From a4fb7ea1712400c82357a411dccfe00f0b5ea7a3 Mon Sep 17 00:00:00 2001
From: Rhed Jao <rhedjao@google.com>
Date: Thu, 16 Jun 2022 12:36:55 +0800
Subject: Allows system uid to access application across users
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After this change, applying the
function shouldFilterApplicationIncludingUninstalled to the APIs
which do not take the user id as the parameter becomes easier.
There’s no need to consider whether the system caller invokes
the API with a correct user id. The system caller is able to
access the application across users.

Bug: 229684723
Test: atest AppEnumerationTests
Test: atest AppEnumerationInternalTests
Test: atest CrossUserPackageVisibilityTests
Change-Id: I674281a1fa9083bcf63dd67cad2f944d7481cb39
---
 services/core/java/com/android/server/pm/Computer.java     |  3 ++-
 .../core/java/com/android/server/pm/ComputerEngine.java    | 14 +++++++++++---
 .../com/android/server/pm/PackageManagerServiceUtils.java  |  8 +++++++-
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/services/core/java/com/android/server/pm/Computer.java b/services/core/java/com/android/server/pm/Computer.java
index ad149d343490..a878bfd46a54 100644
--- a/services/core/java/com/android/server/pm/Computer.java
+++ b/services/core/java/com/android/server/pm/Computer.java
@@ -236,7 +236,8 @@ public interface Computer extends PackageDataSnapshot {
      * existence.
      * <p>
      * Package with {@link PackageManager#SYSTEM_APP_STATE_HIDDEN_UNTIL_INSTALLED_HIDDEN} is not
-     * treated as an uninstalled package for the carrier apps customization.
+     * treated as an uninstalled package for the carrier apps customization. Bypassing the
+     * uninstalled package check if the caller is system, shell or root uid.
      */
     boolean shouldFilterApplicationIncludingUninstalled(@Nullable PackageStateInternal ps,
             int callingUid, int userId);
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 9489dc8de593..b7d241e5867c 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -58,6 +58,7 @@ import static com.android.server.pm.PackageManagerService.EMPTY_INT_ARRAY;
 import static com.android.server.pm.PackageManagerService.HIDE_EPHEMERAL_APIS;
 import static com.android.server.pm.PackageManagerService.TAG;
 import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
+import static com.android.server.pm.PackageManagerServiceUtils.isSystemOrRootOrShell;
 import static com.android.server.pm.resolution.ComponentResolver.RESOLVE_PRIORITY_SORTER;
 
 import android.Manifest;
@@ -2737,9 +2738,13 @@ public class ComputerEngine implements Computer {
         final String instantAppPkgName = getInstantAppPackageName(callingUid);
         final boolean callerIsInstantApp = instantAppPkgName != null;
         // Don't treat hiddenUntilInstalled as an uninstalled state, phone app needs to access
-        // these hidden application details to customize carrier apps.
-        if (ps == null || (filterUninstall && !ps.isHiddenUntilInstalled()
-                && !ps.getUserStateOrDefault(userId).isInstalled())) {
+        // these hidden application details to customize carrier apps. Also, allowing the system
+        // caller accessing to application across users.
+        if (ps == null
+                || (filterUninstall
+                        && !isSystemOrRootOrShell(callingUid)
+                        && !ps.isHiddenUntilInstalled()
+                        && !ps.getUserStateOrDefault(userId).isInstalled())) {
             // If caller is instant app or sdk sandbox and ps is null, pretend the application
             // exists, but, needs to be filtered
             return (callerIsInstantApp || filterUninstall || Process.isSdkSandboxUid(callingUid));
@@ -2837,6 +2842,9 @@ public class ComputerEngine implements Computer {
         if (shouldFilterApplication(sus, callingUid, userId)) {
             return true;
         }
+        if (isSystemOrRootOrShell(callingUid)) {
+            return false;
+        }
         final ArraySet<PackageStateInternal> packageStates =
                 (ArraySet<PackageStateInternal>) sus.getPackageStates();
         for (int index = 0; index < packageStates.size(); index++) {
diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
index 629ac71b9824..b7ab381a08b5 100644
--- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
+++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
@@ -1271,7 +1271,13 @@ public class PackageManagerServiceUtils {
      * Check if the Binder caller is system UID, root's UID, or shell's UID.
      */
     public static boolean isSystemOrRootOrShell() {
-        final int uid = Binder.getCallingUid();
+        return isSystemOrRootOrShell(Binder.getCallingUid());
+    }
+
+    /**
+     * @see #isSystemOrRoot()
+     */
+    public static boolean isSystemOrRootOrShell(int uid) {
         return uid == Process.SYSTEM_UID || uid == Process.ROOT_UID || uid == Process.SHELL_UID;
     }
 
-- 
cgit v1.2.3-59-g8ed1b