From b00eb6459127018ec7641f407d5873a0c417416d Mon Sep 17 00:00:00 2001
From: Patrick Baumann <patb@google.com>
Date: Thu, 5 Apr 2018 14:50:38 -0700
Subject: [PATCH] Check permissions only against packagesettings

Prior to this change there was a chance that an updating app would not
exist in mPackages and cause a permission check for that app to fail.
This change moves all permission checks to use mSettings and the cached
package it contains to do the checks.

Change-Id: I0717bddbb08b1d0dbab3ea79fa0d2067aa858753
Fixes: 76228188
Test: Manual - system starts, permission checks work before / after update
---
 .../android/content/pm/PackageManagerInternal.java   |  5 +++++
 .../com/android/server/pm/PackageManagerService.java | 12 +++++++++---
 .../pm/permission/PermissionManagerService.java      |  7 +++----
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java
index c9b78c08202e..2cf65aa07bbe 100644
--- a/core/java/android/content/pm/PackageManagerInternal.java
+++ b/core/java/android/content/pm/PackageManagerInternal.java
@@ -488,6 +488,11 @@ public abstract class PackageManagerInternal {
      */
     public abstract @Nullable PackageParser.Package getPackage(@NonNull String packageName);
 
+    /**
+     * Returns a {@link com.android.server.pm.PackageSetting} for a given package name.
+     */
+    public abstract @Nullable Object getPackageSetting(String packageName);
+
     /**
      * Returns a list without a change observer.
      *
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 2c98da3a4904..33e5c7ddec1a 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -5304,7 +5304,7 @@ public class PackageManagerService extends IPackageManager.Stub
         synchronized (mPackages) {
             final String[] packageNames = getPackagesForUid(uid);
             final PackageParser.Package pkg = (packageNames != null && packageNames.length > 0)
-                    ? mPackages.get(packageNames[0])
+                    ? mSettings.getPackageLPr(packageNames[0]).getPackage()
                     : null;
             return mPermissionManager.checkUidPermission(permName, pkg, uid, getCallingUid());
         }
@@ -8070,7 +8070,6 @@ public class PackageManagerService extends IPackageManager.Stub
                 callingUid = mIsolatedOwners.get(callingUid);
             }
             final PackageSetting ps = mSettings.mPackages.get(packageName);
-            PackageParser.Package pkg = mPackages.get(packageName);
             final boolean returnAllowed =
                     ps != null
                     && (isCallerSameApp(packageName, callingUid)
@@ -8141,7 +8140,7 @@ public class PackageManagerService extends IPackageManager.Stub
     }
 
     private boolean isCallerSameApp(String packageName, int uid) {
-        PackageParser.Package pkg = mPackages.get(packageName);
+        PackageParser.Package pkg = mSettings.getPackageLPr(packageName).getPackage();
         return pkg != null
                 && UserHandle.getAppId(uid) == pkg.applicationInfo.uid;
     }
@@ -23613,6 +23612,13 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
             }
         }
 
+        @Override
+        public Object getPackageSetting(String packageName) {
+            synchronized (mPackages) {
+                return mSettings.getPackageLPr(packageName);
+            }
+        }
+
         @Override
         public PackageList getPackageList(PackageListObserver observer) {
             synchronized (mPackages) {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index f5b52fc486ea..065133b01b6d 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -212,12 +212,11 @@ public class PermissionManagerService {
             return PackageManager.PERMISSION_DENIED;
         }
 
-        final PackageParser.Package pkg = mPackageManagerInt.getPackage(pkgName);
-        if (pkg != null && pkg.mExtras != null) {
-            if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
+        final PackageSetting ps = (PackageSetting) mPackageManagerInt.getPackageSetting(pkgName);
+        if (ps != null && ps.getPackage() != null) {
+            if (mPackageManagerInt.filterAppAccess(ps.getPackage(), callingUid, userId)) {
                 return PackageManager.PERMISSION_DENIED;
             }
-            final PackageSetting ps = (PackageSetting) pkg.mExtras;
             final boolean instantApp = ps.getInstantApp(userId);
             final PermissionsState permissionsState = ps.getPermissionsState();
             if (permissionsState.hasPermission(permName, userId)) {
-- 
GitLab