Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34ac0086 authored by Nikita Ioffe's avatar Nikita Ioffe Committed by Automerger Merge Worker
Browse files

Merge "Handle the visibility of sdk sandbox uids" into tm-dev am: 6c0ca16d am: 793865d7 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18928730



Change-Id: I7280b5afc849c2bbc3d6b1cd687dfa3bda68c4f6
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 2928ce63 793865d7

services/core/java/com/android/server/pm/ComputerEngine.java

+15 −2
Original line number Original line Diff line number Diff line
@@ -2686,7 +2686,7 @@ public class ComputerEngine implements Computer { 
        if (Process.isSdkSandboxUid(callingUid)) {

        if (Process.isSdkSandboxUid(callingUid)) {

            int clientAppUid = Process.getAppUidForSdkSandboxUid(callingUid);

            int clientAppUid = Process.getAppUidForSdkSandboxUid(callingUid);

            // SDK sandbox should be able to see it's client app

            // SDK sandbox should be able to see it's client app

            if (clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {

            if (ps != null && clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {

                return false;

                return false;

            }

            }

        }

        }
@@ -2698,7 +2698,7 @@ public class ComputerEngine implements Computer { 
        final boolean callerIsInstantApp = instantAppPkgName != null;

        final boolean callerIsInstantApp = instantAppPkgName != null;

        if (ps == null) {

        if (ps == null) {

            // pretend the application exists, but, needs to be filtered

            // pretend the application exists, but, needs to be filtered

            return callerIsInstantApp;

            return callerIsInstantApp || Process.isSdkSandboxUid(callingUid);

        }

        }

        // if the target and caller are the same application, don't filter

        // if the target and caller are the same application, don't filter

        if (isCallerSameApp(ps.getPackageName(), callingUid)) {

        if (isCallerSameApp(ps.getPackageName(), callingUid)) {
@@ -3089,6 +3089,19 @@ public class ComputerEngine implements Computer { 
    }

    }





    public boolean filterAppAccess(int uid, int callingUid) {

    public boolean filterAppAccess(int uid, int callingUid) {

        if (Process.isSdkSandboxUid(uid)) {

            // Sdk sandbox instance should be able to see itself.

            if (callingUid == uid) {

                return false;

            }

            final int clientAppUid = Process.getAppUidForSdkSandboxUid(uid);

            // Client app of this sdk sandbox process should be able to see it.

            if (clientAppUid == uid) {

                return false;

            }

            // Nobody else should be able to see the sdk sandbox process.

            return true;

        }

        final int userId = UserHandle.getUserId(uid);

        final int userId = UserHandle.getUserId(uid);

        final int appId = UserHandle.getAppId(uid);

        final int appId = UserHandle.getAppId(uid);

        final Object setting = mSettings.getSettingBase(appId);

        final Object setting = mSettings.getSettingBase(appId);