Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d22e9dfb authored by Hongming Jin's avatar Hongming Jin Committed by Atanas Kirilov
Browse files

Backporting of b/77821568 

Enforce permission check before returning application info
Test: manually tested (see bug for repro steps)
Bug: 77821568

Change-Id: Iec13196250f0e5d8b54fd7060ed40e3fe3fe2827
Merged-In: I7554805c36c0c2552163dad7b07cfc5f552b624e
parent c70d8826

services/core/java/com/android/server/pm/PackageManagerService.java

+24 −3
Original line number Diff line number Diff line
@@ -4473,7 +4473,9 @@ public class PackageManagerService extends IPackageManager.Stub 
            triaged = false;

        }

        if ((flags & PackageManager.MATCH_ANY_USER) != 0) {

            enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false,

            // require the permission to be held; the calling uid and given user id referring

            // to the same user is not sufficient

            enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, true,

                    "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at "

                    + Debug.getCallers(5));

        } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0 && isCallerSystemUser
@@ -5126,13 +5128,25 @@ public class PackageManagerService extends IPackageManager.Stub 
     */

    void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission,

            boolean checkShell, String message) {

        enforceCrossUserPermission(

              callingUid,

              userId,

              requireFullPermission,

              checkShell,

              false,

              message);

    }













    private void enforceCrossUserPermission(int callingUid, int userId,













            boolean requireFullPermission, boolean checkShell,













            boolean requirePermissionWhenSameUser, String message) {















        if (userId < 0) {















            throw new IllegalArgumentException("Invalid userId " + userId);















        }















        if (checkShell) {















            enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId);















        }













        if (userId == UserHandle.getUserId(callingUid)) return;













        if (!requirePermissionWhenSameUser && userId == UserHandle.getUserId(callingUid)) return;















        if (callingUid != Process.SYSTEM_UID && callingUid != 0) {















            if (requireFullPermission) {















                mContext.enforceCallingOrSelfPermission(










@@ -8194,7 +8208,7 @@ public class PackageManagerService extends IPackageManager.Stub













        flags = updateFlagsForPackage(flags, userId, null);















        final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;















        enforceCrossUserPermission(callingUid, userId,













                true /* requireFullPermission */, false /* checkShell */,













                false /* requireFullPermission */, false /* checkShell */,















                "get installed packages");





























        // writer










@@ -8318,6 +8332,13 @@ public class PackageManagerService extends IPackageManager.Stub













        flags = updateFlagsForApplication(flags, userId, null);















        final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;



























        enforceCrossUserPermission(













            callingUid,













            userId,













            false /* requireFullPermission */,













            false /* checkShell */,













            "get installed application info");



























        // writer















        synchronized (mPackages) {















            ArrayList<ApplicationInfo> list;