Merge "[PM] Use callingUid instead of binder#getCallingUid for uninstall" into main

3 files changed, 28 insertions, 7 deletions

diff --git a/services/core/java/com/android/server/pm/DeletePackageHelper.java b/services/core/java/com/android/server/pm/DeletePackageHelper.java
index b56e119d0a19..8398ffc75f0d 100644
--- a/services/core/java/com/android/server/pm/DeletePackageHelper.java
+++ b/services/core/java/com/android/server/pm/DeletePackageHelper.java
@@ -690,7 +690,13 @@ final class DeletePackageHelper {
     public void deletePackageVersionedInternal(VersionedPackage versionedPackage,
             final IPackageDeleteObserver2 observer, final int userId, final int deleteFlags,
             final boolean allowSilentUninstall) {
-        final int callingUid = Binder.getCallingUid();
+        deletePackageVersionedInternal(versionedPackage, observer, userId, deleteFlags,
+                Binder.getCallingUid(), allowSilentUninstall);
+    }
+
+    public void deletePackageVersionedInternal(VersionedPackage versionedPackage,
+            final IPackageDeleteObserver2 observer, final int userId, final int deleteFlags,
+            final int callingUid, final boolean allowSilentUninstall) {
         mPm.mContext.enforceCallingOrSelfPermission(
                 android.Manifest.permission.DELETE_PACKAGES, null);
         final Computer snapshot = mPm.snapshotComputer();
@@ -720,16 +726,22 @@ final class DeletePackageHelper {
         final String internalPackageName =
                 snapshot.resolveInternalPackageName(packageName, versionCode);
 
-        final int uid = Binder.getCallingUid();
         if (!isOrphaned(snapshot, internalPackageName)
                 && !allowSilentUninstall
                 && !isCallerAllowedToSilentlyUninstall(
-                        snapshot, uid, internalPackageName, userId)) {
+                        snapshot, callingUid, internalPackageName, userId)) {
             mPm.mHandler.post(() -> {
                 try {
                     final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE);
                     intent.setData(Uri.fromParts(PACKAGE_SCHEME, packageName, null));
-                    intent.putExtra(PackageInstaller.EXTRA_CALLBACK, observer.asBinder());
+                    intent.putExtra(PackageInstaller.EXTRA_CALLBACK,
+                            new PackageManager.UninstallCompleteCallback(observer.asBinder()));
+                    if ((deleteFlags & PackageManager.DELETE_ARCHIVE) != 0) {
+                        // Delete flags are passed to the uninstaller activity so it can be
+                        // preserved in the follow-up uninstall operation after the user
+                        // confirmation
+                        intent.putExtra(PackageInstaller.EXTRA_DELETE_FLAGS, deleteFlags);
+                    }
                     observer.onUserActionRequired(intent);
                 } catch (RemoteException re) {
                 }
@@ -738,7 +750,7 @@ final class DeletePackageHelper {
         }
         final boolean deleteAllUsers = (deleteFlags & PackageManager.DELETE_ALL_USERS) != 0;
         final int[] users = deleteAllUsers ? mUserManagerInternal.getUserIds() : new int[]{userId};
-        if (UserHandle.getUserId(uid) != userId || (deleteAllUsers && users.length > 1)) {
+        if (UserHandle.getUserId(callingUid) != userId || (deleteAllUsers && users.length > 1)) {
             mPm.mContext.enforceCallingOrSelfPermission(
                     android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
                     "deletePackage for user " + userId);
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 7156795ba771..be6fa14952c8 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -1438,7 +1438,8 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
         if (mContext.checkPermission(Manifest.permission.DELETE_PACKAGES, callingPid, callingUid)
                 == PackageManager.PERMISSION_GRANTED) {
             // Sweet, call straight through!
-            mPm.deletePackageVersioned(versionedPackage, adapter.getBinder(), userId, flags);
+            mPm.deletePackageVersioned(versionedPackage, adapter.getBinder(), userId, flags,
+                    callingUid);
         } else if (canSilentlyInstallPackage) {
             // Allow the device owner and affiliated profile owner to silently delete packages
             // Need to clear the calling identity to get DELETE_PACKAGES permission
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 33ca8a8e0f9e..20859da4dd56 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3323,9 +3323,17 @@ public class PackageManagerService implements PackageSender, TestUtilityService
     }
 
     public void deletePackageVersioned(VersionedPackage versionedPackage,
+            final IPackageDeleteObserver2 observer, final int userId, final int deleteFlags,
+            final int callingUid) {
+        mDeletePackageHelper.deletePackageVersionedInternal(
+                versionedPackage, observer, userId, deleteFlags, callingUid,
+                /* allowSilentUninstall= */ false);
+    }
+
+    public void deletePackageVersioned(VersionedPackage versionedPackage,
             final IPackageDeleteObserver2 observer, final int userId, final int deleteFlags) {
         mDeletePackageHelper.deletePackageVersionedInternal(
-                versionedPackage, observer, userId, deleteFlags, false);
+                versionedPackage, observer, userId, deleteFlags, /* allowSilentUninstall= */ false);
     }
 
     boolean isCallerVerifier(@NonNull Computer snapshot, int callingUid) {