Enforce the permission and the owner rights earlier
Move the check to the early section of the method to secure the
validity.
Bug: 188219307
Test: atest PackageManagerServiceHibernationTests
Test: atest -p services/core/java/com/android/server/am
Test: atest -p services/core/java/com/android/server/pm
Test: manually using the PoC in the buganizer to ensure the symptom
no longer exists.
Change-Id: I49c456da65cb2befbf5c435e5febcdd9434be684
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index c812fc8..67d10afe 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -23984,6 +23984,13 @@
final int permission = mContext.checkCallingOrSelfPermission(
android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE);
final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED);
+ if (!allowedByPermission
+ && !ArrayUtils.contains(getPackagesForUid(callingUid), packageName)) {
+ throw new SecurityException(
+ "Permission Denial: attempt to change stopped state from pid="
+ + Binder.getCallingPid()
+ + ", uid=" + callingUid + ", package=" + packageName);
+ }
enforceCrossUserPermission(callingUid, userId, true /* requireFullPermission */,
true /* checkShell */, "stop package");
boolean shouldUnhibernate = false;
@@ -23994,8 +24001,7 @@
shouldUnhibernate = true;
}
if (!shouldFilterApplicationLocked(ps, callingUid, userId)
- && mSettings.setPackageStoppedStateLPw(this, packageName, stopped,
- allowedByPermission, callingUid, userId)) {
+ && mSettings.setPackageStoppedStateLPw(this, packageName, stopped, userId)) {
scheduleWritePackageRestrictionsLocked(userId);
}
}
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 4bc87a2..41a4fe1 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -4185,18 +4185,11 @@
}
boolean setPackageStoppedStateLPw(PackageManagerService pm, String packageName,
- boolean stopped, boolean allowedByPermission, int uid, int userId) {
- int appId = UserHandle.getAppId(uid);
+ boolean stopped, int userId) {
final PackageSetting pkgSetting = mPackages.get(packageName);
if (pkgSetting == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
- if (!allowedByPermission && (appId != pkgSetting.appId)) {
- throw new SecurityException(
- "Permission Denial: attempt to change stopped state from pid="
- + Binder.getCallingPid()
- + ", uid=" + uid + ", package uid=" + pkgSetting.appId);
- }
if (DEBUG_STOPPED) {
if (stopped) {
RuntimeException e = new RuntimeException("here");