Apply package visibility for apps with shared userId

Add package visibility filtering to the implementation in the branching for apps with shared UID. Bug: 181619776 Test: atest AppEnumerationTests Test: atest AppsFilterTest Change-Id: I3a3cd4d4d65093409149ad0187eb125c8edc5c39
author: Jackal Guo <jackalguo@google.com> 2021-03-02 14:14:17 +0800
committer: Jackal Guo <jackalguo@google.com> 2021-03-10 16:09:31 +0800
commit: e9c759bbc0fc47f0f746cceed17e29a570696d2d (patch)
tree: 3314bbafbc71aae6ec1b2928bf3634e8507b3411
parent: 14ff83458134a7aec58211081c7923703391cda9 (diff)
1 files changed, 55 insertions, 17 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index bc991634fb07..c524b3c38522 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -1979,6 +1979,8 @@ public class PackageManagerService extends IPackageManager.Stub
                 @Nullable ComponentName component, @ComponentType int componentType, int userId);
         boolean shouldFilterApplicationLocked(@Nullable PackageSetting ps, int callingUid,
                 int userId);
+        boolean shouldFilterApplicationLocked(@NonNull SharedUserSetting sus, int callingUid,
+                int userId);
         int bestDomainVerificationStatus(int status1, int status2);
         int checkUidPermission(String permName, int uid);
         int getPackageUidInternal(String packageName, int flags, int userId, int callingUid);
@@ -4143,6 +4145,19 @@ public class PackageManagerService extends IPackageManager.Stub
         }
 
         /**
+         * @see #shouldFilterApplicationLocked(PackageSetting, int, ComponentName, int, int)
+         */
+        public boolean shouldFilterApplicationLocked(@NonNull SharedUserSetting sus, int callingUid,
+                int userId) {
+            boolean filterApp = true;
+            for (int index = sus.packages.size() - 1; index >= 0 && filterApp; index--) {
+                filterApp &= shouldFilterApplicationLocked(sus.packages.valueAt(index),
+                        callingUid, /* component */ null, TYPE_UNKNOWN, userId);
+            }
+            return filterApp;
+        }
+
+        /**
          * Verification statuses are ordered from the worse to the best, except for
          * INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER, which is the worse.
          */
@@ -7900,6 +7915,15 @@ public class PackageManagerService extends IPackageManager.Stub
             ps, callingUid, userId);
     }
 
+    /**
+     * @see #shouldFilterApplicationLocked(PackageSetting, int, ComponentName, int, int)
+     */
+    @GuardedBy("mLock")
+    private boolean shouldFilterApplicationLocked(@NonNull SharedUserSetting sus, int callingUid,
+            int userId) {
+        return liveComputer().shouldFilterApplicationLocked(sus, callingUid, userId);
+    }
+
     @GuardedBy("mLock")
     private boolean filterSharedLibPackageLPr(@Nullable PackageSetting ps, int uid, int userId,
             int flags) {
@@ -8966,7 +8990,6 @@ public class PackageManagerService extends IPackageManager.Stub
     public int checkUidSignatures(int uid1, int uid2) {
         final int callingUid = Binder.getCallingUid();
         final int callingUserId = UserHandle.getUserId(callingUid);
-        final boolean isCallerInstantApp = getInstantAppPackageName(callingUid) != null;
         // Map to base uids.
         final int appId1 = UserHandle.getAppId(uid1);
         final int appId2 = UserHandle.getAppId(uid2);
@@ -8977,10 +9000,11 @@ public class PackageManagerService extends IPackageManager.Stub
             Object obj = mSettings.getSettingLPr(appId1);
             if (obj != null) {
                 if (obj instanceof SharedUserSetting) {
-                    if (isCallerInstantApp) {
+                    final SharedUserSetting sus = (SharedUserSetting) obj;
+                    if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
                         return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
                     }
-                    p1SigningDetails = ((SharedUserSetting) obj).signatures.mSigningDetails;
+                    p1SigningDetails = sus.signatures.mSigningDetails;
                 } else if (obj instanceof PackageSetting) {
                     final PackageSetting ps = (PackageSetting) obj;
                     if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
@@ -8996,10 +9020,11 @@ public class PackageManagerService extends IPackageManager.Stub
             obj = mSettings.getSettingLPr(appId2);
             if (obj != null) {
                 if (obj instanceof SharedUserSetting) {
-                    if (isCallerInstantApp) {
+                    final SharedUserSetting sus = (SharedUserSetting) obj;
+                    if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
                         return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
                     }
-                    p2SigningDetails = ((SharedUserSetting) obj).signatures.mSigningDetails;
+                    p2SigningDetails = sus.signatures.mSigningDetails;
                 } else if (obj instanceof PackageSetting) {
                     final PackageSetting ps = (PackageSetting) obj;
                     if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
@@ -9088,11 +9113,11 @@ public class PackageManagerService extends IPackageManager.Stub
             final Object obj = mSettings.getSettingLPr(appId);
             if (obj != null) {
                 if (obj instanceof SharedUserSetting) {
-                    final boolean isCallerInstantApp = getInstantAppPackageName(callingUid) != null;
-                    if (isCallerInstantApp) {
+                    final SharedUserSetting sus = (SharedUserSetting) obj;
+                    if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
                         return false;
                     }
-                    signingDetails = ((SharedUserSetting)obj).signatures.mSigningDetails;
+                    signingDetails = sus.signatures.mSigningDetails;
                 } else if (obj instanceof PackageSetting) {
                     final PackageSetting ps = (PackageSetting) obj;
                     if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
@@ -9217,16 +9242,19 @@ public class PackageManagerService extends IPackageManager.Stub
         if (getInstantAppPackageName(callingUid) != null) {
             return null;
         }
+        final int callingUserId = UserHandle.getUserId(callingUid);
         final int appId = UserHandle.getAppId(uid);
         synchronized (mLock) {
             final Object obj = mSettings.getSettingLPr(appId);
             if (obj instanceof SharedUserSetting) {
                 final SharedUserSetting sus = (SharedUserSetting) obj;
+                if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
+                    return null;
+                }
                 return sus.name + ":" + sus.userId;
             } else if (obj instanceof PackageSetting) {
                 final PackageSetting ps = (PackageSetting) obj;
-                if (shouldFilterApplicationLocked(
-                        ps, callingUid, UserHandle.getUserId(callingUid))) {
+                if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
                     return null;
                 }
                 return ps.name;
@@ -9244,6 +9272,7 @@ public class PackageManagerService extends IPackageManager.Stub
         if (getInstantAppPackageName(callingUid) != null) {
             return null;
         }
+        final int callingUserId = UserHandle.getUserId(callingUid);
         final String[] names = new String[uids.length];
         synchronized (mLock) {
             for (int i = uids.length - 1; i >= 0; i--) {
@@ -9251,11 +9280,14 @@ public class PackageManagerService extends IPackageManager.Stub
                 final Object obj = mSettings.getSettingLPr(appId);
                 if (obj instanceof SharedUserSetting) {
                     final SharedUserSetting sus = (SharedUserSetting) obj;
-                    names[i] = "shared:" + sus.name;
+                    if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
+                        names[i] = null;
+                    } else {
+                        names[i] = "shared:" + sus.name;
+                    }
                 } else if (obj instanceof PackageSetting) {
                     final PackageSetting ps = (PackageSetting) obj;
-                    if (shouldFilterApplicationLocked(
-                            ps, callingUid, UserHandle.getUserId(callingUid))) {
+                    if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
                         names[i] = null;
                     } else {
                         names[i] = ps.name;
@@ -9297,16 +9329,19 @@ public class PackageManagerService extends IPackageManager.Stub
         if (getInstantAppPackageName(callingUid) != null) {
             return 0;
         }
+        final int callingUserId = UserHandle.getUserId(callingUid);
         final int appId = UserHandle.getAppId(uid);
         synchronized (mLock) {
             final Object obj = mSettings.getSettingLPr(appId);
             if (obj instanceof SharedUserSetting) {
                 final SharedUserSetting sus = (SharedUserSetting) obj;
+                if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
+                    return 0;
+                }
                 return sus.pkgFlags;
             } else if (obj instanceof PackageSetting) {
                 final PackageSetting ps = (PackageSetting) obj;
-                if (shouldFilterApplicationLocked(
-                        ps, callingUid, UserHandle.getUserId(callingUid))) {
+                if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
                     return 0;
                 }
                 return ps.pkgFlags;
@@ -9321,16 +9356,19 @@ public class PackageManagerService extends IPackageManager.Stub
         if (getInstantAppPackageName(callingUid) != null) {
             return 0;
         }
+        final int callingUserId = UserHandle.getUserId(callingUid);
         final int appId = UserHandle.getAppId(uid);
         synchronized (mLock) {
             final Object obj = mSettings.getSettingLPr(appId);
             if (obj instanceof SharedUserSetting) {
                 final SharedUserSetting sus = (SharedUserSetting) obj;
+                if (shouldFilterApplicationLocked(sus, callingUid, callingUserId)) {
+                    return 0;
+                }
                 return sus.pkgPrivateFlags;
             } else if (obj instanceof PackageSetting) {
                 final PackageSetting ps = (PackageSetting) obj;
-                if (shouldFilterApplicationLocked(
-                        ps, callingUid, UserHandle.getUserId(callingUid))) {
+                if (shouldFilterApplicationLocked(ps, callingUid, callingUserId)) {
                     return 0;
                 }
                 return ps.pkgPrivateFlags;
author	Jackal Guo <jackalguo@google.com>	2021-03-02 14:14:17 +0800
committer	Jackal Guo <jackalguo@google.com>	2021-03-10 16:09:31 +0800
commit	e9c759bbc0fc47f0f746cceed17e29a570696d2d (patch)
tree	3314bbafbc71aae6ec1b2928bf3634e8507b3411
parent	14ff83458134a7aec58211081c7923703391cda9 (diff)