Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ee06440e authored by Stacie Mashnitskaya (xWF)'s avatar Stacie Mashnitskaya (xWF) Committed by Android Build Coastguard Worker
Browse files

Revert "Check IsolatedOwner permissions for known isolated_compute_apps" 

This reverts commit 11a751c2.

Bug: 348634518
Test: not applicable
Reason for revert: Needed for a clean cherry-pick of other cls
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c53ddc5e0584884929d6a9a829c4758aafff5ac7)
Merged-In: I77141b90354413068e7ef7df8151596afda28150
Change-Id: I77141b90354413068e7ef7df8151596afda28150
parent 10746163

services/core/java/com/android/server/pm/ComputerEngine.java

+4 −28
Original line number Diff line number Diff line
@@ -2207,17 +2207,11 @@ public class ComputerEngine implements Computer { 
        if (PackageManagerServiceUtils.isSystemOrRoot(callingUid)) {

            return true;

        }

        boolean permissionGranted = requireFullPermission ? hasPermission(

                Manifest.permission.INTERACT_ACROSS_USERS_FULL)

                : (hasPermission(

                        android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)

                        || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS));

        if (!permissionGranted) {

            if (Process.isIsolatedUid(callingUid) && isKnownIsolatedComputeApp(callingUid)) {

                return checkIsolatedOwnerHasPermission(callingUid, requireFullPermission);

            }

        if (requireFullPermission) {

            return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL);

        }

        return permissionGranted;

        return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)

                || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS);

    }



    /**
@@ -2233,24 +2227,6 @@ public class ComputerEngine implements Computer { 
                == PackageManager.PERMISSION_GRANTED;

    }



    private boolean hasPermission(String permission, int uid) {

        return mContext.checkPermission(permission, Process.INVALID_PID, uid)

                == PackageManager.PERMISSION_GRANTED;

    }



    /**

     * Since isolated process cannot hold permissions, we check the permissions on the owner app

     * for known isolated_compute_app cases because they belong to the same package.

     */

    private boolean checkIsolatedOwnerHasPermission(int callingUid, boolean requireFullPermission) {

        int ownerUid = getIsolatedOwner(callingUid);

        if (requireFullPermission) {

            return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid);

        }

        return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, ownerUid)

                || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS, ownerUid);

    }



    public final boolean isCallerSameApp(String packageName, int uid) {

        return isCallerSameApp(packageName, uid, false /* resolveIsolatedUid */);

    }