Loading core/java/android/content/pm/LauncherApps.java +7 −1 Original line number Diff line number Diff line Loading @@ -1903,6 +1903,10 @@ public class LauncherApps { /** * Register a callback to watch for session lifecycle events in this user and managed profiles. * Callers need to either declare <queries> element with the specific package name in the * app's manifest, have the android.permission.QUERY_ALL_PACKAGES, or be the session owner to * watch for these events. * * @param callback The callback to register. * @param executor {@link Executor} to handle the callbacks, cannot be null. * Loading Loading @@ -1947,7 +1951,9 @@ public class LauncherApps { /** * Return list of all known install sessions in this user and managed profiles, regardless * of the installer. * of the installer. Callers need to either declare <queries> element with the specific * package name in the app's manifest, have the android.permission.QUERY_ALL_PACKAGES, or be * the session owner to retrieve these details. * * @see PackageInstaller#getAllSessions() */ Loading core/java/android/content/pm/PackageInstaller.java +26 −6 Original line number Diff line number Diff line Loading @@ -524,8 +524,9 @@ public class PackageInstaller { } /** * Return details for a specific session. No special permissions are * required to retrieve these details. * Return details for a specific session. Callers need to either declare <queries> * element with the specific package name in the app's manifest, have the * android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these details. * * @return details for the requested session, or {@code null} if the session * does not exist. Loading @@ -539,7 +540,10 @@ public class PackageInstaller { } /** * Return list of all known install sessions, regardless of the installer. * Return list of all known install sessions, regardless of the installer. Callers need to * either declare <queries> element with the specific package name in the app's manifest, * have the android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these * details. */ public @NonNull List<SessionInfo> getAllSessions() { try { Loading @@ -561,7 +565,9 @@ public class PackageInstaller { } /** * Return list of all staged install sessions. * Return list of all staged install sessions. Callers need to either declare <queries> * element with the specific package name in the app's manifest, have the * android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these details. */ public @NonNull List<SessionInfo> getStagedSessions() { try { Loading Loading @@ -870,8 +876,8 @@ public class PackageInstaller { } /** * Register to watch for session lifecycle events. No special permissions * are required to watch for these events. * Register to watch for session lifecycle events. The callers need to be the session * owner or have the android.permission.QUERY_ALL_PACKAGES to watch for these events. */ public void registerSessionCallback(@NonNull SessionCallback callback) { registerSessionCallback(callback, new Handler()); Loading Loading @@ -2397,6 +2403,9 @@ public class PackageInstaller { /** {@hide} */ public int requireUserAction; /** {@hide} */ public int installerUid; /** {@hide} */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public SessionInfo() { Loading Loading @@ -2447,6 +2456,7 @@ public class PackageInstaller { rollbackDataPolicy = source.readInt(); createdMillis = source.readLong(); requireUserAction = source.readInt(); installerUid = source.readInt(); } /** Loading Loading @@ -2962,6 +2972,15 @@ public class PackageInstaller { return requireUserAction; } /** * Returns the Uid of the owner of the session. * * @hide */ public int getInstallerUid() { return installerUid; } @Override public int describeContents() { return 0; Loading Loading @@ -3008,6 +3027,7 @@ public class PackageInstaller { dest.writeInt(rollbackDataPolicy); dest.writeLong(createdMillis); dest.writeInt(requireUserAction); dest.writeInt(installerUid); } public static final Parcelable.Creator<SessionInfo> Loading services/core/java/android/content/pm/PackageManagerInternal.java +8 −0 Original line number Diff line number Diff line Loading @@ -781,6 +781,14 @@ public abstract class PackageManagerInternal implements PackageSettingsSnapshotP @Nullable public abstract int[] getVisibilityAllowList(@NonNull String packageName, int userId); /** * Returns whether the given UID either declares <queries> element with the given package * name in its app's manifest, has {@link android.Manifest.permission.QUERY_ALL_PACKAGES}, or * package visibility filtering is enabled on it. If the UID is part of a shared user ID, * return {@code true} if any one application belongs to the shared user ID meets the criteria. */ public abstract boolean canQueryPackage(int callingUid, @Nullable String packageName); /** Returns whether the given package was signed by the platform */ public abstract boolean isPlatformSigned(String pkg); Loading services/core/java/com/android/server/pm/AppsFilter.java +18 −0 Original line number Diff line number Diff line Loading @@ -1526,6 +1526,24 @@ public class AppsFilter implements Watchable, Snappable { } } boolean canQueryPackage(@NonNull AndroidPackage querying, String potentialTarget) { int appId = UserHandle.getAppId(querying.getUid()); if (appId < Process.FIRST_APPLICATION_UID) { return true; } // Check if FILTER_APPLICATION_QUERY is enabled on the given package. if (!mFeatureConfig.packageIsEnabled(querying)) { return true; } if (requestsQueryAllPackages(querying)) { return true; } return !querying.getQueriesPackages().isEmpty() && querying.getQueriesPackages().contains(potentialTarget); } private static boolean requestsQueryAllPackages(@NonNull AndroidPackage pkg) { // we're not guaranteed to have permissions yet analyzed at package add, so we inspect the Loading services/core/java/com/android/server/pm/LauncherAppsService.java +11 −1 Original line number Diff line number Diff line Loading @@ -278,6 +278,7 @@ public class LauncherAppsService extends SystemService { verifyCallingPackage(callingPackage); List<SessionInfo> sessionInfos = new ArrayList<>(); int[] userIds = mUm.getEnabledProfileIds(getCallingUserId()); final int callingUid = Binder.getCallingUid(); final long token = Binder.clearCallingIdentity(); try { for (int userId : userIds) { Loading @@ -287,9 +288,18 @@ public class LauncherAppsService extends SystemService { } finally { Binder.restoreCallingIdentity(token); } sessionInfos.removeIf(info -> shouldFilterSession(callingUid, info)); return new ParceledListSlice<>(sessionInfos); } private boolean shouldFilterSession(int uid, SessionInfo session) { if (session == null) { return false; } return uid != session.getInstallerUid() && !mPackageManagerInternal.canQueryPackage(uid, session.getAppPackageName()); } private PackageInstallerService getPackageInstallerService() { if (mPackageInstallerService == null) { mPackageInstallerService = ((PackageInstallerService) ((PackageManagerService) Loading Loading @@ -377,7 +387,7 @@ public class LauncherAppsService extends SystemService { void verifyCallingPackage(String callingPackage) { int packageUid = -1; try { packageUid = AppGlobals.getPackageManager().getPackageUid(callingPackage, packageUid = mIPM.getPackageUid(callingPackage, PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE | PackageManager.MATCH_UNINSTALLED_PACKAGES, Loading Loading
core/java/android/content/pm/LauncherApps.java +7 −1 Original line number Diff line number Diff line Loading @@ -1903,6 +1903,10 @@ public class LauncherApps { /** * Register a callback to watch for session lifecycle events in this user and managed profiles. * Callers need to either declare <queries> element with the specific package name in the * app's manifest, have the android.permission.QUERY_ALL_PACKAGES, or be the session owner to * watch for these events. * * @param callback The callback to register. * @param executor {@link Executor} to handle the callbacks, cannot be null. * Loading Loading @@ -1947,7 +1951,9 @@ public class LauncherApps { /** * Return list of all known install sessions in this user and managed profiles, regardless * of the installer. * of the installer. Callers need to either declare <queries> element with the specific * package name in the app's manifest, have the android.permission.QUERY_ALL_PACKAGES, or be * the session owner to retrieve these details. * * @see PackageInstaller#getAllSessions() */ Loading
core/java/android/content/pm/PackageInstaller.java +26 −6 Original line number Diff line number Diff line Loading @@ -524,8 +524,9 @@ public class PackageInstaller { } /** * Return details for a specific session. No special permissions are * required to retrieve these details. * Return details for a specific session. Callers need to either declare <queries> * element with the specific package name in the app's manifest, have the * android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these details. * * @return details for the requested session, or {@code null} if the session * does not exist. Loading @@ -539,7 +540,10 @@ public class PackageInstaller { } /** * Return list of all known install sessions, regardless of the installer. * Return list of all known install sessions, regardless of the installer. Callers need to * either declare <queries> element with the specific package name in the app's manifest, * have the android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these * details. */ public @NonNull List<SessionInfo> getAllSessions() { try { Loading @@ -561,7 +565,9 @@ public class PackageInstaller { } /** * Return list of all staged install sessions. * Return list of all staged install sessions. Callers need to either declare <queries> * element with the specific package name in the app's manifest, have the * android.permission.QUERY_ALL_PACKAGES, or be the session owner to retrieve these details. */ public @NonNull List<SessionInfo> getStagedSessions() { try { Loading Loading @@ -870,8 +876,8 @@ public class PackageInstaller { } /** * Register to watch for session lifecycle events. No special permissions * are required to watch for these events. * Register to watch for session lifecycle events. The callers need to be the session * owner or have the android.permission.QUERY_ALL_PACKAGES to watch for these events. */ public void registerSessionCallback(@NonNull SessionCallback callback) { registerSessionCallback(callback, new Handler()); Loading Loading @@ -2397,6 +2403,9 @@ public class PackageInstaller { /** {@hide} */ public int requireUserAction; /** {@hide} */ public int installerUid; /** {@hide} */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public SessionInfo() { Loading Loading @@ -2447,6 +2456,7 @@ public class PackageInstaller { rollbackDataPolicy = source.readInt(); createdMillis = source.readLong(); requireUserAction = source.readInt(); installerUid = source.readInt(); } /** Loading Loading @@ -2962,6 +2972,15 @@ public class PackageInstaller { return requireUserAction; } /** * Returns the Uid of the owner of the session. * * @hide */ public int getInstallerUid() { return installerUid; } @Override public int describeContents() { return 0; Loading Loading @@ -3008,6 +3027,7 @@ public class PackageInstaller { dest.writeInt(rollbackDataPolicy); dest.writeLong(createdMillis); dest.writeInt(requireUserAction); dest.writeInt(installerUid); } public static final Parcelable.Creator<SessionInfo> Loading
services/core/java/android/content/pm/PackageManagerInternal.java +8 −0 Original line number Diff line number Diff line Loading @@ -781,6 +781,14 @@ public abstract class PackageManagerInternal implements PackageSettingsSnapshotP @Nullable public abstract int[] getVisibilityAllowList(@NonNull String packageName, int userId); /** * Returns whether the given UID either declares <queries> element with the given package * name in its app's manifest, has {@link android.Manifest.permission.QUERY_ALL_PACKAGES}, or * package visibility filtering is enabled on it. If the UID is part of a shared user ID, * return {@code true} if any one application belongs to the shared user ID meets the criteria. */ public abstract boolean canQueryPackage(int callingUid, @Nullable String packageName); /** Returns whether the given package was signed by the platform */ public abstract boolean isPlatformSigned(String pkg); Loading
services/core/java/com/android/server/pm/AppsFilter.java +18 −0 Original line number Diff line number Diff line Loading @@ -1526,6 +1526,24 @@ public class AppsFilter implements Watchable, Snappable { } } boolean canQueryPackage(@NonNull AndroidPackage querying, String potentialTarget) { int appId = UserHandle.getAppId(querying.getUid()); if (appId < Process.FIRST_APPLICATION_UID) { return true; } // Check if FILTER_APPLICATION_QUERY is enabled on the given package. if (!mFeatureConfig.packageIsEnabled(querying)) { return true; } if (requestsQueryAllPackages(querying)) { return true; } return !querying.getQueriesPackages().isEmpty() && querying.getQueriesPackages().contains(potentialTarget); } private static boolean requestsQueryAllPackages(@NonNull AndroidPackage pkg) { // we're not guaranteed to have permissions yet analyzed at package add, so we inspect the Loading
services/core/java/com/android/server/pm/LauncherAppsService.java +11 −1 Original line number Diff line number Diff line Loading @@ -278,6 +278,7 @@ public class LauncherAppsService extends SystemService { verifyCallingPackage(callingPackage); List<SessionInfo> sessionInfos = new ArrayList<>(); int[] userIds = mUm.getEnabledProfileIds(getCallingUserId()); final int callingUid = Binder.getCallingUid(); final long token = Binder.clearCallingIdentity(); try { for (int userId : userIds) { Loading @@ -287,9 +288,18 @@ public class LauncherAppsService extends SystemService { } finally { Binder.restoreCallingIdentity(token); } sessionInfos.removeIf(info -> shouldFilterSession(callingUid, info)); return new ParceledListSlice<>(sessionInfos); } private boolean shouldFilterSession(int uid, SessionInfo session) { if (session == null) { return false; } return uid != session.getInstallerUid() && !mPackageManagerInternal.canQueryPackage(uid, session.getAppPackageName()); } private PackageInstallerService getPackageInstallerService() { if (mPackageInstallerService == null) { mPackageInstallerService = ((PackageInstallerService) ((PackageManagerService) Loading Loading @@ -377,7 +387,7 @@ public class LauncherAppsService extends SystemService { void verifyCallingPackage(String callingPackage) { int packageUid = -1; try { packageUid = AppGlobals.getPackageManager().getPackageUid(callingPackage, packageUid = mIPM.getPackageUid(callingPackage, PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE | PackageManager.MATCH_UNINSTALLED_PACKAGES, Loading
