From 8a3efb71a420a0d4c4573114eb8a21d76fa415fc Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Wed, 21 May 2025 15:34:51 +0100
Subject: [SP 2025-09-01] Use correct API to get calling package name in
 CredentialStorage

Activity.getCallingPackage() does not always return the package
name of the actual calling app. getLaunchedFromPackage() should
be used instead.

Bug: 389681530
Test: manual
Flag: EXEMPT bugfix
Merged-In: Ibdbc45e53f4aa46fae79fa234705b3735bfda4cd
Change-Id: Ibdbc45e53f4aa46fae79fa234705b3735bfda4cd
(cherry picked from commit 70bd3efe0674bccb0d454845d86fb2402779a7bf)
---
 src/com/android/settings/security/CredentialStorage.java | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/security/CredentialStorage.java b/src/com/android/settings/security/CredentialStorage.java
index b1c65a7c3c0..5ea9b7ac21f 100644
--- a/src/com/android/settings/security/CredentialStorage.java
+++ b/src/com/android/settings/security/CredentialStorage.java
@@ -17,6 +17,7 @@
 package com.android.settings.security;
 
 import android.app.Activity;
+import android.app.ActivityManager;
 import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.content.DialogInterface;
@@ -322,15 +323,25 @@ public final class CredentialStorage extends FragmentActivity {
         }
     }
 
+    private String getCallingPackageName() {
+        try {
+            return ActivityManager.getService().getLaunchedFromPackage(getActivityToken());
+        } catch (RemoteException re) {
+            // Error talking to ActivityManager, just give up
+            return null;
+        }
+    }
+
     /**
      * Check that the caller is either certinstaller or Settings running in a profile of this user.
      */
     private boolean checkCallerIsCertInstallerOrSelfInProfile() {
-        if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
+        String callingPackage = getCallingPackageName();
+        if (TextUtils.equals("com.android.certinstaller", callingPackage)) {
             // CertInstaller is allowed to install credentials if it has the same signature as
             // Settings package.
             return getPackageManager().checkSignatures(
-                    getCallingPackage(), getPackageName()) == PackageManager.SIGNATURE_MATCH;
+                    callingPackage, getPackageName()) == PackageManager.SIGNATURE_MATCH;
         }
 
         final int launchedFromUserId;
-- 
cgit v1.2.3-59-g8ed1b