Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f74b17c4 authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Use MATCH_ANY_USER when checking for system apps 

Also simplified logic a bit, returning earlier if the package is
permitted to avoid unnecessary calls to PM. Also added diagnostic
logging.

Bug: 354675962
Test: TH + manual including HSUM
Flag: EXEMPT bugfix in localized component
Change-Id: Ia7345f150be84f085c2095c75a9765e494ec6111
parent 7a2646fb

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+11 −15
Original line number Diff line number Diff line
@@ -12215,34 +12215,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
     * permittedList or are a system app.

     */

    private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages,

            List<String> permittedList, int userIdToCheck) {

            List<String> permittedList, int userId) {

        long id = mInjector.binderClearCallingIdentity();

        try {

            // If we have an enabled packages list for a managed profile the packages

            // we should check are installed for the parent user.

            UserInfo user = getUserInfo(userIdToCheck);

            if (user.isManagedProfile()) {

                userIdToCheck = user.profileGroupId;

            }















            for (String enabledPackage : enabledPackages) {













                boolean systemService = false;













                if (permittedList.contains(enabledPackage)) {













                    continue;













                }















                try {















                    ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo(













                            enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES,













                            userIdToCheck);













                            enabledPackage, PackageManager.MATCH_ANY_USER, userId);





























                    if (applicationInfo == null) {













                        Slogf.wtf(LOG_TAG, "Can't find ApplicationInfo for %s", enabledPackage);















                        return false;















                    }



























                    systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;













                    if (!applicationInfo.isSystemApp()) {













                        Slogf.w(LOG_TAG,













                                "Enabled package neither permitted nor system: %s", enabledPackage);













                        return false;













                    }















                } catch (RemoteException e) {















                    Slogf.i(LOG_TAG, "Can't talk to package managed", e);















                }













                if (!systemService && !permittedList.contains(enabledPackage)) {













                    return false;













                }















            }















        } finally {















            mInjector.binderRestoreCallingIdentity(id);

























services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java



+34
−26




























Original line number
Diff line number
Diff line








@@ -70,14 +70,14 @@ import static com.google.common.truth.Truth.assertWithMessage;





























import static org.junit.Assert.fail;















import static org.junit.Assume.assumeTrue;













import static org.mockito.Matchers.any;













import static org.mockito.Matchers.anyBoolean;













import static org.mockito.Matchers.anyInt;













import static org.mockito.Matchers.anyLong;













import static org.mockito.Matchers.anyObject;













import static org.mockito.Matchers.anyString;













import static org.mockito.Matchers.eq;













import static org.mockito.Matchers.isNull;













import static org.mockito.ArgumentMatchers.any;













import static org.mockito.ArgumentMatchers.anyBoolean;













import static org.mockito.ArgumentMatchers.anyInt;













import static org.mockito.ArgumentMatchers.anyLong;













import static org.mockito.ArgumentMatchers.anyString;













import static org.mockito.ArgumentMatchers.eq;













import static org.mockito.ArgumentMatchers.isNull;













import static org.mockito.ArgumentMatchers.longThat;















import static org.mockito.Mockito.clearInvocations;















import static org.mockito.Mockito.doAnswer;















import static org.mockito.Mockito.doReturn;










@@ -1733,12 +1733,20 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        pi.applicationInfo.flags = flags;















        doReturn(pi).when(getServices().ipackageManager).getPackageInfo(















                eq(packageName),













                anyLong(),













                longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),















                eq(userId));













        doReturn(pi).when(getServices().ipackageManager).getPackageInfo(













                eq(packageName),













                longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),













                anyInt());















        doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(















                eq(packageName),













                anyLong(),













                longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),















                eq(userId));













        doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(













                eq(packageName),













                longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),













                anyInt());















        doReturn(true).when(getServices().ipackageManager).isPackageAvailable(packageName, userId);















        // Setup application UID with the PackageManager















        getServices().addTestPackageUid(packageName, uid);









@@ -1757,7 +1765,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        mServiceContext.packageName = mRealTestContext.getPackageName();















        mServiceContext.applicationInfo = new ApplicationInfo();















        mServiceContext.binder.callingUid = DpmMockContext.SYSTEM_UID;













        when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);













        when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);































        StringParceledListSlice oneCert = asSlice(new String[] {"1"});















        StringParceledListSlice fourCerts = asSlice(new String[] {"1", "2", "3", "4"});










@@ -4551,7 +4559,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {





























        mContext.packageName = admin1.getPackageName();















        mContext.applicationInfo = new ApplicationInfo();













        when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);













        when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);































        // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the















        // feature is disabled because there are non-affiliated secondary users.










@@ -4597,12 +4605,12 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        setupDeviceOwner();















        mContext.packageName = admin1.getPackageName();















        mContext.applicationInfo = new ApplicationInfo();













        when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);













        when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);































        // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the















        // feature is disabled because there are non-affiliated secondary users.















        getServices().removeUser(CALLER_USER_HANDLE);













        when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), anyObject()))













        when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), any()))















                .thenReturn(true);































        // No logs were retrieved so far.










@@ -4667,7 +4675,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        mContext.packageName = admin1.getPackageName();















        addManagedProfile(admin1, managedProfileAdminUid, admin1, VERSION_CODES.S);















        when(getServices().iipConnectivityMetrics













                .addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);













                .addNetdEventCallback(anyInt(), any())).thenReturn(true);































        // Check no logs have been retrieved so far.















        assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);










@@ -4699,7 +4707,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        mContext.packageName = admin1.getPackageName();















        mContext.applicationInfo = new ApplicationInfo();















        when(getServices().iipConnectivityMetrics













                .addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);













                .addNetdEventCallback(anyInt(), any())).thenReturn(true);































        // Check no logs have been retrieved so far.















        assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);










@@ -6455,7 +6463,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        if (admin1.getPackageName().equals(callerContext.getPackageName())) {















            admin1Context = callerContext;















        }













        when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);













        when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);































        // caller: device admin or delegated certificate installer















        callerContext.applicationInfo = new ApplicationInfo();










@@ -6528,7 +6536,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        if (admin1.getPackageName().equals(callerContext.getPackageName())) {















            admin1Context = callerContext;















        }













        when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);













        when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);































        // caller: device admin or delegated certificate installer















        callerContext.applicationInfo = new ApplicationInfo();