1 files changed, 10 insertions, 10 deletions

diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
index 96114dcb66a7..ffa534ec2053 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java
@@ -1376,6 +1376,11 @@ public class BlobStoreManagerService extends SystemService {
         }
     }
 
+    private boolean isAllowedBlobAccess(int uid, String packageName) {
+        return (!Process.isSupplemental(uid) && !Process.isIsolated(uid)
+                && !mPackageManagerInternal.isInstantApp(packageName, UserHandle.getUserId(uid)));
+    }
+
     private class PackageChangedReceiver extends BroadcastReceiver {
         @Override
         public void onReceive(Context context, Intent intent) {
@@ -1437,8 +1442,7 @@ public class BlobStoreManagerService extends SystemService {
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
 
-            if (Process.isIsolated(callingUid) || mPackageManagerInternal.isInstantApp(
-                    packageName, UserHandle.getUserId(callingUid))) {
+            if (!isAllowedBlobAccess(callingUid, packageName)) {
                 throw new SecurityException("Caller not allowed to create session; "
                         + "callingUid=" + callingUid + ", callingPackage=" + packageName);
             }
@@ -1487,8 +1491,7 @@ public class BlobStoreManagerService extends SystemService {
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
 
-            if (Process.isIsolated(callingUid) || mPackageManagerInternal.isInstantApp(
-                    packageName, UserHandle.getUserId(callingUid))) {
+            if (!isAllowedBlobAccess(callingUid, packageName)) {
                 throw new SecurityException("Caller not allowed to open blob; "
                         + "callingUid=" + callingUid + ", callingPackage=" + packageName);
             }
@@ -1519,8 +1522,7 @@ public class BlobStoreManagerService extends SystemService {
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
 
-            if (Process.isIsolated(callingUid) || mPackageManagerInternal.isInstantApp(
-                    packageName, UserHandle.getUserId(callingUid))) {
+            if (!isAllowedBlobAccess(callingUid, packageName)) {
                 throw new SecurityException("Caller not allowed to open blob; "
                         + "callingUid=" + callingUid + ", callingPackage=" + packageName);
             }
@@ -1544,8 +1546,7 @@ public class BlobStoreManagerService extends SystemService {
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
 
-            if (Process.isIsolated(callingUid) || mPackageManagerInternal.isInstantApp(
-                    packageName, UserHandle.getUserId(callingUid))) {
+            if (!isAllowedBlobAccess(callingUid, packageName)) {
                 throw new SecurityException("Caller not allowed to open blob; "
                         + "callingUid=" + callingUid + ", callingPackage=" + packageName);
             }
@@ -1628,8 +1629,7 @@ public class BlobStoreManagerService extends SystemService {
             final int callingUid = Binder.getCallingUid();
             verifyCallingPackage(callingUid, packageName);
 
-            if (Process.isIsolated(callingUid) || mPackageManagerInternal.isInstantApp(
-                    packageName, UserHandle.getUserId(callingUid))) {
+            if (!isAllowedBlobAccess(callingUid, packageName)) {
                 throw new SecurityException("Caller not allowed to open blob; "
                         + "callingUid=" + callingUid + ", callingPackage=" + packageName);
             }