commit 387615bf80422be167161eb0a1c5f24c330860b4
author Jackal Guo <jackalguo@google.com> Wed Nov 03 05:54:32 2021 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Nov 03 05:54:32 2021 +0000
tree 5ff1a0a6e6d6cce0895932b00b62eab18a9242e5
parent 3dddbd210431e551a714ad4c84d47cb9fc755070
parent 66fb9ef96092371a47ebac98c3c673f91aaf39cf

Merge "Revise the checking logic of checkPackage"

services/core/java/com/android/server/appop/AppOpsService.java

diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 587b5d2..4153b11 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -3307,15 +3307,23 @@
         Objects.requireNonNull(packageName);
         try {
             verifyAndGetBypass(uid, packageName, null);
-            if (filterAppAccessUnlocked(packageName)) {
-                return AppOpsManager.MODE_ERRORED;
+            // When the caller is the system, it's possible that the packageName is the special
+            // one (e.g., "root") which isn't actually existed.
+            if (resolveUid(packageName) == uid
+                    || (isPackageExisted(packageName) && !filterAppAccessUnlocked(packageName))) {
+                return AppOpsManager.MODE_ALLOWED;
             }
-            return AppOpsManager.MODE_ALLOWED;
+            return AppOpsManager.MODE_ERRORED;
         } catch (SecurityException ignored) {
             return AppOpsManager.MODE_ERRORED;
         }
     }
 
+    private boolean isPackageExisted(String packageName) {
+        return LocalServices.getService(PackageManagerInternal.class)
+                .getPackageSetting(packageName) != null;
+    }
+
     /**
      * This method will check with PackageManager to determine if the package provided should
      * be visible to the {@link Binder#getCallingUid()}.