Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a4fb7ea1 authored by Rhed Jao's avatar Rhed Jao
Browse files

Allows system uid to access application across users 

After this change, applying the
function shouldFilterApplicationIncludingUninstalled to the APIs
which do not take the user id as the parameter becomes easier.
There’s no need to consider whether the system caller invokes
the API with a correct user id. The system caller is able to
access the application across users.

Bug: 229684723
Test: atest AppEnumerationTests
Test: atest AppEnumerationInternalTests
Test: atest CrossUserPackageVisibilityTests
Change-Id: I674281a1fa9083bcf63dd67cad2f944d7481cb39
parent 48ba6818

services/core/java/com/android/server/pm/Computer.java

+2 −1
Original line number Diff line number Diff line
@@ -236,7 +236,8 @@ public interface Computer extends PackageDataSnapshot { 
     * existence.

     * <p>

     * Package with {@link PackageManager#SYSTEM_APP_STATE_HIDDEN_UNTIL_INSTALLED_HIDDEN} is not

     * treated as an uninstalled package for the carrier apps customization.

     * treated as an uninstalled package for the carrier apps customization. Bypassing the

     * uninstalled package check if the caller is system, shell or root uid.

     */

    boolean shouldFilterApplicationIncludingUninstalled(@Nullable PackageStateInternal ps,

            int callingUid, int userId);

services/core/java/com/android/server/pm/ComputerEngine.java

+11 −3
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ import static com.android.server.pm.PackageManagerService.EMPTY_INT_ARRAY; 
import static com.android.server.pm.PackageManagerService.HIDE_EPHEMERAL_APIS;

import static com.android.server.pm.PackageManagerService.TAG;

import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;

import static com.android.server.pm.PackageManagerServiceUtils.isSystemOrRootOrShell;

import static com.android.server.pm.resolution.ComponentResolver.RESOLVE_PRIORITY_SORTER;



import android.Manifest;
@@ -2737,8 +2738,12 @@ public class ComputerEngine implements Computer { 
        final String instantAppPkgName = getInstantAppPackageName(callingUid);

        final boolean callerIsInstantApp = instantAppPkgName != null;

        // Don't treat hiddenUntilInstalled as an uninstalled state, phone app needs to access

        // these hidden application details to customize carrier apps.

        if (ps == null || (filterUninstall && !ps.isHiddenUntilInstalled()

        // these hidden application details to customize carrier apps. Also, allowing the system

        // caller accessing to application across users.

        if (ps == null

                || (filterUninstall

                        && !isSystemOrRootOrShell(callingUid)

                        && !ps.isHiddenUntilInstalled()

                        && !ps.getUserStateOrDefault(userId).isInstalled())) {

            // If caller is instant app or sdk sandbox and ps is null, pretend the application

            // exists, but, needs to be filtered
@@ -2837,6 +2842,9 @@ public class ComputerEngine implements Computer { 
        if (shouldFilterApplication(sus, callingUid, userId)) {

            return true;

        }

        if (isSystemOrRootOrShell(callingUid)) {

            return false;

        }

        final ArraySet<PackageStateInternal> packageStates =

                (ArraySet<PackageStateInternal>) sus.getPackageStates();

        for (int index = 0; index < packageStates.size(); index++) {

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+7 −1
Original line number Diff line number Diff line
@@ -1271,7 +1271,13 @@ public class PackageManagerServiceUtils { 
     * Check if the Binder caller is system UID, root's UID, or shell's UID.

     */

    public static boolean isSystemOrRootOrShell() {

        final int uid = Binder.getCallingUid();

        return isSystemOrRootOrShell(Binder.getCallingUid());

    }



    /**

     * @see #isSystemOrRoot()

     */

    public static boolean isSystemOrRootOrShell(int uid) {

        return uid == Process.SYSTEM_UID || uid == Process.ROOT_UID || uid == Process.SHELL_UID;

    }