From e8551a88f62f9cc8c4a6a6ded338fabe5de6283d Mon Sep 17 00:00:00 2001
From: Eugene Susla <eugenesusla@google.com>
Date: Mon, 12 Oct 2020 16:23:15 -0700
Subject: RESTRICT AUTOMERGE Fix CDM package check

CDM was using a pckage check that returns a value intead of throwing,
resulting in failing to throw on querying other package's associations

Test: ensure attached bug no longer reproduces
Bug: 167244818
Change-Id: I21319b6f5495dcae681541c76b847aad0c00b8ab
---
 .../com/android/server/companion/CompanionDeviceManagerService.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index b3bad57f1300..5ca1379710e8 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -25,6 +25,7 @@ import static com.android.internal.util.Preconditions.checkState;
 import android.Manifest;
 import android.annotation.CheckResult;
 import android.annotation.Nullable;
+import android.app.AppOpsManager;
 import android.app.PendingIntent;
 import android.companion.AssociationRequest;
 import android.companion.CompanionDeviceManager;
@@ -273,7 +274,10 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
 
             checkArgument(getCallingUserId() == userId,
                     "Must be called by either same user or system");
-            mAppOpsManager.checkPackage(Binder.getCallingUid(), pkg);
+            int callingUid = Binder.getCallingUid();
+            if (mAppOpsManager.checkPackage(callingUid, pkg) != AppOpsManager.MODE_ALLOWED) {
+                throw new SecurityException(pkg + " doesn't belong to uid " + callingUid);
+            }
         }
 
         @Override
-- 
cgit v1.2.3-59-g8ed1b