Fix isAutoRevokeWhitelisted vulnerability

Apps should not be allowed to programatically check whether a given
package is installed on the current device.

But, currently, isAutoRevokeWhitelisted allows app to do so by invoking
isAutoRevokeWhitelisted for a package name, then checking for an error:

- if NullPointerException is thrown, the package does not exist, or
- if SecurityException is thrown, the package exists.

The NullPointerException occurs in PermissionManagerService on the line:

    final int packageUid = UserHandle.getUid(userId, pkg.getUid());
                                                      ^ null

The solution is to:

- avoid a NullPointerException by moving the above line of code down
  below where we've already null-checked 'pkg' (checkAutoRevokeAccess),
- return false when the target app doesn't exist, and
- return false when the calling app doesn't have permission to access
  the target app (via filterAppAccess).

Bug: 186404493
Test: manual
Change-Id: Ibae43d92b8eee24a0e56f08c878a7fe793833287

0 files changed, 0 insertions, 0 deletions