Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f6432b9 authored by Rhed Jao's avatar Rhed Jao
Browse files

Fix side channel leakage from the api of setInstallerPackageName 

Enforce the package visibility filter on the argument of the
installer package name to fix the package information leakage
from the different exceptions thrown by the api.

Bug: 184851975
Test: atest AppEnumerationTests
Change-Id: I9fd36480fd0faaa954dc417992995dbbf5e68a2a
parent d52baf86

services/core/java/com/android/server/pm/PackageManagerService.java

+5 −2
Original line number Diff line number Diff line
@@ -16915,6 +16915,7 @@ public class PackageManagerService extends IPackageManager.Stub 
    @Override

    public void setInstallerPackageName(String targetPackage, String installerPackageName) {

        final int callingUid = Binder.getCallingUid();

        final int callingUserId = UserHandle.getUserId(callingUid);

        if (getInstantAppPackageName(callingUid) != null) {

            return;

        }
@@ -16923,14 +16924,16 @@ public class PackageManagerService extends IPackageManager.Stub 
            PackageSetting targetPackageSetting = mSettings.getPackageLPr(targetPackage);

            if (targetPackageSetting == null

                    || shouldFilterApplicationLocked(

                            targetPackageSetting, callingUid, UserHandle.getUserId(callingUid))) {

                            targetPackageSetting, callingUid, callingUserId)) {

                throw new IllegalArgumentException("Unknown target package: " + targetPackage);

            }















            PackageSetting installerPackageSetting;















            if (installerPackageName != null) {















                installerPackageSetting = mSettings.getPackageLPr(installerPackageName);













                if (installerPackageSetting == null) {













                if (installerPackageSetting == null













                        || shouldFilterApplicationLocked(













                                installerPackageSetting, callingUid, callingUserId)) {















                    throw new IllegalArgumentException("Unknown installer package: "















                            + installerPackageName);















                }