Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f868b7d6 authored by Patrick Baumann's avatar Patrick Baumann
Browse files

Check for missing values in mIsolatedOwners 

This change ensures that when we're looking up the owner of an isolated
uid, we correctly block access when we don't find it. The default prior
to this was 0, essentially giving root visibility to an isolated calling
process.

As a result, we now log error in such a scenario. This should help in
root causing the underlying condition.

Bug: 180418767
Test: manual; run webview apps and confirm presence of logs during startup

Change-Id: I536f72d4ed53f316ba5b4bc98c6eb7f9ba0a62b8
parent 73f0c7e4

services/core/java/com/android/server/pm/PackageManagerService.java

+16 −3
Original line number Diff line number Diff line
@@ -3550,7 +3550,7 @@ public class PackageManagerService extends IPackageManager.Stub 
        public String getInstantAppPackageName(int callingUid) {

            // If the caller is an isolated app use the owner's uid for the lookup.

            if (Process.isIsolated(callingUid)) {

                callingUid = mIsolatedOwners.get(callingUid);

                callingUid = getIsolatedOwner(callingUid);

            }

            final int appId = UserHandle.getAppId(callingUid);

            final Object obj = mSettings.getSettingLPr(appId);
@@ -3562,6 +3562,19 @@ public class PackageManagerService extends IPackageManager.Stub 
            return null;

        }













        /**













         * Finds the owner for the provided isolated UID. Throws IllegalStateException if no such













         * isolated UID is found.













         */













        private int getIsolatedOwner(int isolatedUid) {













            final int ownerUid = mIsolatedOwners.get(isolatedUid, -1);













            if (ownerUid == -1) {













                throw new IllegalStateException(













                        "No owner UID found for isolated UID " + isolatedUid);













            }













            return ownerUid;













        }



























        public String resolveExternalPackageNameLPr(AndroidPackage pkg) {















            if (pkg.getStaticSharedLibName() != null) {















                return pkg.getManifestPackageName();










@@ -3928,7 +3941,7 @@ public class PackageManagerService extends IPackageManager.Stub













        public boolean isInstantAppInternalBody(String packageName, @UserIdInt int userId,















                int callingUid) {















            if (Process.isIsolated(callingUid)) {













                callingUid = mIsolatedOwners.get(callingUid);













                callingUid = getIsolatedOwner(callingUid);















            }















            final PackageSetting ps = mSettings.getPackageLPr(packageName);















            final boolean returnAllowed =










@@ -4082,7 +4095,7 @@ public class PackageManagerService extends IPackageManager.Stub













                @Nullable ComponentName component, @ComponentType int componentType, int userId) {















            // if we're in an isolated process, get the real calling UID















            if (Process.isIsolated(callingUid)) {













                callingUid = mIsolatedOwners.get(callingUid);













                callingUid = getIsolatedOwner(callingUid);















            }















            final String instantAppPkgName = getInstantAppPackageName(callingUid);















            final boolean callerIsInstantApp = instantAppPkgName != null;