Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2405766 authored by Todd Kennedy's avatar Todd Kennedy
Browse files

RESTRICT AUTOMERGE Relax security exception for backport 

The original backport for this bug threw an exception when the caller
didn't hold the INTERACT_ACROSS_USERS permission; even when it queried
for its own packages.

Now, we simply ignore the request to match any user.

Bug: 77821568
Test: manual
Change-Id: I5716b50a7fb18def20323b872ddef06fa9723b13
parent e43837e2

services/core/java/com/android/server/pm/PackageManagerService.java

+13 −3
Original line number Diff line number Diff line
@@ -4475,9 +4475,19 @@ public class PackageManagerService extends IPackageManager.Stub 
        if ((flags & PackageManager.MATCH_ANY_USER) != 0) {

            // require the permission to be held; the calling uid and given user id referring

            // to the same user is not sufficient

            try {

                enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, true,

                        "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at "

                        + Debug.getCallers(5));

            } catch (SecurityException se) {

                // For compatibility reasons, we can't throw a security exception here if we're

                // looking for applications in our own user id. Instead, unset the MATCH_ANY_USER

                // flag and move on.

                if (userId != UserHandle.getCallingUserId()) {

                    throw se;

                }

                flags &= ~PackageManager.MATCH_ANY_USER;

            }

        } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0 && isCallerSystemUser

                && sUserManager.hasManagedProfile(UserHandle.USER_SYSTEM)) {

            // If the caller wants all packages and has a restricted profile associated with it,