From f0fa8534c65c200936fa2f3ed5c4ea0b29bd3093 Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Thu, 23 Feb 2017 10:45:20 -0800
Subject: Always use calling uid for package lookup.

Change-Id: I61949aa4a261d6cd18d7c9878a29dc40364afac0
Fixes: 35656125
Test: `adb shell settings list global`
---
 .../providers/settings/SettingsProvider.java       | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 0916abebcc49..91a4e792bbb8 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1578,8 +1578,14 @@ public class SettingsProvider extends ContentProvider {
     }
 
     private List<String> getSettingsNamesLocked(int settingsType, int userId) {
-        ApplicationInfo ai = getCallingApplicationInfoOrThrow(userId);
-        if (ai.isInstantApp()) {
+        boolean instantApp;
+        if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) {
+            instantApp = false;
+        } else {
+            ApplicationInfo ai = getCallingApplicationInfoOrThrow();
+            instantApp = ai.isInstantApp();
+        }
+        if (instantApp) {
             return new ArrayList<String>(getInstantAppAccessibleSettings(settingsType));
         } else {
             return mSettingsRegistry.getSettingsNamesLocked(settingsType, userId);
@@ -1590,7 +1596,7 @@ public class SettingsProvider extends ContentProvider {
         if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) {
             return;
         }
-        ApplicationInfo ai = getCallingApplicationInfoOrThrow(userId);
+        ApplicationInfo ai = getCallingApplicationInfoOrThrow();
         if (!ai.isInstantApp()) {
             return;
         }
@@ -1600,10 +1606,16 @@ public class SettingsProvider extends ContentProvider {
         }
     }
 
-    private ApplicationInfo getCallingApplicationInfoOrThrow(int userId) {
+    private ApplicationInfo getCallingApplicationInfoOrThrow() {
+        // We always use the callingUid for this lookup. This means that if hypothetically an
+        // app was installed in user A with cross user and in user B as an Instant App
+        // the app in A would be able to see all the settings in user B. However since cross
+        // user is a system permission and the app must be uninstalled in B and then installed as
+        // an Instant App that situation is not realistic or supported.
         ApplicationInfo ai = null;
         try {
-            ai = mPackageManager.getApplicationInfo(getCallingPackage(), 0 , userId);
+            ai = mPackageManager.getApplicationInfo(getCallingPackage(), 0
+                    , UserHandle.getCallingUserId());
         } catch (RemoteException ignored) {
         }
         if (ai == null) {
-- 
cgit v1.2.3-59-g8ed1b