Adds caller check to getAllPackages()

This change enforces that only system, root or shell may call
getAllPackages(), a hidden API that shares all package names regardless
of user, instant app or package visibility rules.

Bug: 174661955
Merged-In: I77460ae19a4d41151577646441f11e2eddbb741a
(cherry picked from commit cca5bf9282d37e132f2c4ba80ced5e6c074e8889)

Change-Id: I630cfd7c3be9bf6f2a6b8e132f6b8dda6b7fa274
(cherry picked from commit 264dea63b026d1f3e5217db632d3665fdbb3ffae)

1 files changed, 5 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 8a47bd06d527..2433df96ddd6 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -5791,6 +5791,11 @@ public class PackageManagerService extends IPackageManager.Stub
     @Override
     public List<String> getAllPackages() {
         final int callingUid = Binder.getCallingUid();
+        // enforceSystemOrRootOrShell:
+        if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID
+                && callingUid != Process.SHELL_UID) {
+            throw new SecurityException("getAllPackages is limited to privileged callers");
+        }
         final int callingUserId = UserHandle.getUserId(callingUid);
         synchronized (mPackages) {
             if (canViewInstantApps(callingUid, callingUserId)) {