Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e8e5095c authored by Nate Myren's avatar Nate Myren Committed by Michael Bestas
Browse files

Ensure sandboxed UIDs are treated as untrusted in Appops 

They should not be considered "system" app for the purposes of
attribution tag vaildation

Bug: 443742082
Test: atest AppOpsMemoryUsageTest
Flag: EXEMPT CVE_FIX
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:1bc6b146137f76589146dff5cd82363de7ccfb7d
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:9cacc6180df8eb4451a23f122f457e413a299911
Merged-In: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
Change-Id: I0c4ac8eaa8966027ad01375dde58b05febec3ffb
parent 1baa0c78

services/core/java/com/android/server/appop/AppOpsService.java

+3 −0
Original line number Diff line number Diff line
@@ -5041,6 +5041,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
        if (packageName == null) {

            return true;

        }

        if (Process.isSdkSandboxUid(uid)) {

            return false;

        }

        int appId = UserHandle.getAppId(uid);

        if (appId > 0 && appId < Process.FIRST_APPLICATION_UID) {

            return true;