Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 199a542c authored by rambowang's avatar rambowang Committed by Rambo Wang
Browse files

Check system and phone UID in multiple-user-aware way 

This CL calls UserHandle.isSameApp to make sure the UID check with
Process.SYSTEM_UID and PHONE_UID are multiple-user-aware.

The logic to directly compare UID with PROCESS.XXX_UID only works for
system user. For secondary users, system/phone processes may run with
UID prefixed with user id.

UserHandle.isSameApp helps to correctly detect the system/phone process
by comparing only the App id part.

Bug: 328511085
Test: atest PackageManagerServiceTest LocationAccessPolicyTest
Flag: com.android.internal.telephony.flags.support_phone_uid_check_for_multiuser
Change-Id: I99b6979ed7775f9aad0e9b241f10d8b50c468167
parent b283f3d3

services/core/java/com/android/server/TelephonyRegistry.java

+1 −2
Original line number Diff line number Diff line
@@ -921,8 +921,7 @@ public class TelephonyRegistry extends ITelephonyRegistry.Stub { 


    //helper function to determine if limit on num listeners applies to callingUid

    private boolean doesLimitApplyForListeners(int callingUid, int exemptUid) {

        return (callingUid != Process.SYSTEM_UID

                && callingUid != Process.PHONE_UID

        return (!TelephonyPermissions.isSystemOrPhone(callingUid)

                && callingUid != exemptUid);

    }

telephony/common/android/telephony/LocationAccessPolicy.java

+14 −4
Original line number Diff line number Diff line
@@ -32,6 +32,8 @@ import android.os.UserHandle; 
import android.util.Log;

import android.widget.Toast;



import com.android.internal.telephony.TelephonyPermissions;

import com.android.internal.telephony.flags.Flags;

import com.android.internal.telephony.util.TelephonyUtils;



/**
@@ -310,11 +312,19 @@ public final class LocationAccessPolicy { 
        // This avoid breaking legacy code that rely on public-facing APIs to access cell location,

        // and it doesn't create an info leak risk because the cell location is stored in the phone

        // process anyway, and the system server already has location access.

        if (Flags.supportPhoneUidCheckForMultiuser()) {

            if (TelephonyPermissions.isSystemOrPhone(query.callingUid)

                    || UserHandle.isSameApp(query.callingUid, Process.NETWORK_STACK_UID)

                    || UserHandle.isSameApp(query.callingUid, Process.ROOT_UID)) {

                return LocationPermissionResult.ALLOWED;

            }

        } else {

            if (query.callingUid == Process.PHONE_UID || query.callingUid == Process.SYSTEM_UID

                    || query.callingUid == Process.NETWORK_STACK_UID

                    || query.callingUid == Process.ROOT_UID) {

                return LocationPermissionResult.ALLOWED;

            }

        }



        // Check the system-wide requirements. If the location main switch is off and the caller is

        // not in the allowlist of apps that always have loation access or the app's profile