Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 29a5a92a authored by Nate Myren's avatar Nate Myren Committed by Nishith Khanna
Browse files

Ensure sandboxed UIDs are treated as untrusted in Appops 

They should not be considered "system" app for the purposes of
attribution tag vaildation

Bug: 443742082
Test: atest AppOpsMemoryUsageTest
Flag: EXEMPT CVE_FIX
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:1bc6b146137f76589146dff5cd82363de7ccfb7d
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:8714d11fc0ea2451e595c8ef2b2cd4a8f8837283
Merged-In: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
Change-Id: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
parent 0141a045

services/core/java/com/android/server/appop/AppOpsService.java

+3 −0
Original line number Diff line number Diff line
@@ -4584,6 +4584,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
        if (packageName == null) {

            return true;

        }

        if (Process.isSdkSandboxUid(uid)) {

            return false;

        }

        int appId = UserHandle.getAppId(uid);

        if (appId > 0 && appId < Process.FIRST_APPLICATION_UID) {

            return true;