diff options
| author | 2019-02-20 08:41:58 -0800 | |
|---|---|---|
| committer | 2019-02-20 21:57:20 -0800 | |
| commit | 7fe9a808d97e229ff6b30a4d316eb51d21d77ca8 (patch) | |
| tree | df664ce301a92a0dd3cd5a25f6e6abbeede53923 | |
| parent | 623a9c6dc744320691a482288f2a196ce9957b77 (diff) | |
Allow cmd package suspend for secondary users.
See also: ag/6459825
bug: 124844866
Test: From a secondary user:
cts-tradefed run cts-dev -m CtsAppTestCases -t android.app.cts.NotificationManagerTest
Create user 10
$ adb install -r ./testcases/CtsAppTestStubs.apk
$ adb shell cmd package suspend android.app.stubs
Package android.app.stubs new suspended state: true
$ adb shell cmd package unsuspend android.app.stubs
Package android.app.stubs new suspended state: false
$ adb shell cmd package suspend --user 10 android.app.stubs
Package android.app.stubs new suspended state: true
$ adb shell cmd package unsuspend --user 10 android.app.stubs
Package android.app.stubs new suspended state: false
$ adb shell cmd package unsuspend --user 11 android.app.stubs
Security exception: Calling package com.android.shell in user 11 does not belong to calling uid 2000
java.lang.SecurityException: Calling package com.android.shell in user 11 does not belong to calling uid 2000
at com.android.server.pm.PackageManagerService.setPackagesSuspendedAsUser(PackageManagerService.java:12878)
at com.android.server.pm.PackageManagerShellCommand.runSuspend(PackageManagerShellCommand.java:1845)
at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:223)
at android.os.ShellCommand.exec(ShellCommand.java:103)
at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:20670)
at android.os.Binder.shellCommand(Binder.java:887)
at android.os.Binder.onTransact(Binder.java:771)
at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4689)
at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:3698)
at android.os.Binder.execTransactInternal(Binder.java:1026)
at android.os.Binder.execTransact(Binder.java:999)
Change-Id: I89ed4eaf95959175c6f366b8760f119abc05719e
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index b1c186e9e9f8..dd36db9e00e0 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -12867,8 +12867,14 @@ public class PackageManagerService extends IPackageManager.Stub "setPackagesSuspendedAsUser"); final int callingUid = Binder.getCallingUid(); - if (callingUid != Process.ROOT_UID && callingUid != Process.SYSTEM_UID - && getPackageUid(callingPackage, 0, userId) != callingUid) { + final int packageUid = getPackageUid(callingPackage, 0, userId); + final boolean allowedCallingUid = callingUid == Process.ROOT_UID + || callingUid == Process.SYSTEM_UID; + final boolean allowedPackageUid = packageUid == callingUid; + final boolean allowedShell = callingUid == SHELL_UID + && UserHandle.isSameApp(packageUid, callingUid); + + if (!allowedCallingUid && !allowedShell && !allowedPackageUid) { throw new SecurityException("Calling package " + callingPackage + " in user " + userId + " does not belong to calling uid " + callingUid); } |