[SP 2025-09-01] Don't allow SdkSandbox to bypass systemUid check.

Test: atest Flag: EXEMPT security fix Bug: 397438392 Change-Id: I1003ac2a795c869aaeb292692b2681c7a5c8d12e (cherry picked from commit d400709160c8374d83a15dc7623b11434c08c4c6)
author: Aseem Kumar <aseemk@google.com> 2025-06-11 18:41:20 -0700
committer: Kampalus <kampalus@protonmail.ch> 2025-09-18 09:21:10 +0200
commit: 11c16574e9dc2e3c142c895a1ef45498b1dae59b (patch)
tree: f8f734d6cb741349eb9e4ca1117bc7dd956ae6b1
parent: 9ed1790dda01b00ca6dbc2fc2dc0b5b4609011fa (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 79fdcca9f75d..dc59b65a343d 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -6056,6 +6056,9 @@ public class AccountManagerService
     }
 
     private boolean isSystemUid(int callingUid) {
+        if (Process.isSdkSandboxUid(callingUid)) {
+            return false;
+        }
         String[] packages = null;
         final long ident = Binder.clearCallingIdentity();
         try {
author	Aseem Kumar <aseemk@google.com>	2025-06-11 18:41:20 -0700
committer	Kampalus <kampalus@protonmail.ch>	2025-09-18 09:21:10 +0200
commit	11c16574e9dc2e3c142c895a1ef45498b1dae59b (patch)
tree	f8f734d6cb741349eb9e4ca1117bc7dd956ae6b1
parent	9ed1790dda01b00ca6dbc2fc2dc0b5b4609011fa (diff)