Merge "Handle the visibility of sdk sandbox uids" into tm-dev am: 6c0ca16d0b am: 06b7570ffe
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18928730
Change-Id: I3c5694b6ce67dc0270c7d37b2d760459e2d37bd0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 30de9ba..259ca65 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -2686,7 +2686,7 @@
if (Process.isSdkSandboxUid(callingUid)) {
int clientAppUid = Process.getAppUidForSdkSandboxUid(callingUid);
// SDK sandbox should be able to see it's client app
- if (clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {
+ if (ps != null && clientAppUid == UserHandle.getUid(userId, ps.getAppId())) {
return false;
}
}
@@ -2698,7 +2698,7 @@
final boolean callerIsInstantApp = instantAppPkgName != null;
if (ps == null) {
// pretend the application exists, but, needs to be filtered
- return callerIsInstantApp;
+ return callerIsInstantApp || Process.isSdkSandboxUid(callingUid);
}
// if the target and caller are the same application, don't filter
if (isCallerSameApp(ps.getPackageName(), callingUid)) {
@@ -3089,6 +3089,19 @@
}
public boolean filterAppAccess(int uid, int callingUid) {
+ if (Process.isSdkSandboxUid(uid)) {
+ // Sdk sandbox instance should be able to see itself.
+ if (callingUid == uid) {
+ return false;
+ }
+ final int clientAppUid = Process.getAppUidForSdkSandboxUid(uid);
+ // Client app of this sdk sandbox process should be able to see it.
+ if (clientAppUid == uid) {
+ return false;
+ }
+ // Nobody else should be able to see the sdk sandbox process.
+ return true;
+ }
final int userId = UserHandle.getUserId(uid);
final int appId = UserHandle.getAppId(uid);
final Object setting = mSettings.getSettingBase(appId);