Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87944e74 authored by Rhed Jao's avatar Rhed Jao
Browse files

Using isUidPrivileged instead of getPrivateFlagsForUid API 

Starting from U, the PackageManager#getPrivateFlagsForUid does
not support to get private flags for different users. It
returns nothing if the package cannot be found in the calling
user.

To avoid failing to get private flags in the IntentFirewall,
this CL uses the internal API isUidPrivileged to check the
privilege state of the caller.

Bug: 229684723
Test: Build
Change-Id: I8440cb51e4318d57a097efe651be626b9df2da0f
parent 83e91711

services/core/java/com/android/server/firewall/IntentFirewall.java

+2 −2
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ public class IntentFirewall { 
        mObserver.startWatching();

    }



    private PackageManagerInternal getPackageManager() {

    PackageManagerInternal getPackageManager() {

        if (mPackageManager == null) {

            mPackageManager = LocalServices.getService(PackageManagerInternal.class);

        }
@@ -627,7 +627,7 @@ public class IntentFirewall { 
        final long token = Binder.clearCallingIdentity();

        try {

            // Compare signatures of two packages for different users.

            return LocalServices.getService(PackageManagerInternal.class)

            return getPackageManager()

                    .checkUidSignaturesForAllUsers(uid1, uid2) == PackageManager.SIGNATURE_MATCH;

        } finally {

            Binder.restoreCallingIdentity(token);

services/core/java/com/android/server/firewall/SenderFilter.java

+7 −20
Original line number Diff line number Diff line
@@ -16,14 +16,11 @@ 


package com.android.server.firewall;



import android.app.AppGlobals;

import android.content.ComponentName;

import android.content.Intent;

import android.content.pm.ApplicationInfo;

import android.content.pm.IPackageManager;

import android.content.pm.PackageManagerInternal;

import android.os.Process;

import android.os.RemoteException;

import android.util.Slog;



import org.xmlpull.v1.XmlPullParser;

import org.xmlpull.v1.XmlPullParserException;
@@ -37,22 +34,12 @@ class SenderFilter { 
    private static final String VAL_SYSTEM_OR_SIGNATURE = "system|signature";

    private static final String VAL_USER_ID = "userId";



    static boolean isPrivilegedApp(int callerUid, int callerPid) {

    static boolean isPrivilegedApp(PackageManagerInternal pmi, int callerUid, int callerPid) {

        if (callerUid == Process.SYSTEM_UID || callerUid == 0 ||

                callerPid == Process.myPid() || callerPid == 0) {

            return true;

        }



        IPackageManager pm = AppGlobals.getPackageManager();

        try {

            return (pm.getPrivateFlagsForUid(callerUid) & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED)

                    != 0;

        } catch (RemoteException ex) {

            Slog.e(IntentFirewall.TAG, "Remote exception while retrieving uid flags",

                    ex);

        }



        return false;

        return pmi.isUidPrivileged(callerUid);

    }



    public static final FilterFactory FACTORY = new FilterFactory("sender") {
@@ -89,7 +76,7 @@ class SenderFilter { 
        @Override

        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,

                int callerUid, int callerPid, String resolvedType, int receivingUid) {

            return isPrivilegedApp(callerUid, callerPid);

            return isPrivilegedApp(ifw.getPackageManager(), callerUid, callerPid);

        }

    };
@@ -97,8 +84,8 @@ class SenderFilter { 
        @Override

        public boolean matches(IntentFirewall ifw, ComponentName resolvedComponent, Intent intent,

                int callerUid, int callerPid, String resolvedType, int receivingUid) {

            return isPrivilegedApp(callerUid, callerPid) ||

                    ifw.signaturesMatch(callerUid, receivingUid);

            return isPrivilegedApp(ifw.getPackageManager(), callerUid, callerPid)

                    || ifw.signaturesMatch(callerUid, receivingUid);

        }

    };