Merge "Backporting of b/77821568" into oc-dev

am: 9774459633 Change-Id: Ie0d176b94d15be65918b5f67bf9ed7f49f632def
2018-06-27 16:42:36 -07:00
parent 3cca4e7b06 9774459633
commit f3f6e2f9ee
1 changed files with 24 additions and 3 deletions
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4471,7 +4471,9 @@ public class PackageManagerService extends IPackageManager.Stub
            triaged = false;
        }
        if ((flags & PackageManager.MATCH_ANY_USER) != 0) {
-            enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false,
+            // require the permission to be held; the calling uid and given user id referring
+            // to the same user is not sufficient
+            enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, true,
                    "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at "
                    + Debug.getCallers(5));
        } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0 && isCallerSystemUser
@@ -5124,13 +5126,25 @@ public class PackageManagerService extends IPackageManager.Stub
     */
    void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission,
            boolean checkShell, String message) {
+        enforceCrossUserPermission(
+              callingUid,
+              userId,
+              requireFullPermission,
+              checkShell,
+              false,
+              message);
+    }
+
+    private void enforceCrossUserPermission(int callingUid, int userId,
+            boolean requireFullPermission, boolean checkShell,
+            boolean requirePermissionWhenSameUser, String message) {
        if (userId < 0) {
            throw new IllegalArgumentException("Invalid userId " + userId);
        }
        if (checkShell) {
            enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId);
        }
-        if (userId == UserHandle.getUserId(callingUid)) return;
+        if (!requirePermissionWhenSameUser && userId == UserHandle.getUserId(callingUid)) return;
        if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
            if (requireFullPermission) {
                mContext.enforceCallingOrSelfPermission(
@@ -8192,7 +8206,7 @@ public class PackageManagerService extends IPackageManager.Stub
        flags = updateFlagsForPackage(flags, userId, null);
        final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;
        enforceCrossUserPermission(callingUid, userId,
-                true /* requireFullPermission */, false /* checkShell */,
+                false /* requireFullPermission */, false /* checkShell */,
                "get installed packages");

        // writer
@@ -8316,6 +8330,13 @@ public class PackageManagerService extends IPackageManager.Stub
        flags = updateFlagsForApplication(flags, userId, null);
        final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;

+        enforceCrossUserPermission(
+            callingUid,
+            userId,
+            false /* requireFullPermission */,
+            false /* checkShell */,
+            "get installed application info");
+
        // writer
        synchronized (mPackages) {
            ArrayList<ApplicationInfo> list;