Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7f680c3 authored by Jackal Guo's avatar Jackal Guo
Browse files

Honor app visibility for checkAutoRevokeAccess 

This method should return the same result when the given package is
not installed or visible to the caller. Also, moving the permission
check beofre the package existence one.

Bug: 186404361
Test: atest CtsAppEnumerationTestCases
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Change-Id: Idd6343c4e101533888f988d2373a4a46f310e79e
parent efadb12e

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+6 −7
Original line number Diff line number Diff line
@@ -277,10 +277,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
    }



    private boolean checkAutoRevokeAccess(AndroidPackage pkg, int callingUid) {

        if (pkg == null) {

            return false;

        }



        final boolean isCallerPrivileged = mContext.checkCallingOrSelfPermission(

                Manifest.permission.WHITELIST_AUTO_REVOKE_PERMISSIONS)

                == PackageManager.PERMISSION_GRANTED;
@@ -292,6 +288,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                    + Manifest.permission.WHITELIST_AUTO_REVOKE_PERMISSIONS

                    + " or be the installer on record");

        }



        if (pkg == null || mPackageManagerInt.filterAppAccess(pkg, callingUid,

                UserHandle.getUserId(callingUid))) {

            return false;

        }



        return true;

    }
@@ -301,9 +303,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { 


        final AndroidPackage pkg = mPackageManagerInt.getPackage(packageName);

        final int callingUid = Binder.getCallingUid();

        if (mPackageManagerInt.filterAppAccess(packageName, callingUid, userId)) {

            return false;

        }



        if (!checkAutoRevokeAccess(pkg, callingUid)) {

            return false;