Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c4a6070d authored by Todd Kennedy's avatar Todd Kennedy
Browse files

Correct provider filtering 

The provider filtering didn't allow for access by the system server.

Change-Id: Ie939da99714ccb5a281ef0dfb658aaa231bb0c07
Fixes: 76208554
Test: atest -it CtsAppSecurityHostTestCases:EphemeralTest#testEphemeralQuery
Test: atest -it CtsAppSecurityHostTestCases:EphemeralTest#testNormalQuery
parent 3e8e71d1

services/core/java/com/android/server/pm/PackageManagerService.java

+11 −24
Original line number Diff line number Diff line
@@ -17,12 +17,12 @@ 
package com.android.server.pm;















import static android.Manifest.permission.DELETE_PACKAGES;













import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;













import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;















import static android.Manifest.permission.INSTALL_PACKAGES;













import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;















import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;















import static android.Manifest.permission.READ_EXTERNAL_STORAGE;















import static android.Manifest.permission.REQUEST_DELETE_PACKAGES;













import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;















import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;















import static android.content.pm.PackageManager.CERT_INPUT_RAW_X509;















import static android.content.pm.PackageManager.CERT_INPUT_SHA256;










@@ -167,8 +167,8 @@ import android.content.pm.PackageInfoLite;













import android.content.pm.PackageInstaller;















import android.content.pm.PackageList;















import android.content.pm.PackageManager;













import android.content.pm.PackageManagerInternal;















import android.content.pm.PackageManager.LegacyPackageDeleteObserver;













import android.content.pm.PackageManagerInternal;















import android.content.pm.PackageManagerInternal.PackageListObserver;















import android.content.pm.PackageParser;















import android.content.pm.PackageParser.ActivityIntentInfo;










@@ -310,10 +310,10 @@ import com.android.server.pm.dex.DexoptOptions;













import com.android.server.pm.dex.PackageDexUsage;















import com.android.server.pm.permission.BasePermission;















import com.android.server.pm.permission.DefaultPermissionGrantPolicy;













import com.android.server.pm.permission.PermissionManagerService;













import com.android.server.pm.permission.PermissionManagerInternal;















import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;













import com.android.server.pm.permission.PermissionManagerInternal;















import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;













import com.android.server.pm.permission.PermissionManagerService;















import com.android.server.pm.permission.PermissionsState;















import com.android.server.pm.permission.PermissionsState.PermissionState;















import com.android.server.security.VerityUtils;










@@ -8185,35 +8185,22 @@ public class PackageManagerService extends IPackageManager.Stub













    private ProviderInfo resolveContentProviderInternal(String name, int flags, int userId) {















        if (!sUserManager.exists(userId)) return null;















        flags = updateFlagsForComponent(flags, userId, name);













        final String instantAppPkgName = getInstantAppPackageName(Binder.getCallingUid());













        // reader













        final int callingUid = Binder.getCallingUid();















        synchronized (mPackages) {















            final PackageParser.Provider provider = mProvidersByAuthority.get(name);















            PackageSetting ps = provider != null















                    ? mSettings.mPackages.get(provider.owner.packageName)















                    : null;















            if (ps != null) {













                final boolean isInstantApp = ps.getInstantApp(userId);













                // normal application; filter out instant application provider













                if (instantAppPkgName == null && isInstantApp) {













                    return null;













                }













                // instant application; filter out other instant applications













                if (instantAppPkgName != null













                        && isInstantApp













                        && !provider.owner.packageName.equals(instantAppPkgName)) {













                    return null;













                }













                // instant application; filter out non-exposed provider













                if (instantAppPkgName != null













                        && !isInstantApp













                        && (provider.info.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0) {













                    return null;













                }















                // provider not enabled















                if (!mSettings.isEnabledAndMatchLPr(provider.info, flags, userId)) {















                    return null;















                }













                final ComponentName component =













                        new ComponentName(provider.info.packageName, provider.info.name);













                if (filterAppAccessLPr(ps, callingUid, component, TYPE_PROVIDER, userId)) {













                    return null;













                }















                return PackageParser.generateProviderInfo(















                        provider, flags, ps.readUserState(userId), userId);















            }