Loading services/core/java/com/android/server/pm/AppsFilterBase.java +2 −1 Original line number Diff line number Diff line Loading @@ -323,7 +323,8 @@ public abstract class AppsFilterBase implements AppsFilterSnapshot { return false; } else if (Process.isSdkSandboxUid(callingAppId)) { // we only allow sdk sandbox processes access to forcequeryable packages return !isForceQueryable(targetPkgSetting.getAppId()); return !isForceQueryable(targetPkgSetting.getAppId()) && !isImplicitlyQueryable(callingAppId, targetPkgSetting.getAppId()); } if (mCacheReady) { // use cache if (!shouldFilterApplicationUsingCache(callingUid, Loading services/tests/servicestests/src/com/android/server/pm/AppsFilterImplTest.java +33 −0 Original line number Diff line number Diff line Loading @@ -1376,6 +1376,39 @@ public class AppsFilterImplTest { null /* callingSetting */, target, SYSTEM_USER)); } @Test public void testSdkSandbox_implicitAccessGranted_canSeePackage() throws Exception { final AppsFilterImpl appsFilter = new AppsFilterImpl(mFeatureConfigMock, new String[]{}, false, null, mMockHandler); final WatchableTester watcher = new WatchableTester(appsFilter, "onChange"); watcher.register(); simulateAddBasicAndroid(appsFilter); watcher.verifyChangeReported("addBasic"); appsFilter.onSystemReady(mPmInternal); watcher.verifyChangeReported("systemReady"); PackageSetting target = simulateAddPackage(appsFilter, pkg("com.some.package"), DUMMY_TARGET_APPID, setting -> setting.setPkgFlags(ApplicationInfo.FLAG_SYSTEM)); int callingUid = 20123; assertTrue(Process.isSdkSandboxUid(callingUid)); // Without granting the implicit access the app shouldn't be visible to the sdk sandbox uid. assertTrue( appsFilter.shouldFilterApplication(mSnapshot, callingUid, null /* callingSetting */, target, SYSTEM_USER)); appsFilter.grantImplicitAccess(callingUid, target.getAppId(), false /* retainOnUpdate */); watcher.verifyChangeReported("grantImplicitAccess"); // After implicit access was granted the app should be visible to the sdk sandbox uid. assertFalse( appsFilter.shouldFilterApplication(mSnapshot, callingUid, null /* callingSetting */, target, SYSTEM_USER)); } private List<Integer> toList(int[] array) { ArrayList<Integer> ret = new ArrayList<>(array.length); for (int i = 0; i < array.length; i++) { Loading Loading
services/core/java/com/android/server/pm/AppsFilterBase.java +2 −1 Original line number Diff line number Diff line Loading @@ -323,7 +323,8 @@ public abstract class AppsFilterBase implements AppsFilterSnapshot { return false; } else if (Process.isSdkSandboxUid(callingAppId)) { // we only allow sdk sandbox processes access to forcequeryable packages return !isForceQueryable(targetPkgSetting.getAppId()); return !isForceQueryable(targetPkgSetting.getAppId()) && !isImplicitlyQueryable(callingAppId, targetPkgSetting.getAppId()); } if (mCacheReady) { // use cache if (!shouldFilterApplicationUsingCache(callingUid, Loading
services/tests/servicestests/src/com/android/server/pm/AppsFilterImplTest.java +33 −0 Original line number Diff line number Diff line Loading @@ -1376,6 +1376,39 @@ public class AppsFilterImplTest { null /* callingSetting */, target, SYSTEM_USER)); } @Test public void testSdkSandbox_implicitAccessGranted_canSeePackage() throws Exception { final AppsFilterImpl appsFilter = new AppsFilterImpl(mFeatureConfigMock, new String[]{}, false, null, mMockHandler); final WatchableTester watcher = new WatchableTester(appsFilter, "onChange"); watcher.register(); simulateAddBasicAndroid(appsFilter); watcher.verifyChangeReported("addBasic"); appsFilter.onSystemReady(mPmInternal); watcher.verifyChangeReported("systemReady"); PackageSetting target = simulateAddPackage(appsFilter, pkg("com.some.package"), DUMMY_TARGET_APPID, setting -> setting.setPkgFlags(ApplicationInfo.FLAG_SYSTEM)); int callingUid = 20123; assertTrue(Process.isSdkSandboxUid(callingUid)); // Without granting the implicit access the app shouldn't be visible to the sdk sandbox uid. assertTrue( appsFilter.shouldFilterApplication(mSnapshot, callingUid, null /* callingSetting */, target, SYSTEM_USER)); appsFilter.grantImplicitAccess(callingUid, target.getAppId(), false /* retainOnUpdate */); watcher.verifyChangeReported("grantImplicitAccess"); // After implicit access was granted the app should be visible to the sdk sandbox uid. assertFalse( appsFilter.shouldFilterApplication(mSnapshot, callingUid, null /* callingSetting */, target, SYSTEM_USER)); } private List<Integer> toList(int[] array) { ArrayList<Integer> ret = new ArrayList<>(array.length); for (int i = 0; i < array.length; i++) { Loading
