diff options
author | yawanng <yawanng@google.com> | 2021-02-08 22:38:28 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2021-04-08 16:39:53 +0000 |
commit | aca94478ab543cb00679c6890f39ae7d1814d6ae (patch) | |
tree | 915a42a657f3618657a66c90574544e4d284cc2f | |
parent | 29871cc3b1be5b014fdfa673d67ddbad4544f662 (diff) | |
download | base-aca94478ab543cb00679c6890f39ae7d1814d6ae.tar.gz |
Adds caller check to getAllPackages()
This change enforces that only system, root or shell may call
getAllPackages(), a hidden API that shares all package names regardless
of user, instant app or package visibility rules.
Bug: 174661955
Merged-In: I77460ae19a4d41151577646441f11e2eddbb741a
(cherry picked from commit cca5bf9282d37e132f2c4ba80ced5e6c074e8889)
Change-Id: I630cfd7c3be9bf6f2a6b8e132f6b8dda6b7fa274
(cherry picked from commit 264dea63b026d1f3e5217db632d3665fdbb3ffae)
-rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 8a47bd06d527..2433df96ddd6 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -5791,6 +5791,11 @@ public class PackageManagerService extends IPackageManager.Stub @Override public List<String> getAllPackages() { final int callingUid = Binder.getCallingUid(); + // enforceSystemOrRootOrShell: + if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID + && callingUid != Process.SHELL_UID) { + throw new SecurityException("getAllPackages is limited to privileged callers"); + } final int callingUserId = UserHandle.getUserId(callingUid); synchronized (mPackages) { if (canViewInstantApps(callingUid, callingUserId)) { |