diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java
index 87e6a8465beb4..4cee2dfb66cbc 100644
--- a/core/java/android/content/pm/PackageManagerInternal.java
+++ b/core/java/android/content/pm/PackageManagerInternal.java
@@ -343,5 +343,5 @@ public abstract class PackageManagerInternal {
public abstract int getUidTargetSdkVersion(int uid);
/** Whether the binder caller can access instant apps. */
- public abstract boolean canAccessInstantApps(int callingUid);
+ public abstract boolean canAccessInstantApps(int callingUid, int userId);
}
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 18cfc990f2053..8ed76de6bc1b4 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3317,12 +3317,16 @@
confirmation UI for full backup/restore -->
-
-
+
+
+
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 7ec867f364486..1b32a932ec504 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3517,16 +3517,25 @@ public class PackageManagerService extends IPackageManager.Stub
* system partition.
*
*/
- private boolean canAccessInstantApps(int callingUid) {
- final boolean isSpecialProcess =
- callingUid == Process.SYSTEM_UID
- || callingUid == Process.SHELL_UID
- || callingUid == Process.ROOT_UID;
- final boolean allowMatchInstant =
- isSpecialProcess
- || mContext.checkCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED;
- return allowMatchInstant;
+ private boolean canViewInstantApps(int callingUid, int userId) {
+ if (callingUid == Process.SYSTEM_UID
+ || callingUid == Process.SHELL_UID
+ || callingUid == Process.ROOT_UID) {
+ return true;
+ }
+ if (mContext.checkCallingOrSelfPermission(
+ android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED) {
+ return true;
+ }
+ if (mContext.checkCallingOrSelfPermission(
+ android.Manifest.permission.VIEW_INSTANT_APPS) == PERMISSION_GRANTED) {
+ final ComponentName homeComponent = getDefaultHomeActivity(userId);
+ if (homeComponent != null
+ && isCallerSameApp(homeComponent.getPackageName(), callingUid)) {
+ return true;
+ }
+ }
+ return false;
}
private PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId) {
@@ -3784,7 +3793,7 @@ public class PackageManagerService extends IPackageManager.Stub
}
if (ps.getInstantApp(userId)) {
// caller can see all components of all instant applications, don't filter
- if (canAccessInstantApps(callingUid)) {
+ if (canViewInstantApps(callingUid, userId)) {
return false;
}
// request for a specific instant application component, filter
@@ -4408,11 +4417,12 @@ public class PackageManagerService extends IPackageManager.Stub
flags |= PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY;
flags |= PackageManager.MATCH_INSTANT;
} else {
+ final boolean wantMatchInstant = (flags & PackageManager.MATCH_INSTANT) != 0;
final boolean allowMatchInstant =
(wantInstantApps
&& Intent.ACTION_VIEW.equals(intent.getAction())
&& hasWebURI(intent))
- || canAccessInstantApps(callingUid);
+ || (wantMatchInstant && canViewInstantApps(callingUid, userId));
flags &= ~(PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY
| PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY);
if (!allowMatchInstant) {
@@ -5937,7 +5947,7 @@ public class PackageManagerService extends IPackageManager.Stub
final int callingUid = Binder.getCallingUid();
final int callingUserId = UserHandle.getUserId(callingUid);
synchronized (mPackages) {
- if (canAccessInstantApps(callingUid)) {
+ if (canViewInstantApps(callingUid, callingUserId)) {
return new ArrayList(mPackages.keySet());
}
final String instantAppPkgName = getInstantAppPackageName(callingUid);
@@ -8146,9 +8156,7 @@ public class PackageManagerService extends IPackageManager.Stub
final boolean returnAllowed =
ps != null
&& (isCallerSameApp(packageName, callingUid)
- || mContext.checkCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_INSTANT_APPS)
- == PERMISSION_GRANTED
+ || canViewInstantApps(callingUid, userId)
|| mInstantAppRegistry.isInstantAccessGranted(
userId, UserHandle.getAppId(callingUid), ps.appId));
if (returnAllowed) {
@@ -24381,8 +24389,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
}
@Override
- public boolean canAccessInstantApps(int callingUid) {
- return PackageManagerService.this.canAccessInstantApps(callingUid);
+ public boolean canAccessInstantApps(int callingUid, int userId) {
+ return PackageManagerService.this.canViewInstantApps(callingUid, userId);
}
}
diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java
index 912e7a81cdfad..073a17eacd3aa 100644
--- a/services/usage/java/com/android/server/usage/UsageStatsService.java
+++ b/services/usage/java/com/android/server/usage/UsageStatsService.java
@@ -411,8 +411,8 @@ public class UsageStatsService extends SystemService implements
}
}
- private boolean shouldObfuscateInstantAppsForCaller(int callingUid) {
- return !mPackageManagerInternal.canAccessInstantApps(callingUid);
+ private boolean shouldObfuscateInstantAppsForCaller(int callingUid, int userId) {
+ return !mPackageManagerInternal.canAccessInstantApps(callingUid, userId);
}
void clearAppIdleForPackage(String packageName, int userId) {
@@ -1390,7 +1390,7 @@ public class UsageStatsService extends SystemService implements
}
final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(
- Binder.getCallingUid());
+ Binder.getCallingUid(), UserHandle.getCallingUserId());
final int userId = UserHandle.getCallingUserId();
final long token = Binder.clearCallingIdentity();
@@ -1435,7 +1435,7 @@ public class UsageStatsService extends SystemService implements
}
final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(
- Binder.getCallingUid());
+ Binder.getCallingUid(), UserHandle.getCallingUserId());
final int userId = UserHandle.getCallingUserId();
final long token = Binder.clearCallingIdentity();
@@ -1456,7 +1456,7 @@ public class UsageStatsService extends SystemService implements
throw re.rethrowFromSystemServer();
}
final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller(
- Binder.getCallingUid());
+ Binder.getCallingUid(), userId);
final long token = Binder.clearCallingIdentity();
try {
return UsageStatsService.this.isAppIdleFilteredOrParoled(packageName, userId,