Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ea10dcc5 authored by Alex Buynytskyy's avatar Alex Buynytskyy
Browse files

Update QAS to further restrict visibility. 

To everything but activities.

Fixes: 305065693
Fixes: 305064102
Test: adb shell device_config put package_manager_service com.android.server.pm.quarantined_enabled true && atest PackageManagerTest
Test: adb shell device_config put package_manager_service com.android.server.pm.quarantined_enabled false && atest PackageManagerTest
Change-Id: Ie2068af1d898a541b5a98f30b9e6a0e03ebc7ffc
parent 53128e41

core/java/android/content/Context.java

+2 −2
Original line number Diff line number Diff line
@@ -323,7 +323,7 @@ public abstract class Context { 
            // Make sure no flag uses the sign bit (most significant bit) of the long integer,

            // to avoid future confusion.

            BIND_BYPASS_USER_NETWORK_RESTRICTIONS,

            BIND_FILTER_OUT_QUARANTINED_COMPONENTS,

            BIND_MATCH_QUARANTINED_COMPONENTS,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface BindServiceFlagsLongBits {}
@@ -703,7 +703,7 @@ public abstract class Context { 
     *

     * @hide

     */

    public static final long BIND_FILTER_OUT_QUARANTINED_COMPONENTS = 0x2_0000_0000L;

    public static final long BIND_MATCH_QUARANTINED_COMPONENTS = 0x2_0000_0000L;





    /**

core/java/android/content/pm/PackageManager.java

+3 −3
Original line number Diff line number Diff line
@@ -838,7 +838,7 @@ public abstract class PackageManager { 
            GET_DISABLED_COMPONENTS,

            GET_DISABLED_UNTIL_USED_COMPONENTS,

            GET_UNINSTALLED_PACKAGES,

            FILTER_OUT_QUARANTINED_COMPONENTS,

            MATCH_QUARANTINED_COMPONENTS,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface ComponentInfoFlagsBits {}
@@ -863,7 +863,7 @@ public abstract class PackageManager { 
            GET_DISABLED_UNTIL_USED_COMPONENTS,

            GET_UNINSTALLED_PACKAGES,

            MATCH_CLONE_PROFILE,

            FILTER_OUT_QUARANTINED_COMPONENTS,

            MATCH_QUARANTINED_COMPONENTS,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface ResolveInfoFlagsBits {}
@@ -1257,7 +1257,7 @@ public abstract class PackageManager { 
    /**

     * @hide

     */

    public static final long FILTER_OUT_QUARANTINED_COMPONENTS = 0x100000000L;

    public static final long MATCH_QUARANTINED_COMPONENTS = 0x100000000L;



    /**

     * Flag for {@link #addCrossProfileIntentFilter}: if this flag is set: when

services/core/java/com/android/server/accounts/AccountManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -5309,7 +5309,7 @@ public class AccountManagerService 
            if (Log.isLoggable(TAG, Log.VERBOSE)) {

                Log.v(TAG, "performing bindService to " + authenticatorInfo.componentName);

            }

            long flags = Context.BIND_FILTER_OUT_QUARANTINED_COMPONENTS | Context.BIND_AUTO_CREATE;

            long flags = Context.BIND_AUTO_CREATE;

            if (mAuthenticatorCache.getBindInstantServiceAllowed(mAccounts.userId)) {

                flags |= Context.BIND_ALLOW_INSTANT;

            }

services/core/java/com/android/server/am/ActiveServices.java

+7 −7
Original line number Diff line number Diff line
@@ -3662,8 +3662,8 @@ public final class ActiveServices { 
                || (flags & Context.BIND_EXTERNAL_SERVICE_LONG) != 0;

        final boolean allowInstant = (flags & Context.BIND_ALLOW_INSTANT) != 0;

        final boolean inSharedIsolatedProcess = (flags & Context.BIND_SHARED_ISOLATED_PROCESS) != 0;

        final boolean filterOutQuarantined =

                (flags & Context.BIND_FILTER_OUT_QUARANTINED_COMPONENTS) != 0;

        final boolean matchQuarantined =

                (flags & Context.BIND_MATCH_QUARANTINED_COMPONENTS) != 0;



        ProcessRecord attributedApp = null;

        if (sdkSandboxClientAppUid > 0) {
@@ -3673,7 +3673,7 @@ public final class ActiveServices { 
                isSdkSandboxService, sdkSandboxClientAppUid, sdkSandboxClientAppPackage,

                resolvedType, callingPackage, callingPid, callingUid, userId, true, callerFg,

                isBindExternal, allowInstant, null /* fgsDelegateOptions */,

                inSharedIsolatedProcess, filterOutQuarantined);

                inSharedIsolatedProcess, matchQuarantined);

        if (res == null) {

            return 0;

        }
@@ -4186,7 +4186,7 @@ public final class ActiveServices { 
                sdkSandboxClientAppUid, sdkSandboxClientAppPackage, resolvedType, callingPackage,

                callingPid, callingUid, userId, createIfNeeded, callingFromFg, isBindExternal,

                allowInstant, fgsDelegateOptions, inSharedIsolatedProcess,

                false /* filterOutQuarantined */);

                false /* matchQuarantined */);

    }



    private ServiceLookupResult retrieveServiceLocked(Intent service,
@@ -4195,7 +4195,7 @@ public final class ActiveServices { 
            String callingPackage, int callingPid, int callingUid, int userId,

            boolean createIfNeeded, boolean callingFromFg, boolean isBindExternal,

            boolean allowInstant, ForegroundServiceDelegationOptions fgsDelegateOptions,

            boolean inSharedIsolatedProcess, boolean filterOutQuarantined) {

            boolean inSharedIsolatedProcess, boolean matchQuarantined) {

        if (isSdkSandboxService && instanceName == null) {

            throw new IllegalArgumentException("No instanceName provided for sdk sandbox process");

        }
@@ -4317,8 +4317,8 @@ public final class ActiveServices { 
                if (allowInstant) {

                    flags |= PackageManager.MATCH_INSTANT;

                }

                if (filterOutQuarantined) {

                    flags |= PackageManager.FILTER_OUT_QUARANTINED_COMPONENTS;

                if (matchQuarantined) {

                    flags |= PackageManager.MATCH_QUARANTINED_COMPONENTS;

                }

                // TODO: come back and remove this assumption to triage all services

                ResolveInfo rInfo = mAm.getPackageManagerInternal().resolveService(service,

services/core/java/com/android/server/am/ActivityManagerService.java

+1 −3
Original line number Diff line number Diff line
@@ -58,7 +58,6 @@ import static android.app.ProcessMemoryState.HOSTING_COMPONENT_TYPE_INSTRUMENTAT 
import static android.app.ProcessMemoryState.HOSTING_COMPONENT_TYPE_PERSISTENT;

import static android.app.ProcessMemoryState.HOSTING_COMPONENT_TYPE_SYSTEM;

import static android.content.pm.ApplicationInfo.HIDDEN_API_ENFORCEMENT_DEFAULT;

import static android.content.pm.PackageManager.FILTER_OUT_QUARANTINED_COMPONENTS;

import static android.content.pm.PackageManager.GET_SHARED_LIBRARY_FILES;

import static android.content.pm.PackageManager.MATCH_ALL;

import static android.content.pm.PackageManager.MATCH_ANY_USER;
@@ -14295,8 +14294,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
    private List<ResolveInfo> collectReceiverComponents(Intent intent, String resolvedType,

            int callingUid, int[] users, int[] broadcastAllowList) {

        // TODO: come back and remove this assumption to triage all broadcasts

        long pmFlags = STOCK_PM_FLAGS | MATCH_DEBUG_TRIAGED_MISSING

                | FILTER_OUT_QUARANTINED_COMPONENTS;

        long pmFlags = STOCK_PM_FLAGS | MATCH_DEBUG_TRIAGED_MISSING;















        List<ResolveInfo> receivers = null;















        HashSet<ComponentName> singleUserReceivers = null;