From cca5bf9282d37e132f2c4ba80ced5e6c074e8889 Mon Sep 17 00:00:00 2001
From: yawanng <yawanng@google.com>
Date: Mon, 8 Feb 2021 22:38:28 +0000
Subject: [PATCH] Adds caller check to getAllPackages()

This change enforces that only system, root or shell may call
getAllPackages(), a hidden API that shares all package names regardless
of user, instant app or package visibility rules.

Bug: 174661955
Change-Id: I77460ae19a4d41151577646441f11e2eddbb741a
Merged-In: I77460ae19a4d41151577646441f11e2eddbb741a
(cherry picked from commit 8124efd57b50056d22e1b63c32c366ebdf049598)
---
 .../java/com/android/server/pm/PackageManagerService.java    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 955cb7b74ce37..2abdbc327a1bb 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -6541,6 +6541,11 @@ public class PackageManagerService extends IPackageManager.Stub
     @Override
     public List<String> getAllPackages() {
         final int callingUid = Binder.getCallingUid();
+        // enforceSystemOrRootOrShell:
+        if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID 
+                && callingUid != Process.SHELL_UID) {
+            throw new SecurityException("getAllPackages is limited to privileged callers");
+        }        
         final int callingUserId = UserHandle.getUserId(callingUid);
         synchronized (mPackages) {
             if (canViewInstantApps(callingUid, callingUserId)) {