Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 44a45292 authored by Jackal Guo's avatar Jackal Guo
Browse files

Enforce the permission and the owner rights earlier 

Move the check to the early section of the method to secure the
validity.

Bug: 188219307
Test: atest PackageManagerServiceHibernationTests
Test: atest -p services/core/java/com/android/server/am
Test: atest -p services/core/java/com/android/server/pm
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Change-Id: I49c456da65cb2befbf5c435e5febcdd9434be684
parent bbece861

services/core/java/com/android/server/pm/PackageManagerService.java

+8 −2
Original line number Diff line number Diff line
@@ -23984,6 +23984,13 @@ public class PackageManagerService extends IPackageManager.Stub 
        final int permission = mContext.checkCallingOrSelfPermission(

                android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE);

        final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED);

        if (!allowedByPermission

                && !ArrayUtils.contains(getPackagesForUid(callingUid), packageName)) {

            throw new SecurityException(

                    "Permission Denial: attempt to change stopped state from pid="

                            + Binder.getCallingPid()

                            + ", uid=" + callingUid + ", package=" + packageName);

        }

        enforceCrossUserPermission(callingUid, userId, true /* requireFullPermission */,

                true /* checkShell */, "stop package");

        boolean shouldUnhibernate = false;
@@ -23994,8 +24001,7 @@ public class PackageManagerService extends IPackageManager.Stub 
                shouldUnhibernate = true;

            }

            if (!shouldFilterApplicationLocked(ps, callingUid, userId)

                    && mSettings.setPackageStoppedStateLPw(this, packageName, stopped,

                            allowedByPermission, callingUid, userId)) {

                    && mSettings.setPackageStoppedStateLPw(this, packageName, stopped, userId)) {

                scheduleWritePackageRestrictionsLocked(userId);

            }

        }

services/core/java/com/android/server/pm/Settings.java

+1 −8
Original line number Diff line number Diff line
@@ -4185,18 +4185,11 @@ public final class Settings implements Watchable, Snappable { 
    }



    boolean setPackageStoppedStateLPw(PackageManagerService pm, String packageName,

            boolean stopped, boolean allowedByPermission, int uid, int userId) {

        int appId = UserHandle.getAppId(uid);

            boolean stopped, int userId) {

        final PackageSetting pkgSetting = mPackages.get(packageName);

        if (pkgSetting == null) {

            throw new IllegalArgumentException("Unknown package: " + packageName);

        }

        if (!allowedByPermission && (appId != pkgSetting.appId)) {

            throw new SecurityException(

                    "Permission Denial: attempt to change stopped state from pid="

                    + Binder.getCallingPid()

                    + ", uid=" + uid + ", package uid=" + pkgSetting.appId);

        }

        if (DEBUG_STOPPED) {

            if (stopped) {

                RuntimeException e = new RuntimeException("here");