Loading services/core/java/com/android/server/pm/ComputerEngine.java +28 −4 Original line number Diff line number Diff line Loading @@ -2207,11 +2207,17 @@ public class ComputerEngine implements Computer { if (PackageManagerServiceUtils.isSystemOrRoot(callingUid)) { return true; } if (requireFullPermission) { return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL); boolean permissionGranted = requireFullPermission ? hasPermission( Manifest.permission.INTERACT_ACROSS_USERS_FULL) : (hasPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS)); if (!permissionGranted) { if (Process.isIsolatedUid(callingUid) && isKnownIsolatedComputeApp(callingUid)) { return checkIsolatedOwnerHasPermission(callingUid, requireFullPermission); } } return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS); return permissionGranted; } /** Loading @@ -2227,6 +2233,24 @@ public class ComputerEngine implements Computer { == PackageManager.PERMISSION_GRANTED; } private boolean hasPermission(String permission, int uid) { return mContext.checkPermission(permission, Process.INVALID_PID, uid) == PackageManager.PERMISSION_GRANTED; } /** * Since isolated process cannot hold permissions, we check the permissions on the owner app * for known isolated_compute_app cases because they belong to the same package. */ private boolean checkIsolatedOwnerHasPermission(int callingUid, boolean requireFullPermission) { int ownerUid = getIsolatedOwner(callingUid); if (requireFullPermission) { return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid); } return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS, ownerUid); } public final boolean isCallerSameApp(String packageName, int uid) { return isCallerSameApp(packageName, uid, false /* resolveIsolatedUid */); } Loading Loading
services/core/java/com/android/server/pm/ComputerEngine.java +28 −4 Original line number Diff line number Diff line Loading @@ -2207,11 +2207,17 @@ public class ComputerEngine implements Computer { if (PackageManagerServiceUtils.isSystemOrRoot(callingUid)) { return true; } if (requireFullPermission) { return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL); boolean permissionGranted = requireFullPermission ? hasPermission( Manifest.permission.INTERACT_ACROSS_USERS_FULL) : (hasPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS)); if (!permissionGranted) { if (Process.isIsolatedUid(callingUid) && isKnownIsolatedComputeApp(callingUid)) { return checkIsolatedOwnerHasPermission(callingUid, requireFullPermission); } } return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS); return permissionGranted; } /** Loading @@ -2227,6 +2233,24 @@ public class ComputerEngine implements Computer { == PackageManager.PERMISSION_GRANTED; } private boolean hasPermission(String permission, int uid) { return mContext.checkPermission(permission, Process.INVALID_PID, uid) == PackageManager.PERMISSION_GRANTED; } /** * Since isolated process cannot hold permissions, we check the permissions on the owner app * for known isolated_compute_app cases because they belong to the same package. */ private boolean checkIsolatedOwnerHasPermission(int callingUid, boolean requireFullPermission) { int ownerUid = getIsolatedOwner(callingUid); if (requireFullPermission) { return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid); } return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid) || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS, ownerUid); } public final boolean isCallerSameApp(String packageName, int uid) { return isCallerSameApp(packageName, uid, false /* resolveIsolatedUid */); } Loading
