Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b395a4d4 authored by Sudheer Shanka's avatar Sudheer Shanka
Browse files

Check only if the app is installed on the other user for blob access. 

There isn't a need to require that the app has permission on other
user as well. With this change, we are checking the apps existence
on other users to limit access such that apps won't be able to
access any more data than they would've accessed by having
INTERACT_ACROSS_USERS permission and talking to their instances
on other users.

Bug: 175844032
Test: atest --test-mapping apex/blobstore
Change-Id: I6f13e3e7a240d55c02aecf31e10f750b9e4d5702
parent 1dfd9484

apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java

+21 −3
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ import android.content.Context; 
import android.content.pm.PackageManager;

import android.content.res.ResourceId;

import android.content.res.Resources;

import android.os.Binder;

import android.os.ParcelFileDescriptor;

import android.os.RevocableFileDescriptor;

import android.os.UserHandle;
@@ -308,7 +309,7 @@ class BlobMetadata { 
                if (callingUserId == committerUserId) {

                    continue;

                }

                if (!checkCallerCanAccessBlobsAcrossUsers(callingPackage, committerUserId)) {

                if (!isPackageInstalledOnUser(callingPackage, committerUserId)) {

                    continue;

                }
@@ -326,8 +327,25 @@ class BlobMetadata { 


    private static boolean checkCallerCanAccessBlobsAcrossUsers(

            String callingPackage, int callingUserId) {

        final long token = Binder.clearCallingIdentity();

        try {

            return PermissionManager.checkPackageNamePermission(ACCESS_BLOBS_ACROSS_USERS,

                    callingPackage, callingUserId) == PackageManager.PERMISSION_GRANTED;

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }



    private boolean isPackageInstalledOnUser(String packageName, int userId) {

        final long token = Binder.clearCallingIdentity();

        try {

            mContext.getPackageManager().getPackageInfoAsUser(packageName, 0, userId);

            return true;

        } catch (PackageManager.NameNotFoundException e) {

            return false;

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }



    boolean hasACommitterOrLeaseeInUser(int userId) {