From 85985722a6e7b3eee16be2e66e170f83f37f6561 Mon Sep 17 00:00:00 2001
From: Zak Cohen <zakcohen@google.com>
Date: Fri, 17 Jan 2025 15:16:13 -0800
Subject: RemoteViews - Always load new ApplicationInfo from PackageManager.

Always load ApplicationInfo object needed for RemoteViews Contexts directly
from PackageManager. The key used is the package name.

Previously this object was read from the RemoteViews bundle, which was
provided by the Widget providing app, and this object could not be relied
on to have accurate data fields.

Bug: 376028556
Flag: EXEMPT Security Fix
Test: atest CtsWidgetTestCases:RemoteViewsActivityTest#testApplicationInfo
Change-Id: Ie263b51fd2c2bdbf9d622533bb3f77d9f3f7181e
(cherry picked from commit 352fb4821076f0209ab2092d53444503dcec8992)
Merged-In: Ie263b51fd2c2bdbf9d622533bb3f77d9f3f7181e
---
 core/java/android/appwidget/AppWidgetHostView.java |  4 ----
 core/java/android/widget/RemoteViews.java          | 14 +++++++++++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/core/java/android/appwidget/AppWidgetHostView.java b/core/java/android/appwidget/AppWidgetHostView.java
index b0ffd7690377..956d40a3c3d2 100644
--- a/core/java/android/appwidget/AppWidgetHostView.java
+++ b/core/java/android/appwidget/AppWidgetHostView.java
@@ -20,7 +20,6 @@ import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.Activity;
 import android.app.ActivityOptions;
-import android.app.LoadedApk;
 import android.compat.annotation.UnsupportedAppUsage;
 import android.content.ComponentName;
 import android.content.Context;
@@ -727,9 +726,6 @@ public class AppWidgetHostView extends FrameLayout {
      */
     protected Context getRemoteContextEnsuringCorrectCachedApkPath() {
         try {
-            ApplicationInfo expectedAppInfo = mInfo.providerInfo.applicationInfo;
-            LoadedApk.checkAndUpdateApkPaths(expectedAppInfo);
-            // Return if cloned successfully, otherwise default
             Context newContext = mContext.createApplicationContext(
                     mInfo.providerInfo.applicationInfo,
                     Context.CONTEXT_RESTRICTED);
diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
index a8ba2e9a4d7f..46144a321e9f 100644
--- a/core/java/android/widget/RemoteViews.java
+++ b/core/java/android/widget/RemoteViews.java
@@ -34,7 +34,6 @@ import android.app.Activity;
 import android.app.ActivityOptions;
 import android.app.ActivityThread;
 import android.app.Application;
-import android.app.LoadedApk;
 import android.app.PendingIntent;
 import android.app.RemoteInput;
 import android.appwidget.AppWidgetHostView;
@@ -6074,9 +6073,18 @@ public class RemoteViews implements Parcelable, Filter {
                 return context;
             }
             try {
-                LoadedApk.checkAndUpdateApkPaths(mApplication);
-                return context.createApplicationContext(mApplication,
+                // Use PackageManager as the source of truth for application information, rather
+                // than the parceled ApplicationInfo provided by the app.
+                ApplicationInfo sanitizedApplication =
+                        context.getPackageManager().getApplicationInfoAsUser(
+                                mApplication.packageName, 0,
+                                UserHandle.getUserId(mApplication.uid));
+                Context applicationContext = context.createApplicationContext(
+                        sanitizedApplication,
                         Context.CONTEXT_RESTRICTED);
+                // Get the correct apk paths while maintaining the current context's configuration.
+                return applicationContext.createConfigurationContext(
+                        context.getResources().getConfiguration());
             } catch (NameNotFoundException e) {
                 Log.e(LOG_TAG, "Package name " + mApplication.packageName + " not found");
             }
-- 
cgit v1.2.3-59-g8ed1b