Add package manager internal api checkUidSignaturesForAllUsers

Starting from U, the PackageManager#checkUidSignatures does not support to check package signatures for different users. It returns false if packages cannot be found in the calling user. This cl adds an internal api checkUidSignaturesForAllUsers for system modules that need to check package signatures installed in any users. Bug: 229684723 Test: atest BlobStoreMultiUserTest Change-Id: Ib5b3c25dcafe664b31bd737bdb2718c045f845b4
author: Rhed Jao <rhedjao@google.com> 2022-05-09 19:24:07 +0800
committer: Rhed Jao <rhedjao@google.com> 2022-05-10 11:57:56 +0800
commit: 83e91711f24c7704cfd84d863fc22c3fe83d15d4 (patch)
tree: a5445645f21c227c07cab561a78a05667b8c9da0 /apex/blobstore
parent: 5321abef41e5130340c9612518014dd9d7664661 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
index 83ef21e7528b..b0c295c331d7 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
@@ -24,6 +24,7 @@ import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.content.pm.PackageManagerInternal;
 import android.os.Binder;
 import android.os.UserHandle;
 import android.util.ArraySet;
@@ -32,6 +33,7 @@ import android.util.DebugUtils;
 import android.util.IndentingPrintWriter;
 
 import com.android.internal.util.XmlUtils;
+import com.android.server.LocalServices;
 
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
@@ -108,7 +110,7 @@ class BlobAccessMode {
         }
 
         if ((mAccessType & ACCESS_TYPE_SAME_SIGNATURE) != 0) {
-            if (checkSignatures(context, callingUid, committerUid)) {
+            if (checkSignatures(callingUid, committerUid)) {
                 return true;
             }
         }
@@ -133,11 +135,11 @@ class BlobAccessMode {
     /**
      * Compare signatures for two packages of different users.
      */
-    private boolean checkSignatures(Context context, int uid1, int uid2) {
+    private boolean checkSignatures(int uid1, int uid2) {
         final long token = Binder.clearCallingIdentity();
         try {
-            return context.getPackageManager().checkSignatures(uid1, uid2)
-                    == PackageManager.SIGNATURE_MATCH;
+            return LocalServices.getService(PackageManagerInternal.class)
+                    .checkUidSignaturesForAllUsers(uid1, uid2) == PackageManager.SIGNATURE_MATCH;
         } finally {
             Binder.restoreCallingIdentity(token);
         }
author	Rhed Jao <rhedjao@google.com>	2022-05-09 19:24:07 +0800
committer	Rhed Jao <rhedjao@google.com>	2022-05-10 11:57:56 +0800
commit	83e91711f24c7704cfd84d863fc22c3fe83d15d4 (patch)
tree	a5445645f21c227c07cab561a78a05667b8c9da0 /apex/blobstore
parent	5321abef41e5130340c9612518014dd9d7664661 (diff)