Merge "Check permission of the calling process" into main
diff --git a/services/core/java/com/android/server/pm/PackageArchiver.java b/services/core/java/com/android/server/pm/PackageArchiver.java
index 1a20c8d..32f5646 100644
--- a/services/core/java/com/android/server/pm/PackageArchiver.java
+++ b/services/core/java/com/android/server/pm/PackageArchiver.java
@@ -195,6 +195,7 @@
Computer snapshot = mPm.snapshotComputer();
int userId = userHandle.getIdentifier();
int binderUid = Binder.getCallingUid();
+ int binderPid = Binder.getCallingPid();
if (!PackageManagerServiceUtils.isSystemOrRootOrShell(binderUid)) {
verifyCaller(snapshot.getPackageUid(callerPackageName, 0, userId), binderUid);
}
@@ -229,7 +230,8 @@
DELETE_ARCHIVE | DELETE_KEEP_DATA,
intentSender,
userId,
- binderUid);
+ binderUid,
+ binderPid);
})
.exceptionally(
e -> {
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index cfafe7c..c6d448d 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -1405,11 +1405,12 @@
flags,
statusReceiver,
userId,
- Binder.getCallingUid());
+ Binder.getCallingUid(),
+ Binder.getCallingPid());
}
void uninstall(VersionedPackage versionedPackage, String callerPackageName, int flags,
- IntentSender statusReceiver, int userId, int callingUid) {
+ IntentSender statusReceiver, int userId, int callingUid, int callingPid) {
final Computer snapshot = mPm.snapshotComputer();
snapshot.enforceCrossUserPermission(callingUid, userId, true, true, "uninstall");
if (!PackageManagerServiceUtils.isRootOrShell(callingUid)) {
@@ -1426,7 +1427,7 @@
final PackageDeleteObserverAdapter adapter = new PackageDeleteObserverAdapter(mContext,
statusReceiver, versionedPackage.getPackageName(),
canSilentlyInstallPackage, userId, mPackageArchiver, flags);
- if (mContext.checkCallingOrSelfPermission(Manifest.permission.DELETE_PACKAGES)
+ if (mContext.checkPermission(Manifest.permission.DELETE_PACKAGES, callingPid, callingUid)
== PackageManager.PERMISSION_GRANTED) {
// Sweet, call straight through!
mPm.deletePackageVersioned(versionedPackage, adapter.getBinder(), userId, flags);
@@ -1446,8 +1447,8 @@
} else {
ApplicationInfo appInfo = snapshot.getApplicationInfo(callerPackageName, 0, userId);
if (appInfo.targetSdkVersion >= Build.VERSION_CODES.P) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.REQUEST_DELETE_PACKAGES,
- null);
+ mContext.enforcePermission(Manifest.permission.REQUEST_DELETE_PACKAGES, callingPid,
+ callingUid, null);
}
// Take a short detour to confirm with user
diff --git a/services/tests/mockingservicestests/src/com/android/server/pm/PackageArchiverTest.java b/services/tests/mockingservicestests/src/com/android/server/pm/PackageArchiverTest.java
index ec7e359..a65ef00 100644
--- a/services/tests/mockingservicestests/src/com/android/server/pm/PackageArchiverTest.java
+++ b/services/tests/mockingservicestests/src/com/android/server/pm/PackageArchiverTest.java
@@ -367,7 +367,7 @@
verify(mInstallerService).uninstall(
eq(new VersionedPackage(PACKAGE, PackageManager.VERSION_CODE_HIGHEST)),
eq(CALLER_PACKAGE), eq(DELETE_ARCHIVE | DELETE_KEEP_DATA), eq(mIntentSender),
- eq(UserHandle.CURRENT.getIdentifier()), anyInt());
+ eq(UserHandle.CURRENT.getIdentifier()), anyInt(), anyInt());
ArchiveState expectedArchiveState = createArchiveState();
ArchiveState actualArchiveState = mPackageSetting.readUserState(
@@ -391,7 +391,7 @@
eq(CALLER_PACKAGE),
eq(DELETE_ARCHIVE | DELETE_KEEP_DATA),
eq(mIntentSender),
- eq(UserHandle.CURRENT.getIdentifier()), anyInt());
+ eq(UserHandle.CURRENT.getIdentifier()), anyInt(), anyInt());
ArchiveState expectedArchiveState = createArchiveState();
ArchiveState actualArchiveState = mPackageSetting.readUserState(