Handle supplemental UIDs in package/UID verification.

Supplemental UIDs are processes that are spawned alongside regular app processes. These supplemental processes all share the same package name; allow this package name when verifying packageName / UID combinations for the supplemental UID range. Bug: 215012578 Test: atest AppOpsTests CtsAppOpsTestCases Change-Id: I10df1eff13b789caca91826d997c8c6e1cf241ed
author: Martijn Coenen <maco@google.com> 2022-02-03 19:40:40 +0100
committer: Martijn Coenen <maco@google.com> 2022-02-09 20:26:48 +0100
commit: 130738f15ca6ee54909971df01340bc5b31cc06c (patch)
tree: 3b70358edd0fe653306b70ba2fa54f0982f78b4e
parent: ccfec2282243e041d8f576648edceb28cc2b1dbc (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 40fda4cbec5e..cebcc64f7d5e 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -4549,6 +4549,26 @@ public class AppOpsService extends IAppOpsService.Stub {
             return new PackageVerificationResult(null,
                     /* isAttributionTagValid */ true);
         }
+        if (Process.isSupplemental(uid)) {
+            // Supplemental processes run in their own UID range, but their associated
+            // UID for checks should always be the UID of the supplemental package.
+            // TODO: We will need to modify the callers of this function instead, so
+            // modifications and checks against the app ops state are done with the
+            // correct UID.
+            try {
+                final PackageManager pm = mContext.getPackageManager();
+                final String supplementalPackageName = pm.getSupplementalProcessPackageName();
+                if (Objects.equals(packageName, supplementalPackageName)) {
+                    int supplementalAppId = pm.getPackageUid(supplementalPackageName,
+                            PackageManager.PackageInfoFlags.of(0));
+                    uid = UserHandle.getUid(UserHandle.getUserId(uid), supplementalAppId);
+                }
+            } catch (PackageManager.NameNotFoundException e) {
+                // Shouldn't happen for the supplemental package
+                e.printStackTrace();
+            }
+        }
+
 
         // Do not check if uid/packageName/attributionTag is already known.
         synchronized (this) {
author	Martijn Coenen <maco@google.com>	2022-02-03 19:40:40 +0100
committer	Martijn Coenen <maco@google.com>	2022-02-09 20:26:48 +0100
commit	130738f15ca6ee54909971df01340bc5b31cc06c (patch)
tree	3b70358edd0fe653306b70ba2fa54f0982f78b4e
parent	ccfec2282243e041d8f576648edceb28cc2b1dbc (diff)