diff options
| author | 2017-03-10 22:43:06 +0000 | |
|---|---|---|
| committer | 2017-03-10 22:43:10 +0000 | |
| commit | a3b642a854c8ea85e06ef87fe6ebf51b4e0dbd52 (patch) | |
| tree | 1d063e45dbed51eabbb7a5f58fb0a793b11291af | |
| parent | 4856ae4d0bd992ef06258aed47619196f6e0d306 (diff) | |
| parent | f0fa8534c65c200936fa2f3ed5c4ea0b29bd3093 (diff) | |
Merge "Always use calling uid for package lookup."
| -rw-r--r-- | packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java index 0916abebcc49..91a4e792bbb8 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java @@ -1578,8 +1578,14 @@ public class SettingsProvider extends ContentProvider { } private List<String> getSettingsNamesLocked(int settingsType, int userId) { - ApplicationInfo ai = getCallingApplicationInfoOrThrow(userId); - if (ai.isInstantApp()) { + boolean instantApp; + if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) { + instantApp = false; + } else { + ApplicationInfo ai = getCallingApplicationInfoOrThrow(); + instantApp = ai.isInstantApp(); + } + if (instantApp) { return new ArrayList<String>(getInstantAppAccessibleSettings(settingsType)); } else { return mSettingsRegistry.getSettingsNamesLocked(settingsType, userId); @@ -1590,7 +1596,7 @@ public class SettingsProvider extends ContentProvider { if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) { return; } - ApplicationInfo ai = getCallingApplicationInfoOrThrow(userId); + ApplicationInfo ai = getCallingApplicationInfoOrThrow(); if (!ai.isInstantApp()) { return; } @@ -1600,10 +1606,16 @@ public class SettingsProvider extends ContentProvider { } } - private ApplicationInfo getCallingApplicationInfoOrThrow(int userId) { + private ApplicationInfo getCallingApplicationInfoOrThrow() { + // We always use the callingUid for this lookup. This means that if hypothetically an + // app was installed in user A with cross user and in user B as an Instant App + // the app in A would be able to see all the settings in user B. However since cross + // user is a system permission and the app must be uninstalled in B and then installed as + // an Instant App that situation is not realistic or supported. ApplicationInfo ai = null; try { - ai = mPackageManager.getApplicationInfo(getCallingPackage(), 0 , userId); + ai = mPackageManager.getApplicationInfo(getCallingPackage(), 0 + , UserHandle.getCallingUserId()); } catch (RemoteException ignored) { } if (ai == null) { |