Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dbaef6dc authored by Todd Kennedy's avatar Todd Kennedy
Browse files

Add cross user permission checks 

Change-Id: I5d46248fafe52dea66a33c416fbe151776b73679
Fixes: 62348076
Test: Manual
parent b3d487da

core/java/android/content/pm/PackageManager.java

+6 −1
Original line number Diff line number Diff line
@@ -4013,6 +4013,7 @@ public abstract class PackageManager { 
     * @hide

     */

    @SystemApi

    @RequiresPermission(Manifest.permission.INTERACT_ACROSS_USERS)

    public List<ResolveInfo> queryBroadcastReceiversAsUser(Intent intent,

            @ResolveInfoFlags int flags, UserHandle userHandle) {

        return queryBroadcastReceiversAsUser(intent, flags, userHandle.getIdentifier());
@@ -4801,6 +4802,7 @@ public abstract class PackageManager { 
     * @hide

     */

    @SystemApi

    @RequiresPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL)

    public abstract int getIntentVerificationStatusAsUser(String packageName, @UserIdInt int userId);



    /**
@@ -4870,6 +4872,7 @@ public abstract class PackageManager { 
     */

    @TestApi

    @SystemApi

    @RequiresPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL)

    public abstract String getDefaultBrowserPackageNameAsUser(@UserIdInt int userId);



    /**
@@ -4885,7 +4888,9 @@ public abstract class PackageManager { 
     * @hide

     */

    @SystemApi

    @RequiresPermission(android.Manifest.permission.SET_PREFERRED_APPLICATIONS)

    @RequiresPermission(allOf = {

            Manifest.permission.SET_PREFERRED_APPLICATIONS,

            Manifest.permission.INTERACT_ACROSS_USERS_FULL})

    public abstract boolean setDefaultBrowserPackageNameAsUser(String packageName,

            @UserIdInt int userId);

services/core/java/com/android/server/pm/PackageManagerService.java

+19 −0
Original line number Diff line number Diff line
@@ -7749,6 +7749,9 @@ public class PackageManagerService extends IPackageManager.Stub 
            String resolvedType, int flags, int userId) {

        if (!sUserManager.exists(userId)) return Collections.emptyList();

        final int callingUid = Binder.getCallingUid();

        enforceCrossUserPermission(callingUid, userId,

                false /*requireFullPermission*/, false /*checkShell*/,

                "query intent receivers");

        final String instantAppPkgName = getInstantAppPackageName(callingUid);

        flags = updateFlagsForResolve(flags, userId, intent, callingUid,

                false /*includeInstantApps*/);
@@ -7855,6 +7858,9 @@ public class PackageManagerService extends IPackageManager.Stub 
            String resolvedType, int flags, int userId, int callingUid,

            boolean includeInstantApps) {

        if (!sUserManager.exists(userId)) return Collections.emptyList();

        enforceCrossUserPermission(callingUid, userId,

                false /*requireFullPermission*/, false /*checkShell*/,

                "query intent receivers");

        final String instantAppPkgName = getInstantAppPackageName(callingUid);

        flags = updateFlagsForResolve(flags, userId, intent, callingUid, includeInstantApps);

        ComponentName comp = intent.getComponent();
@@ -15066,6 +15072,11 @@ public class PackageManagerService extends IPackageManager.Stub 
    @Override

    public int getIntentVerificationStatus(String packageName, int userId) {

        final int callingUid = Binder.getCallingUid();

        if (UserHandle.getUserId(callingUid) != userId) {

            mContext.enforceCallingOrSelfPermission(

                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                    "getIntentVerificationStatus" + userId);

        }

        if (getInstantAppPackageName(callingUid) != null) {

            return INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED;

        }
@@ -15149,6 +15160,10 @@ public class PackageManagerService extends IPackageManager.Stub 
    public boolean setDefaultBrowserPackageName(String packageName, int userId) {

        mContext.enforceCallingOrSelfPermission(

                android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null);

        if (UserHandle.getCallingUserId() != userId) {

            mContext.enforceCallingOrSelfPermission(

                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null);

        }















        synchronized (mPackages) {















            boolean result = mSettings.setDefaultBrowserPackageNameLPw(packageName, userId);









@@ -15162,6 +15177,10 @@ public class PackageManagerService extends IPackageManager.Stub



























    @Override















    public String getDefaultBrowserPackageName(int userId) {













        if (UserHandle.getCallingUserId() != userId) {













            mContext.enforceCallingOrSelfPermission(













                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null);













        }















        if (getInstantAppPackageName(Binder.getCallingUid()) != null) {















            return null;















        }