Add check to verify package belongs to caller

To fix security vulnerability mentioned in bug b/192587406, Add check to
verify that package that is being queried belongs to the caller.

Bug: 192587406
Test: atest AccessSerialNumberTest
atest DeviceOwnerTest#testDeviceOwnerCanGetDeviceIdentifiers
atest MixedDeviceOwnerTest#testEnrollmentSpecificIdCorrectCalculation
atest MixedProfileOwnerTest#testEnrollmentSpecificIdCorrectCalculation
atest MixedManagedProfileOwnerTest#testEnrollmentSpecificIdCorrectCalculation

Change-Id: I343b847ae3e070201a7ac93ad88ceb2e47e829b2
Merged-In: I343b847ae3e070201a7ac93ad88ceb2e47e829b2
(cherry picked from commit fd5b4bcb54f7fddf12768adaa97b55146b4387ce)
diff --git a/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java b/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java
index 947405e..b276c6f 100644
--- a/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java
+++ b/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java
@@ -19,10 +19,13 @@
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.content.Context;
+import android.content.pm.PackageManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.IDeviceIdentifiersPolicyService;
 import android.os.RemoteException;
 import android.os.SystemProperties;
+import android.os.UserHandle;
 
 import com.android.internal.telephony.TelephonyPermissions;
 import com.android.server.SystemService;
@@ -65,11 +68,31 @@
         @Override
         public @Nullable String getSerialForPackage(String callingPackage,
                 String callingFeatureId) throws RemoteException {
+            if (!checkPackageBelongsToCaller(callingPackage)) {
+                throw new IllegalArgumentException(
+                        "Invalid callingPackage or callingPackage does not belong to caller's uid:"
+                                + Binder.getCallingUid());
+            }
+
             if (!TelephonyPermissions.checkCallingOrSelfReadDeviceIdentifiers(mContext,
                     callingPackage, callingFeatureId, "getSerial")) {
                 return Build.UNKNOWN;
             }
             return SystemProperties.get("ro.serialno", Build.UNKNOWN);
         }
+
+        private boolean checkPackageBelongsToCaller(String callingPackage) {
+            int callingUid = Binder.getCallingUid();
+            int callingUserId = UserHandle.getUserId(callingUid);
+            int callingPackageUid;
+            try {
+                callingPackageUid = mContext.getPackageManager().getPackageUidAsUser(
+                        callingPackage, callingUserId);
+            } catch (PackageManager.NameNotFoundException e) {
+                return false;
+            }
+
+            return callingPackageUid == callingUid;
+        }
     }
 }