From 9a4a45762219f43903f54d5f29157dc6b3881557 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Fri, 14 Apr 2017 16:28:59 -0600
Subject: [PATCH] Clear identity to handle ALLOCATE_AGGRESSIVE.

We're not actually clearing any files, only deciding how much free
space is available, so we're fine assuming the remote caller has the
permission.

Test: builds, boots
Bug: 37169076
Change-Id: I6cd42f77c43e9d2de40e2b8b937c7f2145f1b869
---
 data/etc/privapp-permissions-platform.xml           |  1 +
 .../DefaultContainerService/AndroidManifest.xml     |  1 +
 .../defcontainer/DefaultContainerService.java       | 13 +++++++++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index ec653d0849b10..7f07f03dde61a 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -40,6 +40,7 @@ applications that come with the platform
 
     <privapp-permissions package="com.android.defcontainer">
         <permission name="android.permission.ACCESS_CACHE_FILESYSTEM"/>
+        <permission name="android.permission.ALLOCATE_AGGRESSIVE"/>
         <permission name="android.permission.INTERACT_ACROSS_USERS"/>
         <permission name="android.permission.WRITE_MEDIA_STORAGE"/>
     </privapp-permissions>
diff --git a/packages/DefaultContainerService/AndroidManifest.xml b/packages/DefaultContainerService/AndroidManifest.xml
index 55d000c14ad1c..e399fb1707598 100644
--- a/packages/DefaultContainerService/AndroidManifest.xml
+++ b/packages/DefaultContainerService/AndroidManifest.xml
@@ -1,5 +1,6 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
         package="com.android.defcontainer" coreApp="true">
+    <uses-permission android:name="android.permission.ALLOCATE_AGGRESSIVE"/>
     <uses-permission android:name="android.permission.ASEC_ACCESS"/>
     <uses-permission android:name="android.permission.ASEC_CREATE"/>
     <uses-permission android:name="android.permission.ASEC_DESTROY"/>
diff --git a/packages/DefaultContainerService/src/com/android/defcontainer/DefaultContainerService.java b/packages/DefaultContainerService/src/com/android/defcontainer/DefaultContainerService.java
index 37a68e0c557ae..9347877746371 100644
--- a/packages/DefaultContainerService/src/com/android/defcontainer/DefaultContainerService.java
+++ b/packages/DefaultContainerService/src/com/android/defcontainer/DefaultContainerService.java
@@ -30,6 +30,7 @@ import android.content.pm.PackageParser.PackageLite;
 import android.content.pm.PackageParser.PackageParserException;
 import android.content.res.ObbInfo;
 import android.content.res.ObbScanner;
+import android.os.Binder;
 import android.os.Environment;
 import android.os.Environment.UserEnvironment;
 import android.os.FileUtils;
@@ -179,6 +180,15 @@ public class DefaultContainerService extends IntentService {
                 return ret;
             }
 
+            final int recommendedInstallLocation;
+            final long token = Binder.clearCallingIdentity();
+            try {
+                recommendedInstallLocation = PackageHelper.resolveInstallLocation(context,
+                        pkg.packageName, pkg.installLocation, sizeBytes, flags);
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
+
             ret.packageName = pkg.packageName;
             ret.splitNames = pkg.splitNames;
             ret.versionCode = pkg.versionCode;
@@ -186,8 +196,7 @@ public class DefaultContainerService extends IntentService {
             ret.splitRevisionCodes = pkg.splitRevisionCodes;
             ret.installLocation = pkg.installLocation;
             ret.verifiers = pkg.verifiers;
-            ret.recommendedInstallLocation = PackageHelper.resolveInstallLocation(context,
-                    pkg.packageName, pkg.installLocation, sizeBytes, flags);
+            ret.recommendedInstallLocation = recommendedInstallLocation;
             ret.multiArch = pkg.multiArch;
 
             return ret;