Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b51a58ec authored by Nate Myren's avatar Nate Myren Committed by Android Build Coastguard Worker
Browse files

Ensure sandboxed UIDs are treated as untrusted in Appops 

They should not be considered "system" app for the purposes of
attribution tag vaildation

Bug: 443742082
Test: atest AppOpsMemoryUsageTest
Flag: EXEMPT CVE_FIX
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:1bc6b146137f76589146dff5cd82363de7ccfb7d
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:066eff80abf013531320b8280637d1d00dd553a1
Merged-In: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
Change-Id: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
parent ef2a8e20

services/core/java/com/android/server/appop/AppOpsService.java

+3 −0
Original line number Diff line number Diff line
@@ -5043,6 +5043,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
        if (packageName == null) {

            return true;

        }

        if (Process.isSdkSandboxUid(uid)) {

            return false;

        }

        int appId = UserHandle.getAppId(uid);

        if (appId > 0 && appId < Process.FIRST_APPLICATION_UID) {

            return true;