From 83e91711f24c7704cfd84d863fc22c3fe83d15d4 Mon Sep 17 00:00:00 2001
From: Rhed Jao <rhedjao@google.com>
Date: Mon, 9 May 2022 19:24:07 +0800
Subject: Add package manager internal api checkUidSignaturesForAllUsers

Starting from U, the PackageManager#checkUidSignatures does not
support to check package signatures for different users. It
returns false if packages cannot be found in the calling user.

This cl adds an internal api checkUidSignaturesForAllUsers for
system modules that need to check package signatures installed
in any users.

Bug: 229684723
Test: atest BlobStoreMultiUserTest
Change-Id: Ib5b3c25dcafe664b31bd737bdb2718c045f845b4
---
 .../service/java/com/android/server/blob/BlobAccessMode.java   | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'apex/blobstore')

diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
index 83ef21e7528b..b0c295c331d7 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java
@@ -24,6 +24,7 @@ import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.content.pm.PackageManagerInternal;
 import android.os.Binder;
 import android.os.UserHandle;
 import android.util.ArraySet;
@@ -32,6 +33,7 @@ import android.util.DebugUtils;
 import android.util.IndentingPrintWriter;
 
 import com.android.internal.util.XmlUtils;
+import com.android.server.LocalServices;
 
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
@@ -108,7 +110,7 @@ class BlobAccessMode {
         }
 
         if ((mAccessType & ACCESS_TYPE_SAME_SIGNATURE) != 0) {
-            if (checkSignatures(context, callingUid, committerUid)) {
+            if (checkSignatures(callingUid, committerUid)) {
                 return true;
             }
         }
@@ -133,11 +135,11 @@ class BlobAccessMode {
     /**
      * Compare signatures for two packages of different users.
      */
-    private boolean checkSignatures(Context context, int uid1, int uid2) {
+    private boolean checkSignatures(int uid1, int uid2) {
         final long token = Binder.clearCallingIdentity();
         try {
-            return context.getPackageManager().checkSignatures(uid1, uid2)
-                    == PackageManager.SIGNATURE_MATCH;
+            return LocalServices.getService(PackageManagerInternal.class)
+                    .checkUidSignaturesForAllUsers(uid1, uid2) == PackageManager.SIGNATURE_MATCH;
         } finally {
             Binder.restoreCallingIdentity(token);
         }
-- 
cgit v1.2.3-59-g8ed1b