Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3051caac authored by Todd Kennedy's avatar Todd Kennedy
Browse files

System installed launcher can see instant apps 

Change-Id: I97f791b61f9b4f7ed33305345bf3d92394b40ae4
Fixes: 38202759
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual. Create sample app that replaces the launcher to test ability to see ephemeral apps.
parent d7a2c1c2

core/java/android/content/pm/PackageManagerInternal.java

+1 −1
Original line number Diff line number Diff line
@@ -343,5 +343,5 @@ public abstract class PackageManagerInternal { 
    public abstract int getUidTargetSdkVersion(int uid);



    /** Whether the binder caller can access instant apps. */

    public abstract boolean canAccessInstantApps(int callingUid);

    public abstract boolean canAccessInstantApps(int callingUid, int userId);

}

core/res/AndroidManifest.xml

+6 −2
Original line number Diff line number Diff line
@@ -3317,12 +3317,16 @@ 
         confirmation UI for full backup/restore -->

    <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>





    <!-- Allows the holder to access the instant applications on the device.

    <!-- Allows the holder to access and manage instant applications on the device.

    @hide -->

    <permission android:name="android.permission.ACCESS_INSTANT_APPS"

            android:protectionLevel="signature|installer|verifier" />



    <!-- Allows the holder to view the instant applications on the device.

    @hide -->

    <permission android:name="android.permission.VIEW_INSTANT_APPS"

            android:protectionLevel="signature|preinstalled" />



    <!-- Allows receiving the usage of media resource e.g. video/audio codec and

         graphic memory.

         @hide -->

services/core/java/com/android/server/pm/PackageManagerService.java

+26 −18
Original line number Diff line number Diff line
@@ -3517,16 +3517,25 @@ public class PackageManagerService extends IPackageManager.Stub 
     *     system partition.</li>

     * </ol>

     */

    private boolean canAccessInstantApps(int callingUid) {

        final boolean isSpecialProcess =

                callingUid == Process.SYSTEM_UID

    private boolean canViewInstantApps(int callingUid, int userId) {

        if (callingUid == Process.SYSTEM_UID

                || callingUid == Process.SHELL_UID

                        || callingUid == Process.ROOT_UID;

        final boolean allowMatchInstant =

                isSpecialProcess

                        || mContext.checkCallingOrSelfPermission(

                        android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED;

        return allowMatchInstant;

                || callingUid == Process.ROOT_UID) {

            return true;

        }

        if (mContext.checkCallingOrSelfPermission(

                android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED) {

            return true;

        }

        if (mContext.checkCallingOrSelfPermission(

                android.Manifest.permission.VIEW_INSTANT_APPS) == PERMISSION_GRANTED) {

            final ComponentName homeComponent = getDefaultHomeActivity(userId);

            if (homeComponent != null

                    && isCallerSameApp(homeComponent.getPackageName(), callingUid)) {

                return true;

            }

        }

        return false;

    }















    private PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId) {










@@ -3784,7 +3793,7 @@ public class PackageManagerService extends IPackageManager.Stub













        }















        if (ps.getInstantApp(userId)) {















            // caller can see all components of all instant applications, don't filter













            if (canAccessInstantApps(callingUid)) {













            if (canViewInstantApps(callingUid, userId)) {















                return false;















            }















            // request for a specific instant application component, filter










@@ -4408,11 +4417,12 @@ public class PackageManagerService extends IPackageManager.Stub













            flags |= PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY;















            flags |= PackageManager.MATCH_INSTANT;















        } else {













            final boolean wantMatchInstant = (flags & PackageManager.MATCH_INSTANT) != 0;















            final boolean allowMatchInstant =















                    (wantInstantApps















                            && Intent.ACTION_VIEW.equals(intent.getAction())















                            && hasWebURI(intent))













                    || canAccessInstantApps(callingUid);













                    || (wantMatchInstant && canViewInstantApps(callingUid, userId));















            flags &= ~(PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY















                    | PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY);















            if (!allowMatchInstant) {










@@ -5937,7 +5947,7 @@ public class PackageManagerService extends IPackageManager.Stub













        final int callingUid = Binder.getCallingUid();















        final int callingUserId = UserHandle.getUserId(callingUid);















        synchronized (mPackages) {













            if (canAccessInstantApps(callingUid)) {













            if (canViewInstantApps(callingUid, callingUserId)) {















                return new ArrayList<String>(mPackages.keySet());















            }















            final String instantAppPkgName = getInstantAppPackageName(callingUid);










@@ -8146,9 +8156,7 @@ public class PackageManagerService extends IPackageManager.Stub













            final boolean returnAllowed =















                    ps != null















                    && (isCallerSameApp(packageName, callingUid)













                            || mContext.checkCallingOrSelfPermission(













                                    android.Manifest.permission.ACCESS_INSTANT_APPS)













                                            == PERMISSION_GRANTED













                            || canViewInstantApps(callingUid, userId)















                            || mInstantAppRegistry.isInstantAccessGranted(















                                    userId, UserHandle.getAppId(callingUid), ps.appId));















            if (returnAllowed) {










@@ -24370,8 +24378,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());













        }





























        @Override













        public boolean canAccessInstantApps(int callingUid) {













            return PackageManagerService.this.canAccessInstantApps(callingUid);













        public boolean canAccessInstantApps(int callingUid, int userId) {













            return PackageManagerService.this.canViewInstantApps(callingUid, userId);















        }















    }







































services/usage/java/com/android/server/usage/UsageStatsService.java



+5
−5




























Original line number
Diff line number
Diff line








@@ -411,8 +411,8 @@ public class UsageStatsService extends SystemService implements













        }















    }





























    private boolean shouldObfuscateInstantAppsForCaller(int callingUid) {













        return !mPackageManagerInternal.canAccessInstantApps(callingUid);













    private boolean shouldObfuscateInstantAppsForCaller(int callingUid, int userId) {













        return !mPackageManagerInternal.canAccessInstantApps(callingUid, userId);















    }































    void clearAppIdleForPackage(String packageName, int userId) {










@@ -1387,7 +1387,7 @@ public class UsageStatsService extends SystemService implements













            }































            final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(













                    Binder.getCallingUid());













                    Binder.getCallingUid(), UserHandle.getCallingUserId());































            final int userId = UserHandle.getCallingUserId();















            final long token = Binder.clearCallingIdentity();










@@ -1432,7 +1432,7 @@ public class UsageStatsService extends SystemService implements













            }































            final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(













                    Binder.getCallingUid());













                    Binder.getCallingUid(), UserHandle.getCallingUserId());































            final int userId = UserHandle.getCallingUserId();















            final long token = Binder.clearCallingIdentity();









@@ -1453,7 +1453,7 @@ public class UsageStatsService extends SystemService implements













                throw re.rethrowFromSystemServer();















            }















            final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(













                    Binder.getCallingUid());













                    Binder.getCallingUid(), userId);















            final long token = Binder.clearCallingIdentity();















            try {















                return UsageStatsService.this.isAppIdleFilteredOrParoled(packageName, userId,