diff options
3 files changed, 50 insertions, 6 deletions
diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java index 370af177288f..16d582efb730 100644 --- a/core/java/android/content/pm/PackageManagerInternal.java +++ b/core/java/android/content/pm/PackageManagerInternal.java @@ -314,4 +314,17 @@ public abstract class PackageManagerInternal { */ public abstract ResolveInfo resolveIntent(Intent intent, String resolvedType, int flags, int userId); + + /** + * Track the creator of a new isolated uid. + * @param isolatedUid The newly created isolated uid. + * @param ownerUid The uid of the app that created the isolated process. + */ + public abstract void addIsolatedUid(int isolatedUid, int ownerUid); + + /** + * Track removal of an isolated uid. + * @param isolatedUid isolated uid that is no longer being used. + */ + public abstract void removeIsolatedUid(int isolatedUid); } diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 8cb0eee07b3d..f602e43fe1e8 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -6596,6 +6596,7 @@ public class ActivityManagerService extends IActivityManager.Stub mBatteryStatsService.noteProcessFinish(app.processName, app.info.uid); if (app.isolated) { mBatteryStatsService.removeIsolatedUid(app.uid, app.info.uid); + getPackageManagerInternalLocked().removeIsolatedUid(app.uid); } boolean willRestart = false; if (app.persistent && !app.isolated) { @@ -12089,6 +12090,7 @@ public class ActivityManagerService extends IActivityManager.Stub // the uid of the isolated process is specified by the caller. uid = isolatedUid; } + getPackageManagerInternalLocked().addIsolatedUid(uid, info.uid); // Register the isolated UID with this application so BatteryStats knows to // attribute resource usage to the application. diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 6ef0a2542713..899847f177eb 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -651,6 +651,11 @@ public class PackageManagerService extends IPackageManager.Stub { final ArrayMap<String, Set<String>> mKnownCodebase = new ArrayMap<String, Set<String>>(); + // Keys are isolated uids and values are the uid of the application + // that created the isolated proccess. + @GuardedBy("mPackages") + final SparseIntArray mIsolatedOwners = new SparseIntArray(); + // List of APK paths to load for each user and package. This data is never // persisted by the package manager. Instead, the overlay manager will // ensure the data is up-to-date in runtime. @@ -6175,6 +6180,10 @@ public class PackageManagerService extends IPackageManager.Stub { * instant, returns {@code null}. */ private String getInstantAppPackageName(int callingUid) { + // If the caller is an isolated app use the owner's uid for the lookup. + if (Process.isIsolated(callingUid)) { + callingUid = mIsolatedOwners.get(callingUid); + } final int appId = UserHandle.getAppId(callingUid); synchronized (mPackages) { final Object obj = mSettings.getUserIdLPr(appId); @@ -7347,17 +7356,22 @@ public class PackageManagerService extends IPackageManager.Stub { if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { return false; } + int uid = Binder.getCallingUid(); + if (Process.isIsolated(uid)) { + uid = mIsolatedOwners.get(uid); + } synchronized (mPackages) { final PackageSetting ps = mSettings.mPackages.get(packageName); + PackageParser.Package pkg = mPackages.get(packageName); final boolean returnAllowed = ps != null - && (isCallerSameApp(packageName) + && (isCallerSameApp(packageName, uid) || mContext.checkCallingOrSelfPermission( android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED || mInstantAppRegistry.isInstantAccessGranted( - userId, UserHandle.getAppId(Binder.getCallingUid()), ps.appId)); + userId, UserHandle.getAppId(uid), ps.appId)); if (returnAllowed) { return ps.getInstantApp(userId); } @@ -7374,7 +7388,7 @@ public class PackageManagerService extends IPackageManager.Stub { enforceCrossUserPermission(Binder.getCallingUid(), userId, true /* requireFullPermission */, false /* checkShell */, "getInstantAppCookie"); - if (!isCallerSameApp(packageName)) { + if (!isCallerSameApp(packageName, Binder.getCallingUid())) { return null; } synchronized (mPackages) { @@ -7392,7 +7406,7 @@ public class PackageManagerService extends IPackageManager.Stub { enforceCrossUserPermission(Binder.getCallingUid(), userId, true /* requireFullPermission */, true /* checkShell */, "setInstantAppCookie"); - if (!isCallerSameApp(packageName)) { + if (!isCallerSameApp(packageName, Binder.getCallingUid())) { return false; } synchronized (mPackages) { @@ -7420,10 +7434,10 @@ public class PackageManagerService extends IPackageManager.Stub { } } - private boolean isCallerSameApp(String packageName) { + private boolean isCallerSameApp(String packageName, int uid) { PackageParser.Package pkg = mPackages.get(packageName); return pkg != null - && UserHandle.getAppId(Binder.getCallingUid()) == pkg.applicationInfo.uid; + && UserHandle.getAppId(uid) == pkg.applicationInfo.uid; } @Override @@ -23187,6 +23201,21 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); return resolveIntentInternal( intent, resolvedType, flags, userId, true /*includeInstantApp*/); } + + + @Override + public void addIsolatedUid(int isolatedUid, int ownerUid) { + synchronized (mPackages) { + mIsolatedOwners.put(isolatedUid, ownerUid); + } + } + + @Override + public void removeIsolatedUid(int isolatedUid) { + synchronized (mPackages) { + mIsolatedOwners.delete(isolatedUid); + } + } } @Override |