Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6d90858f authored by Rhed Jao's avatar Rhed Jao
Browse files

Enforce package visibility to the api checkUriPermission 

App can query which applications are installed on the device via
api grantUriPermission and checkUriPermission. This cl enforces
package visibility filter to the api checkUriPermission to fix
the security issue.

Bug: 180019130
Test: atest AppEnumerationTests
Test: atest CtsProviderTestCases
Test: atest UriGrantsManagerServiceTest
Test: atest UriPermissionTest
Test: atest ContentProviderTest
Test: atest ContentResolverTest
Test: atest DownloadManagerTest
Test: atest MediaProviderTest
Test: atest ManagedProfileCrossProfileTest
Change-Id: Ic19caef7f3f221b9c35afe2805336e50d838cf26
parent b1a43093

services/core/java/android/content/pm/PackageManagerInternal.java

+9 −0
Original line number Diff line number Diff line
@@ -704,6 +704,15 @@ public abstract class PackageManagerInternal implements PackageSettingsSnapshotP 
    public abstract boolean filterAppAccess(

            @NonNull String packageName, int callingUid, int userId);



    /**

     * Returns whether or not access to the application which belongs to the given UID should be

     * filtered. If the UID is part of a shared user ID, return {@code true} if all applications

     * belong to the shared user ID should be filtered.

     *

     * @see #filterAppAccess(AndroidPackage, int, int)

     */

    public abstract boolean filterAppAccess(int uid, int callingUid);



    /** Returns whether the given package was signed by the platform */

    public abstract boolean isPlatformSigned(String pkg);

services/core/java/com/android/server/am/ActivityManagerService.java

+5 −0
Original line number Diff line number Diff line
@@ -5690,6 +5690,11 @@ public class ActivityManagerService extends IActivityManager.Stub 
        if (pid == MY_PID) {

            return PackageManager.PERMISSION_GRANTED;

        }

        if (uid != ROOT_UID) { // bypass the root

            if (mPackageManagerInt.filterAppAccess(uid, Binder.getCallingUid())) {

                return PackageManager.PERMISSION_DENIED;

            }

        }

        return mUgmInternal.checkUriPermission(new GrantUri(userId, uri, modeFlags), uid, modeFlags)

                ? PackageManager.PERMISSION_GRANTED : PackageManager.PERMISSION_DENIED;

    }

services/core/java/com/android/server/pm/PackageManagerService.java

+40 −0
Original line number Diff line number Diff line
@@ -2133,6 +2133,8 @@ public class PackageManagerService extends IPackageManager.Stub 
        @LiveImplementation(override = LiveImplementation.MANDATORY)

        boolean filterAppAccess(String packageName, int callingUid, int userId);

        @LiveImplementation(override = LiveImplementation.MANDATORY)

        boolean filterAppAccess(int uid, int callingUid);

        @LiveImplementation(override = LiveImplementation.MANDATORY)

        void dump(int type, FileDescriptor fd, PrintWriter pw, DumpState dumpState);

    }










@@ -4656,6 +4658,22 @@ public class PackageManagerService extends IPackageManager.Stub













                    userId);















        }



























        public boolean filterAppAccess(int uid, int callingUid) {













            final int userId = UserHandle.getUserId(uid);













            final int appId = UserHandle.getAppId(uid);













            final Object setting = mSettings.getSettingLPr(appId);

























            if (setting instanceof SharedUserSetting) {













                return shouldFilterApplicationLocked(













                        (SharedUserSetting) setting, callingUid, userId);













            } else if (setting == null













                    || setting instanceof PackageSetting) {













                return shouldFilterApplicationLocked(













                        (PackageSetting) setting, callingUid, userId);













            }













            return false;













        }



























        public void dump(int type, FileDescriptor fd, PrintWriter pw, DumpState dumpState) {















            final String packageName = dumpState.getTargetPackageName();















            final boolean checkin = dumpState.isCheckIn();










@@ -5002,6 +5020,11 @@ public class PackageManagerService extends IPackageManager.Stub













                return super.filterAppAccess(packageName, callingUid, userId);















            }















        }













        public final boolean filterAppAccess(int uid, int callingUid) {













            synchronized (mLock) {













                return super.filterAppAccess(uid, callingUid);













            }













        }















        public final void dump(int type, FileDescriptor fd, PrintWriter pw, DumpState dumpState) {















            synchronized (mLock) {















                super.dump(type, fd, pw, dumpState);










@@ -5372,6 +5395,14 @@ public class PackageManagerService extends IPackageManager.Stub













                current.release();















            }















        }













        public final boolean filterAppAccess(int uid, int callingUid) {













            ThreadComputer current = snapshot();













            try {













                return current.mComputer.filterAppAccess(uid, callingUid);













            } finally {













                current.release();













            }













        }















        public final boolean filterSharedLibPackageLPr(@Nullable PackageSetting ps, int uid,















                int userId, int flags) {















            ThreadComputer current = live();










@@ -27096,6 +27127,10 @@ public class PackageManagerService extends IPackageManager.Stub













        return mComputer.filterAppAccess(packageName, callingUid, userId);















    }



























    private boolean filterAppAccess(int uid, int callingUid) {













        return mComputer.filterAppAccess(uid, callingUid);













    }



























    private class PackageManagerInternalImpl extends PackageManagerInternal {















        @Override















        public List<ApplicationInfo> getInstalledApplications(int flags, int userId,










@@ -27178,6 +27213,11 @@ public class PackageManagerService extends IPackageManager.Stub













            return PackageManagerService.this.filterAppAccess(packageName, callingUid, userId);















        }



























        @Override













        public boolean filterAppAccess(int uid, int callingUid) {













            return PackageManagerService.this.filterAppAccess(uid, callingUid);













        }



























        @Override















        public AndroidPackage getPackage(String packageName) {















            return PackageManagerService.this.getPackage(packageName);