Merge "Check only if the app is installed on the other user for blob access." into sc-dev

author: Sudheer Shanka <sudheersai@google.com> 2021-06-03 22:31:50 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2021-06-03 22:31:50 +0000
commit: 2c6a28a5eabb12af758209307bbf1f06b99815ee (patch)
tree: 292e95d6e4a20ba15d4b3d9bff7ce72b17d41559 /apex/blobstore
parent: 08ad40f2d90c089950ead4cdf33a1e54fbccbb57 (diff)
parent: b395a4d49816b14e581283c24bc4d70ad6edc226 (diff)
1 files changed, 21 insertions, 3 deletions
diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java
index 300b50984c6c..7638f059b47e 100644
--- a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java
+++ b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java
@@ -50,6 +50,7 @@ import android.content.Context;
 import android.content.pm.PackageManager;
 import android.content.res.ResourceId;
 import android.content.res.Resources;
+import android.os.Binder;
 import android.os.ParcelFileDescriptor;
 import android.os.RevocableFileDescriptor;
 import android.os.UserHandle;
@@ -308,7 +309,7 @@ class BlobMetadata {
                 if (callingUserId == committerUserId) {
                     continue;
                 }
-                if (!checkCallerCanAccessBlobsAcrossUsers(callingPackage, committerUserId)) {
+                if (!isPackageInstalledOnUser(callingPackage, committerUserId)) {
                     continue;
                 }
 
@@ -326,8 +327,25 @@ class BlobMetadata {
 
     private static boolean checkCallerCanAccessBlobsAcrossUsers(
             String callingPackage, int callingUserId) {
-        return PermissionManager.checkPackageNamePermission(ACCESS_BLOBS_ACROSS_USERS,
-                callingPackage, callingUserId) == PackageManager.PERMISSION_GRANTED;
+        final long token = Binder.clearCallingIdentity();
+        try {
+            return PermissionManager.checkPackageNamePermission(ACCESS_BLOBS_ACROSS_USERS,
+                    callingPackage, callingUserId) == PackageManager.PERMISSION_GRANTED;
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+    }
+
+    private boolean isPackageInstalledOnUser(String packageName, int userId) {
+        final long token = Binder.clearCallingIdentity();
+        try {
+            mContext.getPackageManager().getPackageInfoAsUser(packageName, 0, userId);
+            return true;
+        } catch (PackageManager.NameNotFoundException e) {
+            return false;
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
     }
 
     boolean hasACommitterOrLeaseeInUser(int userId) {
author	Sudheer Shanka <sudheersai@google.com>	2021-06-03 22:31:50 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2021-06-03 22:31:50 +0000
commit	2c6a28a5eabb12af758209307bbf1f06b99815ee (patch)
tree	292e95d6e4a20ba15d4b3d9bff7ce72b17d41559 /apex/blobstore
parent	08ad40f2d90c089950ead4cdf33a1e54fbccbb57 (diff)
parent	b395a4d49816b14e581283c24bc4d70ad6edc226 (diff)