diff options
| author | 2017-05-24 20:38:51 +0000 | |
|---|---|---|
| committer | 2017-05-24 20:38:56 +0000 | |
| commit | 1de10d6602df4ab2a7769b69a57e472920ba7fee (patch) | |
| tree | 7ef92c3671854a29d2f1764a3f184ef6599ea1f4 | |
| parent | 131eaa7865edeead0373e339c51ce65b5f51cd15 (diff) | |
| parent | 3051caac52729c8c059eb538805f4d274a9945a5 (diff) | |
Merge "System installed launcher can see instant apps" into oc-dev
4 files changed, 38 insertions, 26 deletions
diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java index 87e6a8465beb..4cee2dfb66cb 100644 --- a/core/java/android/content/pm/PackageManagerInternal.java +++ b/core/java/android/content/pm/PackageManagerInternal.java @@ -343,5 +343,5 @@ public abstract class PackageManagerInternal { public abstract int getUidTargetSdkVersion(int uid); /** Whether the binder caller can access instant apps. */ - public abstract boolean canAccessInstantApps(int callingUid); + public abstract boolean canAccessInstantApps(int callingUid, int userId); } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 18cfc990f205..8ed76de6bc1b 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3317,12 +3317,16 @@ confirmation UI for full backup/restore --> <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/> - - <!-- Allows the holder to access the instant applications on the device. + <!-- Allows the holder to access and manage instant applications on the device. @hide --> <permission android:name="android.permission.ACCESS_INSTANT_APPS" android:protectionLevel="signature|installer|verifier" /> + <!-- Allows the holder to view the instant applications on the device. + @hide --> + <permission android:name="android.permission.VIEW_INSTANT_APPS" + android:protectionLevel="signature|preinstalled" /> + <!-- Allows receiving the usage of media resource e.g. video/audio codec and graphic memory. @hide --> diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 7ec867f36448..1b32a932ec50 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -3517,16 +3517,25 @@ public class PackageManagerService extends IPackageManager.Stub * system partition.</li> * </ol> */ - private boolean canAccessInstantApps(int callingUid) { - final boolean isSpecialProcess = - callingUid == Process.SYSTEM_UID - || callingUid == Process.SHELL_UID - || callingUid == Process.ROOT_UID; - final boolean allowMatchInstant = - isSpecialProcess - || mContext.checkCallingOrSelfPermission( - android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED; - return allowMatchInstant; + private boolean canViewInstantApps(int callingUid, int userId) { + if (callingUid == Process.SYSTEM_UID + || callingUid == Process.SHELL_UID + || callingUid == Process.ROOT_UID) { + return true; + } + if (mContext.checkCallingOrSelfPermission( + android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED) { + return true; + } + if (mContext.checkCallingOrSelfPermission( + android.Manifest.permission.VIEW_INSTANT_APPS) == PERMISSION_GRANTED) { + final ComponentName homeComponent = getDefaultHomeActivity(userId); + if (homeComponent != null + && isCallerSameApp(homeComponent.getPackageName(), callingUid)) { + return true; + } + } + return false; } private PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId) { @@ -3784,7 +3793,7 @@ public class PackageManagerService extends IPackageManager.Stub } if (ps.getInstantApp(userId)) { // caller can see all components of all instant applications, don't filter - if (canAccessInstantApps(callingUid)) { + if (canViewInstantApps(callingUid, userId)) { return false; } // request for a specific instant application component, filter @@ -4408,11 +4417,12 @@ public class PackageManagerService extends IPackageManager.Stub flags |= PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY; flags |= PackageManager.MATCH_INSTANT; } else { + final boolean wantMatchInstant = (flags & PackageManager.MATCH_INSTANT) != 0; final boolean allowMatchInstant = (wantInstantApps && Intent.ACTION_VIEW.equals(intent.getAction()) && hasWebURI(intent)) - || canAccessInstantApps(callingUid); + || (wantMatchInstant && canViewInstantApps(callingUid, userId)); flags &= ~(PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY | PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY); if (!allowMatchInstant) { @@ -5937,7 +5947,7 @@ public class PackageManagerService extends IPackageManager.Stub final int callingUid = Binder.getCallingUid(); final int callingUserId = UserHandle.getUserId(callingUid); synchronized (mPackages) { - if (canAccessInstantApps(callingUid)) { + if (canViewInstantApps(callingUid, callingUserId)) { return new ArrayList<String>(mPackages.keySet()); } final String instantAppPkgName = getInstantAppPackageName(callingUid); @@ -8146,9 +8156,7 @@ public class PackageManagerService extends IPackageManager.Stub final boolean returnAllowed = ps != null && (isCallerSameApp(packageName, callingUid) - || mContext.checkCallingOrSelfPermission( - android.Manifest.permission.ACCESS_INSTANT_APPS) - == PERMISSION_GRANTED + || canViewInstantApps(callingUid, userId) || mInstantAppRegistry.isInstantAccessGranted( userId, UserHandle.getAppId(callingUid), ps.appId)); if (returnAllowed) { @@ -24381,8 +24389,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } @Override - public boolean canAccessInstantApps(int callingUid) { - return PackageManagerService.this.canAccessInstantApps(callingUid); + public boolean canAccessInstantApps(int callingUid, int userId) { + return PackageManagerService.this.canViewInstantApps(callingUid, userId); } } diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java index 912e7a81cdfa..073a17eacd3a 100644 --- a/services/usage/java/com/android/server/usage/UsageStatsService.java +++ b/services/usage/java/com/android/server/usage/UsageStatsService.java @@ -411,8 +411,8 @@ public class UsageStatsService extends SystemService implements } } - private boolean shouldObfuscateInstantAppsForCaller(int callingUid) { - return !mPackageManagerInternal.canAccessInstantApps(callingUid); + private boolean shouldObfuscateInstantAppsForCaller(int callingUid, int userId) { + return !mPackageManagerInternal.canAccessInstantApps(callingUid, userId); } void clearAppIdleForPackage(String packageName, int userId) { @@ -1390,7 +1390,7 @@ public class UsageStatsService extends SystemService implements } final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller( - Binder.getCallingUid()); + Binder.getCallingUid(), UserHandle.getCallingUserId()); final int userId = UserHandle.getCallingUserId(); final long token = Binder.clearCallingIdentity(); @@ -1435,7 +1435,7 @@ public class UsageStatsService extends SystemService implements } final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller( - Binder.getCallingUid()); + Binder.getCallingUid(), UserHandle.getCallingUserId()); final int userId = UserHandle.getCallingUserId(); final long token = Binder.clearCallingIdentity(); @@ -1456,7 +1456,7 @@ public class UsageStatsService extends SystemService implements throw re.rethrowFromSystemServer(); } final boolean obfuscateInstantApps = shouldObfuscateInstantAppsForCaller( - Binder.getCallingUid()); + Binder.getCallingUid(), userId); final long token = Binder.clearCallingIdentity(); try { return UsageStatsService.this.isAppIdleFilteredOrParoled(packageName, userId, |