Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d191fd7 authored by Rhed Jao's avatar Rhed Jao
Browse files

Fix cross user package visibility leakage for PackageManager (7/n) 

For APIs:
- PackageManager#clearApplicationUserData
- PackageManager#getProperty
- PackageManager#getPermissionControllerPackageName
- PackageManager#setApplicationCategoryHint
- PackageManager#getUnsuspendablePackages
- PackageManager#setApplicationHiddenSettingAsUser

Bug: 229684723
Test: atest CrossUserPackageVisibilityTests
Change-Id: I70a20b4c41c870a160e808ee9707a6ec1a2da6e6
parent 25a5ed69

services/core/java/com/android/server/pm/Computer.java

+3 −3
Original line number Diff line number Diff line
@@ -387,12 +387,12 @@ public interface Computer extends PackageDataSnapshot { 
    String[] getSystemSharedLibraryNames();



    /**

     * @return the state if the given package has a state and isn't filtered by visibility.

     * @return the state if the given package is installed and isn't filtered by visibility.

     * Provides no guarantee that the package is in any usable state.

     */

    @Nullable

    PackageStateInternal getPackageStateFiltered(@NonNull String packageName, int callingUid,

            @UserIdInt int userId);

    PackageStateInternal getPackageStateForInstalledAndFiltered(@NonNull String packageName,

            int callingUid, @UserIdInt int userId);



    int checkSignatures(@NonNull String pkg1, @NonNull String pkg2, int userId);

services/core/java/com/android/server/pm/ComputerEngine.java

+4 −3
Original line number Diff line number Diff line
@@ -4238,10 +4238,11 @@ public class ComputerEngine implements Computer { 
    }



    @Override

    public PackageStateInternal getPackageStateFiltered(@NonNull String packageName, int callingUid,

            @UserIdInt int userId) {

    public PackageStateInternal getPackageStateForInstalledAndFiltered(@NonNull String packageName,

            int callingUid, @UserIdInt int userId) {

        final PackageStateInternal packageState = getPackageStateInternal(packageName);

        if (packageState == null || shouldFilterApplication(packageState, callingUid, userId)) {

        if (packageState == null

                || shouldFilterApplicationIncludingUninstalled(packageState, callingUid, userId)) {

            return null;

        }

        return packageState;

services/core/java/com/android/server/pm/IPackageManagerBase.java

+2 −2
Original line number Diff line number Diff line
@@ -715,8 +715,8 @@ public abstract class IPackageManagerBase extends IPackageManager.Stub { 
            String className) {

        Objects.requireNonNull(propertyName);

        Objects.requireNonNull(packageName);

        PackageStateInternal packageState = snapshot().getPackageStateFiltered(packageName,

                Binder.getCallingUid(), UserHandle.getCallingUserId());

        PackageStateInternal packageState = snapshot().getPackageStateForInstalledAndFiltered(

                packageName, Binder.getCallingUid(), UserHandle.getCallingUserId());

        if (packageState == null) {

            return null;

        }

services/core/java/com/android/server/pm/PackageManagerService.java

+13 −24
Original line number Diff line number Diff line
@@ -4461,7 +4461,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
            snapshot.enforceCrossUserPermission(callingUid, userId, true /* requireFullPermission */,

                    false /* checkShell */, "clear application data");



            if (snapshot.getPackageStateFiltered(packageName, callingUid, userId) == null) {

            if (snapshot.getPackageStateForInstalledAndFiltered(

                    packageName, callingUid, userId) == null) {

                if (observer != null) {

                    mHandler.post(() -> {

                        try {
@@ -4918,9 +4919,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        @Override

        public String getPermissionControllerPackageName() {

            final int callingUid = Binder.getCallingUid();

            final int callingUserId = UserHandle.getUserId(callingUid);

            final Computer snapshot = snapshotComputer();

            if (snapshot.getPackageStateFiltered(mRequiredPermissionControllerPackage,

                    callingUid, UserHandle.getUserId(callingUid)) != null) {

            if (snapshot.getPackageStateForInstalledAndFiltered(

                    mRequiredPermissionControllerPackage, callingUid, callingUserId) != null) {

                return mRequiredPermissionControllerPackage;

            }
@@ -4943,7 +4945,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
            snapshot.enforceCrossUserPermission(

                    callingUid, userId, false /* requireFullPermission */,

                    false /* checkShell */, "getSplashScreenTheme");

            PackageStateInternal packageState = filterPackageStateForInstalledAndFiltered(snapshot,

            PackageStateInternal packageState = snapshot.getPackageStateForInstalledAndFiltered(

                    packageName, callingUid, userId);

            return packageState == null ? null

                    : packageState.getUserStateOrDefault(userId).getSplashScreenTheme();
@@ -5350,8 +5352,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
                mInjector.getSystemService(AppOpsManager.class)

                        .checkPackage(Binder.getCallingUid(), callerPackageName);



                PackageStateInternal packageState = computer.getPackageStateFiltered(packageName,

                        Binder.getCallingUid(), UserHandle.getCallingUserId());

                PackageStateInternal packageState = computer.getPackageStateForInstalledAndFiltered(

                        packageName, Binder.getCallingUid(), UserHandle.getCallingUserId());

                if (packageState == null) {

                    throw new IllegalArgumentException("Unknown target package " + packageName);

                }
@@ -5420,7 +5422,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
            final long callingId = Binder.clearCallingIdentity();

            try {

                final PackageStateInternal packageState =

                        snapshot.getPackageStateFiltered(packageName, callingUid, userId);

                        snapshot.getPackageStateForInstalledAndFiltered(

                                packageName, callingUid, userId);

                if (packageState == null) {

                    return false;

                }
@@ -5823,7 +5826,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
                    false /* checkShell */, "setSplashScreenTheme");

            enforceOwnerRights(snapshot, packageName, callingUid);



            PackageStateInternal packageState = filterPackageStateForInstalledAndFiltered(snapshot,

            PackageStateInternal packageState = snapshot.getPackageStateForInstalledAndFiltered(

                    packageName, callingUid, userId);

            if (packageState == null) {

                return;
@@ -6395,7 +6398,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        public boolean registerInstalledLoadingProgressCallback(String packageName,

                PackageManagerInternal.InstalledLoadingProgressCallback callback, int userId) {

            final Computer snapshot = snapshotComputer();

            final PackageStateInternal ps = filterPackageStateForInstalledAndFiltered(snapshot,

            final PackageStateInternal ps = snapshot.getPackageStateForInstalledAndFiltered(

                    packageName, Binder.getCallingUid(), userId);

            if (ps == null) {

                return false;
@@ -6418,7 +6421,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        public IncrementalStatesInfo getIncrementalStatesInfo(

                @NonNull String packageName, int filterCallingUid, int userId) {

            final Computer snapshot = snapshotComputer();

            final PackageStateInternal ps = filterPackageStateForInstalledAndFiltered(snapshot,

            final PackageStateInternal ps = snapshot.getPackageStateForInstalledAndFiltered(

                    packageName, filterCallingUid, userId);

            if (ps == null) {

                return null;
@@ -6592,20 +6595,6 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        return mSettings.getDisabledSystemPkgLPr(packageName);

    }



    @Nullable

    private PackageStateInternal filterPackageStateForInstalledAndFiltered(

            @NonNull Computer computer, @NonNull String packageName, int callingUid,

            @UserIdInt int userId) {

        PackageStateInternal packageState =

                computer.getPackageStateInternal(packageName, callingUid);

        if (computer.shouldFilterApplicationIncludingUninstalled(

                packageState, callingUid, userId)) {

            return null;

        } else {

            return packageState;

        }

    }



    @Deprecated

    void forEachPackageSetting(Consumer<PackageSetting> actionLocked) {

        synchronized (mLock) {

services/core/java/com/android/server/pm/SuspendPackageHelper.java

+2 −1
Original line number Diff line number Diff line
@@ -228,7 +228,8 @@ public final class SuspendPackageHelper { 
                continue;

            }

            final PackageStateInternal packageState =

                    snapshot.getPackageStateFiltered(packageNames[i], callingUid, userId);

                    snapshot.getPackageStateForInstalledAndFiltered(

                            packageNames[i], callingUid, userId);

            if (packageState == null) {

                Slog.w(TAG, "Could not find package setting for package: " + packageNames[i]);

                unactionablePackages.add(packageNames[i]);