Apply package visibility to AppWidgetManager#getInstalledProviders

Package visibility should be applied to #getInstalledProviders as what we did for similar APIs in PackageManager. Bug: 180104057 Test: atest AppEnumerationTests Change-Id: I50f471e6f71613e36cc1b137456a3ee0b23f6a38
author: Jackal Guo <jackalguo@google.com> 2021-04-16 14:09:57 +0800
committer: Jackal Guo <jackalguo@google.com> 2021-04-19 16:35:24 +0800
commit: c5a303f4a849fcf693e37242299d9f77db2f5e10 (patch)
tree: 41e00cd37d67282d7842aee3176fce069048e786
parent: aa36363f72caf018595efa9d79c0c9b600fc012e (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
index e251700498ee..d922d2b06c89 100644
--- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
+++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
@@ -1589,6 +1589,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
     public ParceledListSlice<AppWidgetProviderInfo> getInstalledProvidersForProfile(int categoryFilter,
             int profileId, String packageName) {
         final int userId = UserHandle.getCallingUserId();
+        final int callingUid = Binder.getCallingUid();
 
         if (DEBUG) {
             Slog.i(TAG, "getInstalledProvidersForProfiles() " + userId);
@@ -1601,7 +1602,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
 
         synchronized (mLock) {
             if (mSecurityPolicy.isCallerInstantAppLocked()) {
-                Slog.w(TAG, "Instant uid " + Binder.getCallingUid()
+                Slog.w(TAG, "Instant uid " + callingUid
                         + " cannot access widget providers");
                 return ParceledListSlice.emptyList();
             }
@@ -1614,11 +1615,12 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
             for (int i = 0; i < providerCount; i++) {
                 Provider provider = mProviders.get(i);
                 AppWidgetProviderInfo info = provider.getInfoLocked(mContext);
+                final String providerPackageName = provider.id.componentName.getPackageName();
 
                 // Ignore an invalid provider, one not matching the filter,
                 // or one that isn't in the given package, if any.
                 boolean inPackage = packageName == null
-                        || provider.id.componentName.getPackageName().equals(packageName);
+                        || providerPackageName.equals(packageName);
                 if (provider.zombie || (info.widgetCategory & categoryFilter) == 0 || !inPackage) {
                     continue;
                 }
@@ -1627,7 +1629,9 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
                 final int providerProfileId = info.getProfile().getIdentifier();
                 if (providerProfileId == profileId
                         && mSecurityPolicy.isProviderInCallerOrInProfileAndWhitelListed(
-                            provider.id.componentName.getPackageName(), providerProfileId)) {
+                        providerPackageName, providerProfileId)
+                        && !mPackageManagerInternal.filterAppAccess(providerPackageName, callingUid,
+                        userId)) {
                     result.add(cloneIfLocalBinder(info));
                 }
             }
author	Jackal Guo <jackalguo@google.com>	2021-04-16 14:09:57 +0800
committer	Jackal Guo <jackalguo@google.com>	2021-04-19 16:35:24 +0800
commit	c5a303f4a849fcf693e37242299d9f77db2f5e10 (patch)
tree	41e00cd37d67282d7842aee3176fce069048e786
parent	aa36363f72caf018595efa9d79c0c9b600fc012e (diff)