2 files changed, 25 insertions, 7 deletions

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 8abf3a66b747..832d94f1a5b5 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -156,6 +156,7 @@ import android.compat.annotation.ChangeId;
 import android.compat.annotation.EnabledAfter;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
+import android.content.ContentProvider;
 import android.content.ContentResolver;
 import android.content.Context;
 import android.content.IIntentReceiver;
@@ -2361,11 +2362,11 @@ public class PackageManagerService extends IPackageManager.Stub
                 String resolvedType, int flags, int userId, int callingUid,
                 boolean includeInstantApps) {
             if (!mUserManager.exists(userId)) return Collections.emptyList();
-            enforceCrossUserOrProfilePermission(callingUid,
+            enforceCrossUserOrProfilePermission(Binder.getCallingUid(),
                     userId,
                     false /*requireFullPermission*/,
                     false /*checkShell*/,
-                    "query intent receivers");
+                    "query intent services");
             final String instantAppPkgName = getInstantAppPackageName(callingUid);
             flags = updateFlagsForResolve(flags, userId, callingUid, includeInstantApps,
                     false /* isImplicitImageCaptureIntentAndNotSetByDpc */);
@@ -4037,10 +4038,10 @@ public class PackageManagerService extends IPackageManager.Stub
                 return true;
             }
             if (requireFullPermission) {
-                return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+                return hasPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingUid);
             }
-            return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)
-                    || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS);
+            return hasPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingUid) 
+                || hasPermission(Manifest.permission.INTERACT_ACROSS_USERS,  callingUid);
         }
 
         /**
@@ -4056,6 +4057,11 @@ public class PackageManagerService extends IPackageManager.Stub
                     == PackageManager.PERMISSION_GRANTED;
         }
 
+        private boolean hasPermission(String permission, int uid) {
+            return mContext.checkPermission(permission, /* pid= */ -1, uid)
+                    == PackageManager.PERMISSION_GRANTED;
+        }
+
         public final boolean isCallerSameApp(String packageName, int uid) {
             AndroidPackage pkg = mPackages.get(packageName);
             return pkg != null
@@ -11414,7 +11420,7 @@ public class PackageManagerService extends IPackageManager.Stub
         final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0;
 
         enforceCrossUserPermission(
-            callingUid,
+            Binder.getCallingUid(),
             userId,
             false /* requireFullPermission */,
             false /* checkShell */,
@@ -11625,7 +11631,14 @@ public class PackageManagerService extends IPackageManager.Stub
             int callingUid) {
         if (!mUserManager.exists(userId)) return null;
         flags = updateFlagsForComponent(flags, userId);
-        final ProviderInfo providerInfo = mComponentResolver.queryProvider(name, flags, userId);
+
+        // Callers of this API may not always separate the userID and authority. Let's parse it
+        // before resolving
+        String authorityWithoutUserId = ContentProvider.getAuthorityWithoutUserId(name);
+        userId = ContentProvider.getUserIdFromAuthority(name, userId);
+
+        final ProviderInfo providerInfo = mComponentResolver.queryProvider(authorityWithoutUserId,
+            flags, userId);
         boolean checkedGrants = false;
         if (providerInfo != null) {
             // Looking for cross-user grants before enforcing the typical cross-users permissions
diff --git a/services/tests/PackageManagerComponentOverrideTests/src/com/android/server/pm/test/override/PackageManagerComponentLabelIconOverrideTest.kt b/services/tests/PackageManagerComponentOverrideTests/src/com/android/server/pm/test/override/PackageManagerComponentLabelIconOverrideTest.kt
index b4f8b6edd139..0e769f0a06bc 100644
--- a/services/tests/PackageManagerComponentOverrideTests/src/com/android/server/pm/test/override/PackageManagerComponentLabelIconOverrideTest.kt
+++ b/services/tests/PackageManagerComponentOverrideTests/src/com/android/server/pm/test/override/PackageManagerComponentLabelIconOverrideTest.kt
@@ -49,6 +49,7 @@ import org.junit.BeforeClass
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.junit.runners.Parameterized
+import org.mockito.ArgumentMatchers.eq
 import org.mockito.Mockito.any
 import org.mockito.Mockito.anyInt
 import org.mockito.Mockito.clearInvocations
@@ -360,6 +361,10 @@ class PackageManagerComponentLabelIconOverrideTest {
                     android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)) {
                 PackageManager.PERMISSION_GRANTED
             }
+            whenever(this.checkPermission(
+                eq(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL), anyInt(), anyInt())) {
+                PackageManager.PERMISSION_GRANTED
+            }
         }
         val mockInjector: PackageManagerService.Injector = mock {
             whenever(this.lock) { PackageManagerTracedLock() }