Add context UID to package-name-based permission query

The code for caching permission queries incorrectly used the UID of the calling process instead of the Context UID when asking PermissionManagerService whether a package (identified by name) has a permission. As a result, permission checks produced incorrect results for certain cross-user scenarios. This CL makes the checking UID part of the package-name-based permission query. Test: atest com.android.car.VmsPublisherSubscriberTest Bug: 150172373 Bug: 150025558 Bug: 150140220 Change-Id: I903a9e79fbbba97ea987120066817eeea9b01d51
author: Daniel Colascione <dancol@google.com> 2020-02-27 03:30:03 -0800
committer: Daniel Colascione <dancol@google.com> 2020-02-27 12:29:30 +0000
commit: 614105b3731a0e40083655fd15bdf2a9ddc10f35 (patch)
tree: 6fe565c978d8c3be9669e51932be6131c5935f32 /core/java
parent: 9651ab2de415b8438cb892e693f3561beea50d18 (diff)
2 files changed, 17 insertions, 11 deletions
diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index 4f41f8bbfacd..969ea707d434 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -675,7 +675,7 @@ public class ApplicationPackageManager extends PackageManager {
     @Override
     public int checkPermission(String permName, String pkgName) {
         return PermissionManager
-                .checkPackageNamePermission(permName, pkgName);
+                .checkPackageNamePermission(permName, pkgName, getUserId());
     }
 
     @Override
diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java
index 5d6dc7beb30e..0bd211d70e89 100644
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -561,21 +561,24 @@ public final class PermissionManager {
     private static final class PackageNamePermissionQuery {
         final String permName;
         final String pkgName;
+        final int uid;
 
-        PackageNamePermissionQuery(@Nullable String permName, @Nullable String pkgName) {
+        PackageNamePermissionQuery(@Nullable String permName, @Nullable String pkgName, int uid) {
             this.permName = permName;
             this.pkgName = pkgName;
+            this.uid = uid;
         }
 
         @Override
         public String toString() {
-            return String.format("PackageNamePermissionQuery(pkgName=\"%s\", permName=\"%s\")",
-                    pkgName, permName);
+            return String.format(
+                    "PackageNamePermissionQuery(pkgName=\"%s\", permName=\"%s, uid=%s\")",
+                    pkgName, permName, uid);
         }
 
         @Override
         public int hashCode() {
-            return Objects.hashCode(permName) * 13 + Objects.hashCode(pkgName);
+            return Objects.hash(permName, pkgName, uid);
         }
 
         @Override
@@ -590,15 +593,17 @@ public final class PermissionManager {
                 return false;
             }
             return Objects.equals(permName, other.permName)
-                    && Objects.equals(pkgName, other.pkgName);
+                    && Objects.equals(pkgName, other.pkgName)
+                    && uid == other.uid;
         }
     }
 
     /* @hide */
-    private static int checkPackageNamePermissionUncached(String permName, String pkgName) {
+    private static int checkPackageNamePermissionUncached(
+            String permName, String pkgName, int uid) {
         try {
             return ActivityThread.getPermissionManager().checkPermission(
-                    permName, pkgName, UserHandle.myUserId());
+                    permName, pkgName, uid);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
@@ -611,7 +616,8 @@ public final class PermissionManager {
                     16, CACHE_KEY_PACKAGE_INFO) {
                 @Override
                 protected Integer recompute(PackageNamePermissionQuery query) {
-                    return checkPackageNamePermissionUncached(query.permName, query.pkgName);
+                    return checkPackageNamePermissionUncached(
+                            query.permName, query.pkgName, query.uid);
                 }
             };
 
@@ -620,9 +626,9 @@ public final class PermissionManager {
      *
      * @hide
      */
-    public static int checkPackageNamePermission(String permName, String pkgName) {
+    public static int checkPackageNamePermission(String permName, String pkgName, int uid) {
         return sPackageNamePermissionCache.query(
-                new PackageNamePermissionQuery(permName, pkgName));
+                new PackageNamePermissionQuery(permName, pkgName, uid));
     }
 
     /**
author	Daniel Colascione <dancol@google.com>	2020-02-27 03:30:03 -0800
committer	Daniel Colascione <dancol@google.com>	2020-02-27 12:29:30 +0000
commit	614105b3731a0e40083655fd15bdf2a9ddc10f35 (patch)
tree	6fe565c978d8c3be9669e51932be6131c5935f32 /core/java
parent	9651ab2de415b8438cb892e693f3561beea50d18 (diff)