Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d9e614ec authored by Nikita Ioffe's avatar Nikita Ioffe Committed by Automerger Merge Worker
Browse files

Merge "Handle the visibility of sdk sandbox uids" into tm-dev am: 6c0ca16d... 

Merge "Handle the visibility of sdk sandbox uids" into tm-dev am: 6c0ca16d am: 793865d7 am: 3c3c0312

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18928730



Change-Id: I3bed4543057516c65e2f3560b598a3bb4e4ab3c5
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 70442cd9 3c3c0312

services/core/java/com/android/server/pm/ComputerEngine.java

+15 −2
Original line number Diff line number Diff line
@@ -2686,7 +2686,7 @@ public class ComputerEngine implements Computer { 
        if (Process.isSdkSandboxUid(callingUid)) {

            int clientAppUid = Process.getAppUidForSdkSandboxUid(callingUid);

            // SDK sandbox should be able to see it's client app

            if (clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {

            if (ps != null && clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {

                return false;

            }

        }
@@ -2698,7 +2698,7 @@ public class ComputerEngine implements Computer { 
        final boolean callerIsInstantApp = instantAppPkgName != null;

        if (ps == null) {

            // pretend the application exists, but, needs to be filtered

            return callerIsInstantApp;

            return callerIsInstantApp || Process.isSdkSandboxUid(callingUid);

        }

        // if the target and caller are the same application, don't filter

        if (isCallerSameApp(ps.getPackageName(), callingUid)) {
@@ -3089,6 +3089,19 @@ public class ComputerEngine implements Computer { 
    }



    public boolean filterAppAccess(int uid, int callingUid) {

        if (Process.isSdkSandboxUid(uid)) {

            // Sdk sandbox instance should be able to see itself.

            if (callingUid == uid) {

                return false;

            }

            final int clientAppUid = Process.getAppUidForSdkSandboxUid(uid);

            // Client app of this sdk sandbox process should be able to see it.

            if (clientAppUid == uid) {

                return false;

            }

            // Nobody else should be able to see the sdk sandbox process.

            return true;

        }

        final int userId = UserHandle.getUserId(uid);

        final int appId = UserHandle.getAppId(uid);

        final Object setting = mSettings.getSettingBase(appId);