Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 547ef077 authored by Rubin Xu's avatar Rubin Xu
Browse files

Clear binder identity before querying package information 

DevicePolicyManagerService needs to clear caller identity before
calling into PackageManager APIs, to make sure the app enumeration
restriction in R does not adversely affect its functionalities.

Bug: 150407679
Test: MixedManagedProfileOwnerTest#testDelegatedCertInstaller
      (without the stopgap fix ag/10456865)
Change-Id: I237c527241c26a309302bc2f7e36f8007a6c53b8
parent 36a845de

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+36 −53
Original line number Diff line number Diff line
@@ -6549,13 +6549,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            // Or ensure calling process is delegatePackage itself.

            } else {

                int uid = 0;

                try {

                  uid = mInjector.getPackageManager()

                          .getPackageUidAsUser(delegatePackage, userId);

                } catch(NameNotFoundException e) {

                }

                if (uid != callingUid) {

                if (!isCallingFromPackage(delegatePackage, callingUid)) {

                    throw new SecurityException("Caller with uid " + callingUid + " is not "

                            + delegatePackage);

                }
@@ -6675,15 +6669,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
            final List<String> scopes = policy.mDelegationMap.get(callerPackage);

            // Check callingUid only if callerPackage has the required scope delegation.

            if (scopes != null && scopes.contains(scope)) {

                try {

                    // Retrieve the expected UID for callerPackage.

                    final int uid = mInjector.getPackageManager()

                            .getPackageUidAsUser(callerPackage, userId);

                // Return true if the caller is actually callerPackage.

                    return uid == callerUid;

                } catch (NameNotFoundException e) {

                    // Ignore.

                }

                return isCallingFromPackage(callerPackage, callerUid);

            }

            return false;

        }
@@ -8575,15 +8562,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    public void clearDeviceOwner(String packageName) {

        Objects.requireNonNull(packageName, "packageName is null");

        final int callingUid = mInjector.binderGetCallingUid();

        try {

            int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName,

                    UserHandle.getUserId(callingUid));

            if (uid != callingUid) {

        if (!isCallingFromPackage(packageName, callingUid)) {

            throw new SecurityException("Invalid packageName");

        }

        } catch (NameNotFoundException e) {

            throw new SecurityException(e);

        }

        synchronized (getLockObject()) {

            final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();

            final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
@@ -12297,14 +12278,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                if (ownerPackage == null) {

                    ownerPackage = mOwners.getDeviceOwnerPackageName();

                }

                final String packageName = ownerPackage;

                PackageManager pm = mInjector.getPackageManager();

                PackageInfo packageInfo;

                PackageInfo packageInfo = mInjector.binderWithCleanCallingIdentity(() -> {

                    try {

                    packageInfo = pm.getPackageInfo(ownerPackage, 0);

                        return pm.getPackageInfo(packageName, 0);

                    } catch (NameNotFoundException e) {

                        Log.e(LOG_TAG, "getPackageInfo error", e);

                        return null;

                    }

                });

                if (packageInfo == null) {

                    Log.e(LOG_TAG, "packageInfo is inexplicably null");

                    return null;
@@ -12869,6 +12852,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    }















    boolean isPackageInstalledForUser(String packageName, int userHandle) {













        return mInjector.binderWithCleanCallingIdentity(() -> {















            try {















                PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0,















                        userHandle);









@@ -12876,6 +12860,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













            } catch (RemoteException re) {















                throw new RuntimeException("Package manager has died", re);















            }













        });















    }





























    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {










@@ -13940,14 +13925,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













            }















            mPackagesToRemove.remove(packageUserPair);















        }













        try {













            if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) {













        if (!isPackageInstalledForUser(packageName, userId)) {















            // Package does not exist. Nothing to do.















            return;















        }













        } catch (RemoteException re) {













            Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info");













        }





























        try { // force stop the package before uninstalling















            mInjector.getIActivityManager().forceStopPackage(packageName, userId);










@@ -15534,6 +15515,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













    }





























    private boolean isCallingFromPackage(String packageName, int callingUid) {













        return mInjector.binderWithCleanCallingIdentity(() -> {















            try {















                final int packageUid = mInjector.getPackageManager().getPackageUidAsUser(















                        packageName, UserHandle.getUserId(callingUid));









@@ -15542,6 +15524,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                Log.d(LOG_TAG, "Calling package not found", e);















                return false;















            }













        });















    }





























    private DevicePolicyConstants loadConstants() {