Use PM#isSameApp instead of getPackageUidAsUser.
PM#isSameApp provides the same intended functionality as checking
PM#getPackageUidAsUser, but has special case handling for SDK Sandbox
uids which follow a different pattern.
PM#isSameApp uses UserHandle#isSameApp under the hood, which also
already includes logic to ignore the user id part of uids so we
preserve the same MATCH_ANY_USER behavior as the prior version.
Bug: 257047268
Test: atest AccessibilitySecurityPolicyTest
Test: Install SdkSandboxClient test app in work profile,
explore by touch using TalkBack
Change-Id: Icb49d024a7c1ee9dda6f7a57778142e833e55613
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index a3b4a0f..a510d16 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -490,7 +490,7 @@
mMainHandler, context,
new PolicyWarningUIController.NotificationController(context));
mSecurityPolicy = new AccessibilitySecurityPolicy(policyWarningUIController, mContext,
- this);
+ this, LocalServices.getService(PackageManagerInternal.class));
mA11yWindowManager = new AccessibilityWindowManager(mLock, mMainHandler,
mWindowManagerService, this, mSecurityPolicy, this, mTraceManager);
mA11yDisplayListener = new AccessibilityDisplayListener(mContext, mMainHandler);
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
index 8865623..65c1873 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
@@ -29,6 +29,7 @@
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.PackageManager;
+import android.content.pm.PackageManagerInternal;
import android.content.pm.ResolveInfo;
import android.content.pm.ServiceInfo;
import android.content.pm.UserInfo;
@@ -99,6 +100,7 @@
private final Context mContext;
private final PackageManager mPackageManager;
+ private final PackageManagerInternal mPackageManagerInternal;
private final UserManager mUserManager;
private final AppOpsManager mAppOpsManager;
private final AccessibilityUserManager mAccessibilityUserManager;
@@ -116,10 +118,12 @@
*/
public AccessibilitySecurityPolicy(PolicyWarningUIController policyWarningUIController,
@NonNull Context context,
- @NonNull AccessibilityUserManager a11yUserManager) {
+ @NonNull AccessibilityUserManager a11yUserManager,
+ @NonNull PackageManagerInternal packageManagerInternal) {
mContext = context;
mAccessibilityUserManager = a11yUserManager;
mPackageManager = mContext.getPackageManager();
+ mPackageManagerInternal = packageManagerInternal;
mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
mPolicyWarningUIController = policyWarningUIController;
@@ -513,12 +517,7 @@
private boolean isValidPackageForUid(String packageName, int uid) {
final long token = Binder.clearCallingIdentity();
try {
- // Since we treat calls from a profile as if made by its parent, using
- // MATCH_ANY_USER to query the uid of the given package name.
- return uid == mPackageManager.getPackageUidAsUser(
- packageName, PackageManager.MATCH_ANY_USER, UserHandle.getUserId(uid));
- } catch (PackageManager.NameNotFoundException e) {
- return false;
+ return mPackageManagerInternal.isSameApp(packageName, uid, UserHandle.getUserId(uid));
} finally {
Binder.restoreCallingIdentity(token);
}
diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
index eb6670e..8f0d014 100644
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
@@ -146,7 +146,7 @@
@Mock
private PolicyWarningUIController mPolicyWarningUIController;
@Mock
- private PackageManagerInternal mPackageManagerInternal;
+ private PackageManagerInternal mMockPackageManagerInternal;
@Before
public void setUp() {
@@ -158,7 +158,8 @@
R.dimen.accessibility_focus_highlight_stroke_width, 1);
mA11ySecurityPolicy = new AccessibilitySecurityPolicy(
- mPolicyWarningUIController, mContext, mMockA11yUserManager);
+ mPolicyWarningUIController, mContext, mMockA11yUserManager,
+ mMockPackageManagerInternal);
mA11ySecurityPolicy.setSendingNonA11yToolNotificationLocked(true);
mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager);
mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager);
@@ -237,8 +238,8 @@
@Test
public void resolveValidReportedPackage_uidAndPkgNameMatched_returnPkgName()
throws PackageManager.NameNotFoundException {
- when(mMockPackageManager.getPackageUidAsUser(PACKAGE_NAME,
- PackageManager.MATCH_ANY_USER, TEST_USER_ID)).thenReturn(APP_UID);
+ when(mMockPackageManagerInternal.isSameApp(PACKAGE_NAME, APP_UID, TEST_USER_ID))
+ .thenReturn(true);
assertEquals(mA11ySecurityPolicy.resolveValidReportedPackageLocked(
PACKAGE_NAME, APP_UID, TEST_USER_ID, APP_PID),
@@ -257,8 +258,8 @@
when(mMockAppWidgetManager.getHostedWidgetPackages(widgetHostUid))
.thenReturn(widgetPackages);
- when(mMockPackageManager.getPackageUidAsUser(hostPackageName, TEST_USER_ID))
- .thenReturn(widgetHostUid);
+ when(mMockPackageManagerInternal.isSameApp(hostPackageName, widgetHostUid, TEST_USER_ID))
+ .thenReturn(true);
assertEquals(mA11ySecurityPolicy.resolveValidReportedPackageLocked(
widgetPackageName, widgetHostUid, TEST_USER_ID, widgetHostPid),
@@ -272,8 +273,8 @@
final String[] uidPackages = {PACKAGE_NAME, PACKAGE_NAME2};
when(mMockPackageManager.getPackagesForUid(APP_UID))
.thenReturn(uidPackages);
- when(mMockPackageManager.getPackageUidAsUser(invalidPackageName, TEST_USER_ID))
- .thenThrow(PackageManager.NameNotFoundException.class);
+ when(mMockPackageManagerInternal.isSameApp(invalidPackageName, APP_UID, TEST_USER_ID))
+ .thenReturn(false);
when(mMockAppWidgetManager.getHostedWidgetPackages(APP_UID))
.thenReturn(new ArraySet<>());
mContext.getTestablePermissions().setPermission(
@@ -292,8 +293,8 @@
final String[] uidPackages = {PACKAGE_NAME};
when(mMockPackageManager.getPackagesForUid(APP_UID))
.thenReturn(uidPackages);
- when(mMockPackageManager.getPackageUidAsUser(wantedPackageName, TEST_USER_ID))
- .thenReturn(wantedUid);
+ when(mMockPackageManagerInternal.isSameApp(wantedPackageName, wantedUid, TEST_USER_ID))
+ .thenReturn(true);
when(mMockAppWidgetManager.getHostedWidgetPackages(APP_UID))
.thenReturn(new ArraySet<>());
mContext.getTestablePermissions().setPermission(
@@ -312,8 +313,8 @@
final String[] uidPackages = {PACKAGE_NAME};
when(mMockPackageManager.getPackagesForUid(APP_UID))
.thenReturn(uidPackages);
- when(mMockPackageManager.getPackageUidAsUser(wantedPackageName, TEST_USER_ID))
- .thenReturn(wantedUid);
+ when(mMockPackageManagerInternal.isSameApp(wantedPackageName, wantedUid, TEST_USER_ID))
+ .thenReturn(true);
when(mMockAppWidgetManager.getHostedWidgetPackages(APP_UID))
.thenReturn(new ArraySet<>());
mContext.getTestablePermissions().setPermission(