diff options
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 4ba6854b9234..67acfac79a36 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -17246,6 +17246,9 @@ public class ActivityManagerService extends IActivityManager.Stub public ComponentName startSdkSandboxService(Intent service, int clientAppUid, String clientAppPackage, String processName) throws RemoteException { validateSdkSandboxParams(service, clientAppUid, clientAppPackage, processName); + if (mAppOpsService.checkPackage(clientAppUid, clientAppPackage) != MODE_ALLOWED) { + throw new IllegalArgumentException("uid does not belong to provided package"); + } // TODO(b/269598719): Is passing the application thread of the system_server alright? // e.g. the sandbox getting privileged access due to this. ComponentName cn = ActivityManagerService.this.startService( @@ -17312,6 +17315,9 @@ public class ActivityManagerService extends IActivityManager.Stub String processName, long flags) throws RemoteException { validateSdkSandboxParams(service, clientAppUid, clientAppPackage, processName); + if (mAppOpsService.checkPackage(clientAppUid, clientAppPackage) != MODE_ALLOWED) { + throw new IllegalArgumentException("uid does not belong to provided package"); + } if (conn == null) { throw new IllegalArgumentException("connection is null"); } @@ -17364,9 +17370,6 @@ public class ActivityManagerService extends IActivityManager.Stub if (!UserHandle.isApp(clientAppUid)) { throw new IllegalArgumentException("uid is not within application range"); } - if (mAppOpsService.checkPackage(clientAppUid, clientAppPackage) != MODE_ALLOWED) { - throw new IllegalArgumentException("uid does not belong to provided package"); - } } @Override |