Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e5f20f07 authored by Sumedh Sen's avatar Sumedh Sen Committed by Android (Google) Code Review
Browse files

Merge changes from topic "parse-authority-sc_dev" into sc-dev 

* changes:
  [RESTRICT AUTOMERGE] Parse authority to separate userId and non-user parts of it
  [RESTRICT AUTOMERGE] Check cross user permissions for a given UID
parents e9dc3c03 52f5366c

services/core/java/com/android/server/pm/PackageManagerService.java

+20 −7
Original line number Diff line number Diff line
@@ -156,6 +156,7 @@ import android.compat.annotation.ChangeId; 
import android.compat.annotation.EnabledAfter;

import android.content.BroadcastReceiver;

import android.content.ComponentName;

import android.content.ContentProvider;

import android.content.ContentResolver;

import android.content.Context;

import android.content.IIntentReceiver;
@@ -2361,11 +2362,11 @@ public class PackageManagerService extends IPackageManager.Stub 
                String resolvedType, int flags, int userId, int callingUid,

                boolean includeInstantApps) {

            if (!mUserManager.exists(userId)) return Collections.emptyList();

            enforceCrossUserOrProfilePermission(callingUid,

            enforceCrossUserOrProfilePermission(Binder.getCallingUid(),

                    userId,

                    false /*requireFullPermission*/,

                    false /*checkShell*/,

                    "query intent receivers");

                    "query intent services");

            final String instantAppPkgName = getInstantAppPackageName(callingUid);

            flags = updateFlagsForResolve(flags, userId, callingUid, includeInstantApps,

                    false /* isImplicitImageCaptureIntentAndNotSetByDpc */);
@@ -4037,10 +4038,10 @@ public class PackageManagerService extends IPackageManager.Stub 
                return true;

            }

            if (requireFullPermission) {

                return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL);

                return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingUid);

            }

            return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)

                    || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS);

            return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingUid) 

                || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS,  callingUid);

        }















        /**









@@ -4056,6 +4057,11 @@ public class PackageManagerService extends IPackageManager.Stub













                    == PackageManager.PERMISSION_GRANTED;















        }



























        private boolean hasPermission(String permission, int uid) {













            return mContext.checkPermission(permission, /* pid= */ -1, uid)













                    == PackageManager.PERMISSION_GRANTED;













        }



























        public final boolean isCallerSameApp(String packageName, int uid) {















            AndroidPackage pkg = mPackages.get(packageName);















            return pkg != null










@@ -11414,7 +11420,7 @@ public class PackageManagerService extends IPackageManager.Stub













        final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;





























        enforceCrossUserPermission(













            callingUid,













            Binder.getCallingUid(),















            userId,















            false /* requireFullPermission */,















            false /* checkShell */,










@@ -11625,7 +11631,14 @@ public class PackageManagerService extends IPackageManager.Stub













            int callingUid) {















        if (!mUserManager.exists(userId)) return null;















        flags = updateFlagsForComponent(flags, userId);













        final ProviderInfo providerInfo = mComponentResolver.queryProvider(name, flags, userId);

























        // Callers of this API may not always separate the userID and authority. Let's parse it













        // before resolving













        String authorityWithoutUserId = ContentProvider.getAuthorityWithoutUserId(name);













        userId = ContentProvider.getUserIdFromAuthority(name, userId);

























        final ProviderInfo providerInfo = mComponentResolver.queryProvider(authorityWithoutUserId,













            flags, userId);















        boolean checkedGrants = false;















        if (providerInfo != null) {















            // Looking for cross-user grants before enforcing the typical cross-users permissions

























services/tests/PackageManagerComponentOverrideTests/src/com/android/server/pm/test/override/PackageManagerComponentLabelIconOverrideTest.kt



+5
−0




























Original line number
Diff line number
Diff line








@@ -49,6 +49,7 @@ import org.junit.BeforeClass













import org.junit.Test















import org.junit.runner.RunWith















import org.junit.runners.Parameterized













import org.mockito.ArgumentMatchers.eq















import org.mockito.Mockito.any















import org.mockito.Mockito.anyInt















import org.mockito.Mockito.clearInvocations










@@ -360,6 +361,10 @@ class PackageManagerComponentLabelIconOverrideTest {













                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)) {















                PackageManager.PERMISSION_GRANTED















            }













            whenever(this.checkPermission(













                eq(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL), anyInt(), anyInt())) {













                PackageManager.PERMISSION_GRANTED













            }















        }















        val mockInjector: PackageManagerService.Injector = mock {















            whenever(this.lock) { PackageManagerTracedLock() }