RESTRICT AUTOMERGE: Backporting of b/77821568

Enforce permission check before returning application info Test: manually tested (see bug for repro steps) Bug: 77821568 Change-Id: I5d81345b2d958c2bb0a62bbcb8bd8c714a1cf41e
author: akirilov <akirilov@google.com> 2018-06-07 14:36:25 -0700
committer: Atanas Kirilov <akirilov@google.com> 2018-06-13 18:09:13 +0000
commit: 4bc1c2445ce6a6359095b54e46aaba6c7897c99f (patch)
tree: fa0a4ae24d6c3554f549f16aee035caf730e47e7
parent: df97989c90972ecc3935c056279c0ce6221c7475 (diff)
1 files changed, 22 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 8ac229ee2e13..949307412a0b 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3892,13 +3892,25 @@ public class PackageManagerService extends IPackageManager.Stub {
      */
     void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission,
             boolean checkShell, String message) {
+        enforceCrossUserPermission(
+              callingUid,
+              userId,
+              requireFullPermission,
+              checkShell,
+              false,
+              message);
+    }
+
+    private void enforceCrossUserPermission(int callingUid, int userId,
+            boolean requireFullPermission, boolean checkShell,
+            boolean requirePermissionWhenSameUser, String message) {
         if (userId < 0) {
             throw new IllegalArgumentException("Invalid userId " + userId);
         }
         if (checkShell) {
             enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId);
         }
-        if (userId == UserHandle.getUserId(callingUid)) return;
+        if (!requirePermissionWhenSameUser && userId == UserHandle.getUserId(callingUid)) return;
         if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
             if (requireFullPermission) {
                 mContext.enforceCallingOrSelfPermission(
@@ -6292,7 +6304,7 @@ public class PackageManagerService extends IPackageManager.Stub {
         flags = updateFlagsForPackage(flags, userId, null);
         final boolean listUninstalled = (flags & MATCH_UNINSTALLED_PACKAGES) != 0;
         enforceCrossUserPermission(Binder.getCallingUid(), userId,
-                true /* requireFullPermission */, false /* checkShell */,
+                false /* requireFullPermission */, false /* checkShell */,
                 "get installed packages");
 
         // writer
@@ -6400,10 +6412,18 @@ public class PackageManagerService extends IPackageManager.Stub {
 
     @Override
     public ParceledListSlice<ApplicationInfo> getInstalledApplications(int flags, int userId) {
+        final int callingUid = Binder.getCallingUid();
         if (!sUserManager.exists(userId)) return ParceledListSlice.emptyList();
         flags = updateFlagsForApplication(flags, userId, null);
         final boolean listUninstalled = (flags & MATCH_UNINSTALLED_PACKAGES) != 0;
 
+        enforceCrossUserPermission(
+            callingUid,
+            userId,
+            false /* requireFullPermission */,
+            false /* checkShell */,
+            "get installed application info");
+
         // writer
         synchronized (mPackages) {
             ArrayList<ApplicationInfo> list;
author	akirilov <akirilov@google.com>	2018-06-07 14:36:25 -0700
committer	Atanas Kirilov <akirilov@google.com>	2018-06-13 18:09:13 +0000
commit	4bc1c2445ce6a6359095b54e46aaba6c7897c99f (patch)
tree	fa0a4ae24d6c3554f549f16aee035caf730e47e7
parent	df97989c90972ecc3935c056279c0ce6221c7475 (diff)