Filter non-exported components from activity start
This change filters non-exported components from resolveForStart queries
to avoid permission checks done as part of activity starts. Since these
components are not intended to be used by other apps, we'll hide them
at query time instead of adding complex enforcement at permission check
time.
Bug: 197945962
Test: atest AppEnumerationTests
Change-Id: Ib066a04ac30efa542e4efa62201d0937435e923c
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 132075c..88195fc 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -540,8 +540,13 @@
&& ((!matchInstantApp && !isCallerInstantApp && isTargetInstantApp)
|| (matchVisibleToInstantAppOnly && isCallerInstantApp
&& isTargetHiddenFromInstantApp));
+ final boolean resolveForStartNonExported = resolveForStart
+ && !ai.exported
+ && !isCallerSameApp(pkgName, filterCallingUid);
final boolean blockNormalResolution =
- !resolveForStart && !isTargetInstantApp && !isCallerInstantApp
+ (!resolveForStart || resolveForStartNonExported)
+ && !isTargetInstantApp
+ && !isCallerInstantApp
&& shouldFilterApplication(
getPackageStateInternal(ai.applicationInfo.packageName,
Process.SYSTEM_UID), filterCallingUid, userId);
