_base.apk
Test: Run hellozip
Test:  $ adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d https://hello.samples.androidinstantapps.com/hello
Test: Try to capture a photo and see that the app crashes with a SecurityException before the patch and that a photo is taken after the patch
Test: Try to record audio and see that the app crashes with an IllegalStateException before the patch and that the app doesn't crash after the patch
parent b8057e31

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −7
Original line number Diff line number Diff line
@@ -3794,19 +3794,16 @@ public class PackageManagerService extends IPackageManager.Stub 
     * <p>

     * Currently, there are three cases in which this can occur:

     * <ol>

     * <li>The calling application is a "special" process. The special

     *     processes are {@link Process#SYSTEM_UID}, {@link Process#SHELL_UID}

     *     and {@code 0}</li>

     * <li>The calling application is a "special" process. Special processes

     *     are those with a UID < {@link Process#FIRST_APPLICATION_UID}.</li>

     * <li>The calling application has the permission

     *     {@link android.Manifest.permission#ACCESS_INSTANT_APPS}</li>

     *     {@link android.Manifest.permission#ACCESS_INSTANT_APPS}.</li>

     * <li>The calling application is the default launcher on the

     *     system partition.</li>

     * </ol>

     */

    private boolean canViewInstantApps(int callingUid, int userId) {

        if (callingUid == Process.SYSTEM_UID

                || callingUid == Process.SHELL_UID

                || callingUid == Process.ROOT_UID) {

        if (callingUid < Process.FIRST_APPLICATION_UID) {

            return true;

        }

        if (mContext.checkCallingOrSelfPermission(