summaryrefslogtreecommitdiff
path: root/apex
diff options
context:
space:
mode:
authorCassie Wang <cassiewang@google.com>2021-06-18 14:13:31 -0700
committerCassie Wang <cassiewang@google.com>2021-06-23 14:15:27 -0700
commit8417a0f2534d0ea0b26aef5813a2f86bd26b2f9c (patch)
tree5667b12b7a6f045c0df6b82d297bac61eea3d2b2 /apex
parentf46a8f62761efa4e7b870956d25fa2fbf2f0f0ee (diff)
Prevent instant apps from using AppSearch.
Bug: 181875256 Test: atest -m -c --rebuild-module-info CtsAppSearchHostTestCases CtsAppSearchTestCases FrameworksCoreTests:android.app.appsearch FrameworksServicesTests:com.android.server.appsearch Change-Id: I50fa222f51a9d10395bd6b5815580170561d96d0
Diffstat (limited to 'apex')
-rw-r--r--apex/appsearch/framework/java/android/app/appsearch/AppSearchSession.java5
-rw-r--r--apex/appsearch/framework/java/android/app/appsearch/GlobalSearchSession.java5
-rw-r--r--apex/appsearch/framework/java/android/app/appsearch/SearchResults.java5
-rw-r--r--apex/appsearch/framework/java/android/app/appsearch/aidl/IAppSearchManager.aidl21
-rw-r--r--apex/appsearch/framework/java/external/android/app/appsearch/AppSearchResult.java2
-rw-r--r--apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java117
-rw-r--r--apex/appsearch/service/java/com/android/server/appsearch/AppSearchUserInstanceManager.java9
-rw-r--r--apex/appsearch/service/java/com/android/server/appsearch/stats/PlatformLogger.java15
-rw-r--r--apex/appsearch/service/java/com/android/server/appsearch/util/PackageUtil.java11
9 files changed, 133 insertions, 57 deletions
diff --git a/apex/appsearch/framework/java/android/app/appsearch/AppSearchSession.java b/apex/appsearch/framework/java/android/app/appsearch/AppSearchSession.java
index 0b24c0d9f5c5..b5e366255180 100644
--- a/apex/appsearch/framework/java/android/app/appsearch/AppSearchSession.java
+++ b/apex/appsearch/framework/java/android/app/appsearch/AppSearchSession.java
@@ -90,6 +90,7 @@ public final class AppSearchSession implements Closeable {
@NonNull Consumer<AppSearchResult<AppSearchSession>> callback) {
try {
mService.initialize(
+ mPackageName,
mUserHandle,
/*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime(),
new IAppSearchResultCallback.Stub() {
@@ -685,7 +686,9 @@ public final class AppSearchSession implements Closeable {
if (mIsMutated && !mIsClosed) {
try {
mService.persistToDisk(
- mUserHandle, /*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime());
+ mPackageName,
+ mUserHandle,
+ /*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime());
mIsClosed = true;
} catch (RemoteException e) {
Log.e(TAG, "Unable to close the AppSearchSession", e);
diff --git a/apex/appsearch/framework/java/android/app/appsearch/GlobalSearchSession.java b/apex/appsearch/framework/java/android/app/appsearch/GlobalSearchSession.java
index 247eb08d698a..130e442c0000 100644
--- a/apex/appsearch/framework/java/android/app/appsearch/GlobalSearchSession.java
+++ b/apex/appsearch/framework/java/android/app/appsearch/GlobalSearchSession.java
@@ -73,6 +73,7 @@ public class GlobalSearchSession implements Closeable {
@NonNull Consumer<AppSearchResult<GlobalSearchSession>> callback) {
try {
mService.initialize(
+ mPackageName,
mUserHandle,
/*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime(),
new IAppSearchResultCallback.Stub() {
@@ -187,7 +188,9 @@ public class GlobalSearchSession implements Closeable {
if (mIsMutated && !mIsClosed) {
try {
mService.persistToDisk(
- mUserHandle, /*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime());
+ mPackageName,
+ mUserHandle,
+ /*binderCallStartTimeMillis=*/ SystemClock.elapsedRealtime());
mIsClosed = true;
} catch (RemoteException e) {
Log.e(TAG, "Unable to close the GlobalSearchSession", e);
diff --git a/apex/appsearch/framework/java/android/app/appsearch/SearchResults.java b/apex/appsearch/framework/java/android/app/appsearch/SearchResults.java
index eb5d22eaaea0..6dfa01f6e680 100644
--- a/apex/appsearch/framework/java/android/app/appsearch/SearchResults.java
+++ b/apex/appsearch/framework/java/android/app/appsearch/SearchResults.java
@@ -124,7 +124,8 @@ public class SearchResults implements Closeable {
wrapCallback(executor, callback));
}
} else {
- mService.getNextPage(mNextPageToken, mUserHandle, wrapCallback(executor, callback));
+ mService.getNextPage(mPackageName, mNextPageToken, mUserHandle,
+ wrapCallback(executor, callback));
}
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
@@ -135,7 +136,7 @@ public class SearchResults implements Closeable {
public void close() {
if (!mIsClosed) {
try {
- mService.invalidateNextPageToken(mNextPageToken, mUserHandle);
+ mService.invalidateNextPageToken(mPackageName, mNextPageToken, mUserHandle);
mIsClosed = true;
} catch (RemoteException e) {
Log.e(TAG, "Unable to close the SearchResults", e);
diff --git a/apex/appsearch/framework/java/android/app/appsearch/aidl/IAppSearchManager.aidl b/apex/appsearch/framework/java/android/app/appsearch/aidl/IAppSearchManager.aidl
index c639ef604de8..a2f545f791fd 100644
--- a/apex/appsearch/framework/java/android/app/appsearch/aidl/IAppSearchManager.aidl
+++ b/apex/appsearch/framework/java/android/app/appsearch/aidl/IAppSearchManager.aidl
@@ -181,21 +181,30 @@ interface IAppSearchManager {
* Fetches the next page of results of a previously executed query. Results can be empty if
* next-page token is invalid or all pages have been returned.
*
+ * @param packageName The name of the package to persist to disk for.
* @param nextPageToken The token of pre-loaded results of previously executed query.
* @param userHandle Handle of the calling user
* @param callback {@link AppSearchResult}&lt;{@link Bundle}&gt; of performing this
* operation.
*/
- void getNextPage(in long nextPageToken, in UserHandle userHandle, in IAppSearchResultCallback callback);
+ void getNextPage(
+ in String packageName,
+ in long nextPageToken,
+ in UserHandle userHandle,
+ in IAppSearchResultCallback callback);
/**
* Invalidates the next-page token so that no more results of the related query can be returned.
*
+ * @param packageName The name of the package to persist to disk for.
* @param nextPageToken The token of pre-loaded results of previously executed query to be
* Invalidated.
* @param userHandle Handle of the calling user
*/
- void invalidateNextPageToken(in long nextPageToken, in UserHandle userHandle);
+ void invalidateNextPageToken(
+ in String packageName,
+ in long nextPageToken,
+ in UserHandle userHandle);
/**
* Searches a document based on a given specifications.
@@ -336,20 +345,26 @@ interface IAppSearchManager {
/**
* Persists all update/delete requests to the disk.
*
+ * @param packageName The name of the package to persist to disk for.
* @param userHandle Handle of the calling user
* @param binderCallStartTimeMillis start timestamp of binder call in Millis
*/
- void persistToDisk(in UserHandle userHandle, in long binderCallStartTimeMillis);
+ void persistToDisk(
+ in String packageName,
+ in UserHandle userHandle,
+ in long binderCallStartTimeMillis);
/**
* Creates and initializes AppSearchImpl for the calling app.
*
+ * @param packageName The name of the package to initialize for.
* @param userHandle Handle of the calling user
* @param binderCallStartTimeMillis start timestamp of binder call in Millis
* @param callback {@link IAppSearchResultCallback#onResult} will be called with an
* {@link AppSearchResult}&lt;{@link Void}&gt;.
*/
void initialize(
+ in String packageName,
in UserHandle userHandle,
in long binderCallStartTimeMillis,
in IAppSearchResultCallback callback);
diff --git a/apex/appsearch/framework/java/external/android/app/appsearch/AppSearchResult.java b/apex/appsearch/framework/java/external/android/app/appsearch/AppSearchResult.java
index c57cf2e68993..b1cb132ee088 100644
--- a/apex/appsearch/framework/java/external/android/app/appsearch/AppSearchResult.java
+++ b/apex/appsearch/framework/java/external/android/app/appsearch/AppSearchResult.java
@@ -239,6 +239,8 @@ public final class AppSearchResult<ValueType> {
resultCode = AppSearchResult.RESULT_INVALID_ARGUMENT;
} else if (t instanceof IOException) {
resultCode = AppSearchResult.RESULT_IO_ERROR;
+ } else if (t instanceof SecurityException) {
+ resultCode = AppSearchResult.RESULT_SECURITY_ERROR;
} else {
resultCode = AppSearchResult.RESULT_UNKNOWN_ERROR;
}
diff --git a/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java b/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java
index c1a91badb668..481d51eaf099 100644
--- a/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java
+++ b/apex/appsearch/service/java/com/android/server/appsearch/AppSearchManagerService.java
@@ -220,9 +220,10 @@ public class AppSearchManagerService extends SystemService {
}
// Only clear the package's data if AppSearch exists for this user.
if (AppSearchUserInstanceManager.getAppSearchDir(userHandle).exists()) {
+ Context userContext = mContext.createContextAsUser(userHandle, /*flags=*/ 0);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
+ userContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
//TODO(b/145759910) clear visibility setting for package.
instance.getAppSearchImpl().clearPackageData(packageName);
instance.getLogger().removeCachedUidForPackage(packageName);
@@ -243,11 +244,11 @@ public class AppSearchManagerService extends SystemService {
try {
// Only clear the package's data if AppSearch exists for this user.
if (AppSearchUserInstanceManager.getAppSearchDir(userHandle).exists()) {
+ Context userContext = mContext.createContextAsUser(userHandle, /*flags=*/ 0);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
- List<PackageInfo> installedPackageInfos = mContext
- .createContextAsUser(userHandle, /*flags=*/0)
+ userContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
+ List<PackageInfo> installedPackageInfos = userContext
.getPackageManager()
.getInstalledPackages(/*flags=*/0);
Set<String> packagesToKeep = new ArraySet<>(installedPackageInfos.size());
@@ -327,8 +328,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
List<AppSearchSchema> schemas = new ArrayList<>(schemaBundles.size());
for (int i = 0; i < schemaBundles.size(); i++) {
schemas.add(new AppSearchSchema(schemaBundles.get(i)));
@@ -401,8 +404,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
GetSchemaResponse response =
@@ -431,8 +436,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
List<String> namespaces =
@@ -468,8 +475,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchBatchResult.Builder<String, Void> resultBuilder =
new AppSearchBatchResult.Builder<>();
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
@@ -548,8 +557,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchBatchResult.Builder<String, Bundle> resultBuilder =
new AppSearchBatchResult.Builder<>();
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
@@ -627,8 +638,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
SearchResultPage searchResultPage = instance.getAppSearchImpl().query(
packageName,
@@ -691,8 +704,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
boolean callerHasSystemAccess =
@@ -738,9 +753,11 @@ public class AppSearchManagerService extends SystemService {
@Override
public void getNextPage(
+ @NonNull String packageName,
long nextPageToken,
@NonNull UserHandle userHandle,
@NonNull IAppSearchResultCallback callback) {
+ Objects.requireNonNull(packageName);
Objects.requireNonNull(userHandle);
Objects.requireNonNull(callback);
@@ -750,7 +767,10 @@ public class AppSearchManagerService extends SystemService {
// opened it
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
SearchResultPage searchResultPage =
@@ -765,14 +785,19 @@ public class AppSearchManagerService extends SystemService {
}
@Override
- public void invalidateNextPageToken(long nextPageToken, @NonNull UserHandle userHandle) {
+ public void invalidateNextPageToken(@NonNull String packageName, long nextPageToken,
+ @NonNull UserHandle userHandle) {
+ Objects.requireNonNull(packageName);
Objects.requireNonNull(userHandle);
int callingUid = Binder.getCallingUid();
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
instance.getAppSearchImpl().invalidateNextPageToken(nextPageToken);
@@ -803,7 +828,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
- verifyCallingPackage(callingUser, callingUid, packageName);
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
+ verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
// we don't need to append the file. The file is always brand new.
@@ -849,7 +877,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
- verifyCallingPackage(callingUser, callingUid, packageName);
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
+ verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
@@ -908,8 +939,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
@@ -957,8 +990,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchBatchResult.Builder<String, Void> resultBuilder =
new AppSearchBatchResult.Builder<>();
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
@@ -1039,8 +1074,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
instance.getAppSearchImpl().removeByQuery(
packageName,
@@ -1095,8 +1132,10 @@ public class AppSearchManagerService extends SystemService {
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
EXECUTOR.execute(() -> {
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
- verifyCallingPackage(callingUser, callingUid, packageName);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getUserInstance(callingUser);
StorageInfo storageInfo = instance.getAppSearchImpl()
@@ -1112,8 +1151,10 @@ public class AppSearchManagerService extends SystemService {
@Override
public void persistToDisk(
+ @NonNull String packageName,
@NonNull UserHandle userHandle,
@ElapsedRealtimeLong long binderCallStartTimeMillis) {
+ Objects.requireNonNull(packageName);
Objects.requireNonNull(userHandle);
long totalLatencyStartTimeMillis = SystemClock.elapsedRealtime();
@@ -1125,7 +1166,10 @@ public class AppSearchManagerService extends SystemService {
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
instance = mAppSearchUserInstanceManager.getUserInstance(callingUser);
instance.getAppSearchImpl().persistToDisk(PersistType.Code.FULL);
++operationSuccessCount;
@@ -1157,24 +1201,30 @@ public class AppSearchManagerService extends SystemService {
@Override
public void initialize(
+ @NonNull String packageName,
@NonNull UserHandle userHandle,
@ElapsedRealtimeLong long binderCallStartTimeMillis,
@NonNull IAppSearchResultCallback callback) {
+ Objects.requireNonNull(packageName);
Objects.requireNonNull(userHandle);
Objects.requireNonNull(callback);
long totalLatencyStartTimeMillis = SystemClock.elapsedRealtime();
int callingUid = Binder.getCallingUid();
UserHandle callingUser = handleIncomingUser(userHandle, callingUid);
+
EXECUTOR.execute(() -> {
@AppSearchResult.ResultCode int statusCode = AppSearchResult.RESULT_OK;
AppSearchUserInstance instance = null;
int operationSuccessCount = 0;
int operationFailureCount = 0;
try {
+ Context userContext = mContext.createContextAsUser(callingUser, /*flags=*/ 0);
verifyUserUnlocked(callingUser);
+ verifyCallingPackage(userContext, callingUser, callingUid, packageName);
+ verifyNotInstantApp(userContext, packageName);
instance = mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, callingUser, AppSearchConfig.getInstance(EXECUTOR));
+ userContext, callingUser, AppSearchConfig.getInstance(EXECUTOR));
++operationSuccessCount;
invokeCallbackOnResult(callback, AppSearchResult.newSuccessfulResult(null));
} catch (Throwable t) {
@@ -1204,14 +1254,15 @@ public class AppSearchManagerService extends SystemService {
}
private void verifyCallingPackage(
+ @NonNull Context userContext,
@NonNull UserHandle actualCallingUser,
int actualCallingUid,
@NonNull String claimedCallingPackage) {
Objects.requireNonNull(actualCallingUser);
Objects.requireNonNull(claimedCallingPackage);
- int claimedCallingUid = PackageUtil.getPackageUidAsUser(
- mContext, claimedCallingPackage, actualCallingUser);
+ int claimedCallingUid = PackageUtil.getPackageUid(
+ userContext, claimedCallingPackage);
if (claimedCallingUid == INVALID_UID) {
throw new SecurityException(
"Specified calling package [" + claimedCallingPackage + "] not found");
@@ -1317,6 +1368,21 @@ public class AppSearchManagerService extends SystemService {
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL);
}
+ /**
+ * Helper for ensuring instant apps can't make calls to AppSearch.
+ *
+ * @param userContext Context of the user making the call.
+ * @param packageName Package name of the caller.
+ * @throws SecurityException if the caller is an instant app.
+ */
+ private void verifyNotInstantApp(@NonNull Context userContext, @NonNull String packageName) {
+ PackageManager callingPackageManager = userContext.getPackageManager();
+ if (callingPackageManager.isInstantApp(packageName)) {
+ throw new SecurityException("Caller not allowed to create AppSearch session"
+ + "; userHandle=" + userContext.getUser() + ", callingPackage=" + packageName);
+ }
+ }
+
// TODO(b/179160886): Cache the previous storage stats.
private class AppSearchStorageStatsAugmenter implements StorageStatsAugmenter {
@Override
@@ -1331,9 +1397,10 @@ public class AppSearchManagerService extends SystemService {
try {
verifyUserUnlocked(userHandle);
+ Context userContext = mContext.createContextAsUser(userHandle, /*flags=*/ 0);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
+ userContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
stats.dataSize += instance.getAppSearchImpl()
.getStorageInfoForPackage(packageName).getSizeBytes();
} catch (Throwable t) {
@@ -1359,9 +1426,10 @@ public class AppSearchManagerService extends SystemService {
if (packagesForUid == null) {
return;
}
+ Context userContext = mContext.createContextAsUser(userHandle, /*flags=*/ 0);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
+ userContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
for (int i = 0; i < packagesForUid.length; i++) {
stats.dataSize += instance.getAppSearchImpl()
.getStorageInfoForPackage(packagesForUid[i]).getSizeBytes();
@@ -1387,9 +1455,10 @@ public class AppSearchManagerService extends SystemService {
if (packagesForUser == null) {
return;
}
+ Context userContext = mContext.createContextAsUser(userHandle, /*flags=*/ 0);
AppSearchUserInstance instance =
mAppSearchUserInstanceManager.getOrCreateUserInstance(
- mContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
+ userContext, userHandle, AppSearchConfig.getInstance(EXECUTOR));
for (int i = 0; i < packagesForUser.size(); i++) {
String packageName = packagesForUser.get(i).packageName;
stats.dataSize += instance.getAppSearchImpl()
diff --git a/apex/appsearch/service/java/com/android/server/appsearch/AppSearchUserInstanceManager.java b/apex/appsearch/service/java/com/android/server/appsearch/AppSearchUserInstanceManager.java
index 1d935cfc13d3..e067d4bcdf72 100644
--- a/apex/appsearch/service/java/com/android/server/appsearch/AppSearchUserInstanceManager.java
+++ b/apex/appsearch/service/java/com/android/server/appsearch/AppSearchUserInstanceManager.java
@@ -89,25 +89,24 @@ public final class AppSearchUserInstanceManager {
* <p>If no AppSearchUserInstance exists for the unlocked user, Icing will be initialized and
* one will be created.
*
- * @param context The context
+ * @param userContext Context of the user calling AppSearch
* @param userHandle The multi-user handle of the device user calling AppSearch
* @param config Flag manager for AppSearch
* @return An initialized {@link AppSearchUserInstance} for this user
*/
@NonNull
public AppSearchUserInstance getOrCreateUserInstance(
- @NonNull Context context,
+ @NonNull Context userContext,
@NonNull UserHandle userHandle,
@NonNull AppSearchConfig config)
throws AppSearchException {
- Objects.requireNonNull(context);
+ Objects.requireNonNull(userContext);
Objects.requireNonNull(userHandle);
Objects.requireNonNull(config);
synchronized (mInstancesLocked) {
AppSearchUserInstance instance = mInstancesLocked.get(userHandle);
if (instance == null) {
- Context userContext = context.createContextAsUser(userHandle, /*flags=*/ 0);
instance = createUserInstance(userContext, userHandle, config);
mInstancesLocked.put(userHandle, instance);
}
@@ -169,7 +168,7 @@ public final class AppSearchUserInstanceManager {
InitializeStats.Builder initStatsBuilder = new InitializeStats.Builder();
// Initialize the classes that make up AppSearchUserInstance
- PlatformLogger logger = new PlatformLogger(userContext, userHandle, config);
+ PlatformLogger logger = new PlatformLogger(userContext, config);
File appSearchDir = getAppSearchDir(userHandle);
File icingDir = new File(appSearchDir, "icing");
diff --git a/apex/appsearch/service/java/com/android/server/appsearch/stats/PlatformLogger.java b/apex/appsearch/service/java/com/android/server/appsearch/stats/PlatformLogger.java
index 31fead5e6314..322bd119b604 100644
--- a/apex/appsearch/service/java/com/android/server/appsearch/stats/PlatformLogger.java
+++ b/apex/appsearch/service/java/com/android/server/appsearch/stats/PlatformLogger.java
@@ -22,7 +22,6 @@ import android.app.appsearch.exceptions.AppSearchException;
import android.content.Context;
import android.os.Process;
import android.os.SystemClock;
-import android.os.UserHandle;
import android.util.ArrayMap;
import android.util.Log;
import android.util.SparseIntArray;
@@ -55,11 +54,8 @@ import java.util.Random;
public final class PlatformLogger implements AppSearchLogger {
private static final String TAG = "AppSearchPlatformLogger";
- // Context of the system service.
- private final Context mContext;
-
- // User we're logging for.
- private final UserHandle mUserHandle;
+ // Context of the user we're logging for.
+ private final Context mUserContext;
// Manager holding the configuration flags
private final AppSearchConfig mConfig;
@@ -120,10 +116,9 @@ public final class PlatformLogger implements AppSearchLogger {
* Westworld constructor
*/
public PlatformLogger(
- @NonNull Context context, @NonNull UserHandle userHandle,
+ @NonNull Context userContext,
@NonNull AppSearchConfig config) {
- mContext = Objects.requireNonNull(context);
- mUserHandle = Objects.requireNonNull(userHandle);
+ mUserContext = Objects.requireNonNull(userContext);
mConfig = Objects.requireNonNull(config);
}
@@ -451,7 +446,7 @@ public final class PlatformLogger implements AppSearchLogger {
private int getPackageUidAsUserLocked(@NonNull String packageName) {
Integer packageUid = mPackageUidCacheLocked.get(packageName);
if (packageUid == null) {
- packageUid = PackageUtil.getPackageUidAsUser(mContext, packageName, mUserHandle);
+ packageUid = PackageUtil.getPackageUid(mUserContext, packageName);
if (packageUid != Process.INVALID_UID) {
mPackageUidCacheLocked.put(packageName, packageUid);
}
diff --git a/apex/appsearch/service/java/com/android/server/appsearch/util/PackageUtil.java b/apex/appsearch/service/java/com/android/server/appsearch/util/PackageUtil.java
index 53a1bedb780b..714ffb6c8b68 100644
--- a/apex/appsearch/service/java/com/android/server/appsearch/util/PackageUtil.java
+++ b/apex/appsearch/service/java/com/android/server/appsearch/util/PackageUtil.java
@@ -20,7 +20,6 @@ import android.annotation.NonNull;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Process;
-import android.os.UserHandle;
/**
* Utilities for interacting with {@link android.content.pm.PackageManager},
@@ -32,16 +31,6 @@ public class PackageUtil {
private PackageUtil() {}
/**
- * Finds the UID of the {@code packageName}. Returns {@link Process#INVALID_UID} if unable to
- * find the UID.
- */
- public static int getPackageUidAsUser(
- @NonNull Context context, @NonNull String packageName, @NonNull UserHandle user) {
- Context userContext = context.createContextAsUser(user, /*flags=*/ 0);
- return getPackageUid(userContext, packageName);
- }
-
- /**
* Finds the UID of the {@code packageName} in the given {@code context}. Returns
* {@link Process#INVALID_UID} if unable to find the UID.
*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 06:16:02 +0000