Merge "RESTRICT AUTOMERGE Relax security exception for backport" into oc-dev

1 files changed, 13 insertions, 3 deletions

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index fcd7f465baf0..43f70198d96b 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4477,9 +4477,19 @@ public class PackageManagerService extends IPackageManager.Stub
         if ((flags & PackageManager.MATCH_ANY_USER) != 0) {
             // require the permission to be held; the calling uid and given user id referring
             // to the same user is not sufficient
-            enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, true,
-                    "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at "
-                    + Debug.getCallers(5));
+            try {
+                enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, true,
+                        "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at "
+                        + Debug.getCallers(5));
+            } catch (SecurityException se) {
+                // For compatibility reasons, we can't throw a security exception here if we're
+                // looking for applications in our own user id. Instead, unset the MATCH_ANY_USER
+                // flag and move on.
+                if (userId != UserHandle.getCallingUserId()) {
+                    throw se;
+                }
+                flags &= ~PackageManager.MATCH_ANY_USER;
+            }
         } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0 && isCallerSystemUser
                 && sUserManager.hasManagedProfile(UserHandle.USER_SYSTEM)) {
             // If the caller wants all packages and has a restricted profile associated with it,