From 66acf93106a784172c39e6bbf5c22a1aa3563e0b Mon Sep 17 00:00:00 2001
From: Nikita Ioffe <ioffe@google.com>
Date: Thu, 16 Jun 2022 13:36:35 +0100
Subject: Handle the visibility of sdk sandbox uids

Sdk sandbox processes have the following visibility rules:

1. Sdk sandbox process should be visible to itself
2. Sdk sandbox process should be visible to the corresponding client app
3. Sdk sandbox process shouldn't be visible to anything else

On top of that handle the NPE in the
ComputerEngine.shouldFilterApplication by treating null
PackageStateInternal the same way it is treated in case the calling uid
belongs to the instant app, which is to pretend that null application
exists and that it shouldn't be visible to sdk sandbox.

Bug: 236162773
Test: atest SdkSandboxInprocessTests
Change-Id: Ic2583610f55c36169f9abb35b58a0ab60884a312
Merged-In: Ic2583610f55c36169f9abb35b58a0ab60884a312
---
 .../core/java/com/android/server/pm/ComputerEngine.java | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 30de9ba638cc..259ca655d2b9 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -2686,7 +2686,7 @@ public class ComputerEngine implements Computer {
         if (Process.isSdkSandboxUid(callingUid)) {
             int clientAppUid = Process.getAppUidForSdkSandboxUid(callingUid);
             // SDK sandbox should be able to see it's client app
-            if (clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {
+            if (ps != null && clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {
                 return false;
             }
         }
@@ -2698,7 +2698,7 @@ public class ComputerEngine implements Computer {
         final boolean callerIsInstantApp = instantAppPkgName != null;
         if (ps == null) {
             // pretend the application exists, but, needs to be filtered
-            return callerIsInstantApp;
+            return callerIsInstantApp || Process.isSdkSandboxUid(callingUid);
         }
         // if the target and caller are the same application, don't filter
         if (isCallerSameApp(ps.getPackageName(), callingUid)) {
@@ -3089,6 +3089,19 @@ public class ComputerEngine implements Computer {
     }
 
     public boolean filterAppAccess(int uid, int callingUid) {
+        if (Process.isSdkSandboxUid(uid)) {
+            // Sdk sandbox instance should be able to see itself.
+            if (callingUid == uid) {
+                return false;
+            }
+            final int clientAppUid = Process.getAppUidForSdkSandboxUid(uid);
+            // Client app of this sdk sandbox process should be able to see it.
+            if (clientAppUid == uid) {
+                return false;
+            }
+            // Nobody else should be able to see the sdk sandbox process.
+            return true;
+        }
         final int userId = UserHandle.getUserId(uid);
         final int appId = UserHandle.getAppId(uid);
         final Object setting = mSettings.getSettingBase(appId);
-- 
cgit v1.2.3-59-g8ed1b


From e2474393bc7cfce3c3a314188eb0d8066c20951f Mon Sep 17 00:00:00 2001
From: Kenneth Ford <kennethford@google.com>
Date: Thu, 12 May 2022 17:05:59 +0000
Subject: Creates new FLAG_APP_INACCESSIBLE flag for DeviceState

Creates new flag to signify a device state that is inaccessible
for an application to be launched on. This helps improve CTS
testing to make sure we're only testing on device states that
make sense.

Bug: 230826329
Test: adb shell cmd device_state print-states
Change-Id: I21acb936a721af62a4a9a4566246954943f05f67
---
 .../core/java/com/android/server/devicestate/DeviceState.java | 11 ++++++++++-
 .../com/android/server/policy/DeviceStateProviderImpl.java    |  4 ++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/devicestate/DeviceState.java b/services/core/java/com/android/server/devicestate/DeviceState.java
index 78d55b92eb80..f8d4b8fffd03 100644
--- a/services/core/java/com/android/server/devicestate/DeviceState.java
+++ b/services/core/java/com/android/server/devicestate/DeviceState.java
@@ -18,6 +18,7 @@ package com.android.server.devicestate;
 
 import static android.hardware.devicestate.DeviceStateManager.MAXIMUM_DEVICE_STATE;
 import static android.hardware.devicestate.DeviceStateManager.MINIMUM_DEVICE_STATE;
+import static android.view.Display.DEFAULT_DISPLAY;
 
 import android.annotation.IntDef;
 import android.annotation.IntRange;
@@ -48,9 +49,16 @@ public final class DeviceState {
      */
     public static final int FLAG_CANCEL_OVERRIDE_REQUESTS = 1 << 0;
 
+    /**
+     * Flag that indicates this device state is inaccessible for applications to be placed in. This
+     * could be a device-state where the {@link DEFAULT_DISPLAY} is not enabled.
+     */
+    public static final int FLAG_APP_INACCESSIBLE = 1 << 1;
+
     /** @hide */
     @IntDef(prefix = {"FLAG_"}, flag = true, value = {
             FLAG_CANCEL_OVERRIDE_REQUESTS,
+            FLAG_APP_INACCESSIBLE
     })
     @Retention(RetentionPolicy.SOURCE)
     public @interface DeviceStateFlags {}
@@ -97,7 +105,8 @@ public final class DeviceState {
 
     @Override
     public String toString() {
-        return "DeviceState{" + "identifier=" + mIdentifier + ", name='" + mName + '\'' + '}';
+        return "DeviceState{" + "identifier=" + mIdentifier + ", name='" + mName + '\''
+                + ", app_accessible=" + !hasFlag(FLAG_APP_INACCESSIBLE) + "}";
     }
 
     @Override
diff --git a/services/core/java/com/android/server/policy/DeviceStateProviderImpl.java b/services/core/java/com/android/server/policy/DeviceStateProviderImpl.java
index 17a5fd07f920..9b7d19a725d1 100644
--- a/services/core/java/com/android/server/policy/DeviceStateProviderImpl.java
+++ b/services/core/java/com/android/server/policy/DeviceStateProviderImpl.java
@@ -95,6 +95,7 @@ public final class DeviceStateProviderImpl implements DeviceStateProvider,
     private static final String DATA_CONFIG_FILE_PATH = "system/devicestate/";
     private static final String CONFIG_FILE_NAME = "device_state_configuration.xml";
     private static final String FLAG_CANCEL_OVERRIDE_REQUESTS = "FLAG_CANCEL_OVERRIDE_REQUESTS";
+    private static final String FLAG_APP_INACCESSIBLE = "FLAG_APP_INACCESSIBLE";
 
     /** Interface that allows reading the device state configuration. */
     interface ReadableConfig {
@@ -145,6 +146,9 @@ public final class DeviceStateProviderImpl implements DeviceStateProvider,
                                 case FLAG_CANCEL_OVERRIDE_REQUESTS:
                                     flags |= DeviceState.FLAG_CANCEL_OVERRIDE_REQUESTS;
                                     break;
+                                case FLAG_APP_INACCESSIBLE:
+                                    flags |= DeviceState.FLAG_APP_INACCESSIBLE;
+                                    break;
                                 default:
                                     Slog.w(TAG, "Parsed unknown flag with name: "
                                             + configFlagString);
-- 
cgit v1.2.3-59-g8ed1b