Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6e8d0f67 authored by Rhed Jao's avatar Rhed Jao
Browse files

Fix cross user package visibility leakage for hasSigningCertificate 

- To fix cross user package visibility leakage for the API
  #hasSigningCertificate, this CL returns false if the target
  package does not install in the calling user.

Bug: 229684723
Test: atest CrossUserPackageVisibilityTests
Change-Id: Id82ed5d2d4678acf185ea3561787c0213d4c0224
parent d7a58241

services/core/java/com/android/server/pm/ComputerEngine.java

+3 −5
Original line number Diff line number Diff line
@@ -4453,13 +4453,11 @@ public class ComputerEngine implements Computer { 
        if (p == null) {

            return false;

        }

        final PackageStateInternal ps = getPackageStateInternal(p.getPackageName());

        if (ps == null) {

            return false;

        }

        final int callingUid = Binder.getCallingUid();

        final int callingUserId = UserHandle.getUserId(callingUid);

        if (shouldFilterApplication(ps, callingUid, callingUserId)) {

        final PackageStateInternal ps = getPackageStateInternal(p.getPackageName());

        if (ps == null

                || shouldFilterApplicationIncludingUninstalled(ps, callingUid, callingUserId)) {

            return false;

        }

        switch (type) {