Fix cross user package visibility leakage for PackageManager (5/n) (fa0139d5) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/ComputerEngine.java

+6 −4

Original line number	Diff line number	Diff line
		@@ -2691,8 +2691,10 @@ public class ComputerEngine implements Computer {
		}
		final String instantAppPkgName = getInstantAppPackageName(callingUid);
		final boolean callerIsInstantApp = instantAppPkgName != null;
		if (ps == null
		\|\| (filterUninstall && !ps.getUserStateOrDefault(userId).isInstalled())) {
		// Don't treat hiddenUntilInstalled as an uninstalled state, phone app needs to access
		// these hidden application details to customize carrier apps.
		if (ps == null \|\| (filterUninstall && !ps.isHiddenUntilInstalled()
		&& !ps.getUserStateOrDefault(userId).isInstalled())) {
		// If caller is instant app and ps is null, pretend the application exists,
		// but, needs to be filtered
		return (callerIsInstantApp \|\| filterUninstall);
		@@ -5175,7 +5177,7 @@ public class ComputerEngine implements Computer {
		enforceCrossUserPermission(callingUid, userId, false /* requireFullPermission */,
		false /* checkShell */, "get enabled");
		try {
		if (shouldFilterApplication(
		if (shouldFilterApplicationIncludingUninstalled(
		mSettings.getPackage(packageName), callingUid, userId)) {
		throw new PackageManager.NameNotFoundException(packageName);
		}
		@@ -5204,7 +5206,7 @@ public class ComputerEngine implements Computer {
		try {
		if (shouldFilterApplication(
		mSettings.getPackage(component.getPackageName()), callingUid,
		component, TYPE_UNKNOWN, userId)) {
		component, TYPE_UNKNOWN, userId, true /* filterUninstall */)) {
		throw new PackageManager.NameNotFoundException(component.getPackageName());
		}
		return mSettings.getComponentEnabledSetting(component, userId);

services/core/java/com/android/server/pm/PackageManagerService.java

+14 −15

Original line number	Diff line number	Diff line
		@@ -3672,27 +3672,26 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		snapshot.getPackagesForUid(callingUid), packageName);
		final PackageSetting pkgSetting = mSettings.getPackageLPr(packageName);
		// Limit who can change which apps
		if (!isCallerTargetApp) {
		if (!isCallerTargetApp && !allowedByPermission) {
		// Don't allow apps that don't have permission to modify other apps
		if (!allowedByPermission
		\|\| snapshot.shouldFilterApplication(pkgSetting, callingUid, userId)) {
		throw new SecurityException("Attempt to change component state; "
		+ "pid=" + Binder.getCallingPid()
		+ ", uid=" + callingUid
		+ (!setting.isComponent() ? ", package=" + packageName
		: ", component=" + setting.getComponentName()));
		}
		// Don't allow changing protected packages.
		if (mProtectedPackages.isPackageStateProtected(userId, packageName)) {
		throw new SecurityException(
		"Cannot disable a protected package: " + packageName);
		}
		}
		if (pkgSetting == null) {
		if (pkgSetting == null \|\| snapshot.shouldFilterApplicationIncludingUninstalled(
		pkgSetting, callingUid, userId)) {
		throw new IllegalArgumentException(setting.isComponent()
		? "Unknown component: " + setting.getComponentName()
		: "Unknown package: " + packageName);
		}
		// Don't allow changing protected packages.
		if (!isCallerTargetApp
		&& mProtectedPackages.isPackageStateProtected(userId, packageName)) {
		throw new SecurityException(
		"Cannot disable a protected package: " + packageName);
		}
		if (callingUid == Process.SHELL_UID
		&& (pkgSetting.getFlags() & ApplicationInfo.FLAG_TEST_ONLY) == 0) {
		// Shell can only change whole packages between ENABLED and DISABLED_USER states