Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 931b3043 authored by Pinyao Ting's avatar Pinyao Ting
Browse files

Prevent unintentional removal of widgets pinned by another host 

appWidgetIds are only unique within the same user, which could lead to overlaps in HSUM. This CL prevents a host from accessing widgets hosted by a entirely different package. (A host can still access widgets hosted by the same package but running in different user if it has interact across users permission)

Bug: 386303131
Test: manual
Flag: EXEMPT bugfix
Change-Id: Ibd08307118af3fdc22ec57668af82213bce576b7
parent 8241a7cd

services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java

+20 −0
Original line number Diff line number Diff line
@@ -5666,6 +5666,13 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku 
        }



        public boolean canAccessAppWidget(Widget widget, int uid, String packageName) {

            if (isDifferentPackageFromHost(widget.host, packageName)

                    && isDifferentPackageFromProvider(widget.provider, packageName)) {

                // Apps providing AppWidget are only allowed to access widgets provided by the

                // same package. Similarly, apps hosting AppWidget are only allowed to access

                // widgets hosted by the same package.

                return false;

            }

            if (isHostInPackageForUid(widget.host, uid, packageName)) {

                // Apps hosting the AppWidget have access to it.

                return true;
@@ -5768,6 +5775,19 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku 
                    && provider.id.componentName.getPackageName().equals(packageName);

        }



        private boolean isDifferentPackageFromHost(

                @Nullable final Host host, @Nullable final String packageName) {

            return packageName == null || host == null || host.id == null

                || !packageName.equals(host.id.packageName);

        }



        private boolean isDifferentPackageFromProvider(

                @Nullable final Provider provider, @Nullable final String packageName) {

            return packageName == null || provider == null || provider.id == null

                    || provider.id.componentName == null

                    || !packageName.equals(provider.id.componentName.getPackageName());

        }



        private boolean isProfileEnabled(int profileId) {

            final long identity = Binder.clearCallingIdentity();

            try {