Adds caller check to getAllPackages()

This change enforces that only system, root or shell may call
getAllPackages(), a hidden API that shares all package names regardless
of user, instant app or package visibility rules.

The only exception is the uid of iorapd. iorapd needs the package info
to prefetch the right data.

Bug: 179618216
Bug: 174661955
Test: run iorapd and check it works well.
Change-Id: I77460ae19a4d41151577646441f11e2eddbb741a
(cherry picked from commit 8124efd57b)

core/java/android/os/Process.java

@@ -202,6 +202,12 @@ public class Process {
      */
     public static final int SE_UID = 1068;
 
+    /**
+     * Defines the UID/GID for the iorapd.
+     * @hide
+     */
+    public static final int IORAPD_UID = 1071;
+
     /**
      * Defines the UID/GID for the NetworkStack app.
      * @hide

services/core/java/com/android/server/pm/PackageManagerService.java

@@ -6169,6 +6169,10 @@ public class PackageManagerService extends IPackageManager.Stub
 
     @Override
     public List<String> getAllPackages() {
+        // Allow iorapd to call this method.
+        if (Binder.getCallingUid() != Process.IORAPD_UID) {
+            enforceSystemOrRootOrShell("getAllPackages is limited to privileged callers");
+        }
         final int callingUid = Binder.getCallingUid();
         final int callingUserId = UserHandle.getUserId(callingUid);
         synchronized (mLock) {