Skip to content

Commit

Permalink
don't leak device-wide package list to apps when work profile is present
Browse files Browse the repository at this point in the history
If the primary user had a work profile, then apps installed in primary user could see packages that
were installed only in secondary user(s). They couldn't see which secondary user had which apps,
only presence of such packages was revealed.

This special handling of MATCH_UNINSTALLED_PACKAGES flag was added in October 2016 for compatibility
with legacy launchers. It is not needed anymore, at least for popular third party launchers.

Note that apps in owner user can still see apps in work profile of owner user, it's part of a public
API. Also, apps that are not installed in primary user are visible in Settings -> Apps, with
"Not installed for this user" subtitle.

See commit 0d1fd8d and issue report
GrapheneOS/os-issue-tracker#1634 for more details.
  • Loading branch information
muhomorr authored and sfX-bot committed Sep 18, 2024
1 parent 3953082 commit a990b3a
Showing 1 changed file with 0 additions and 12 deletions.
12 changes: 0 additions & 12 deletions services/core/java/com/android/server/pm/ComputerEngine.java
Original file line number Diff line number Diff line change
Expand Up @@ -2857,24 +2857,12 @@ public final long updateFlagsForComponent(long flags, int userId) {
* Update given flags when being used to request {@link PackageInfo}.
*/
public final long updateFlagsForPackage(long flags, int userId) {
final boolean isCallerSystemUser = UserHandle.getCallingUserId()
== UserHandle.USER_SYSTEM;
if ((flags & PackageManager.MATCH_ANY_USER) != 0) {
// require the permission to be held; the calling uid and given user id referring
// to the same user is not sufficient
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false,
!isRecentsAccessingChildProfiles(Binder.getCallingUid(), userId),
"MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission");
} else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0
&& isCallerSystemUser
&& mUserManager.hasProfile(UserHandle.USER_SYSTEM)) {
// If the caller wants all packages and has a profile associated with it,
// then match all users. This is to make sure that launchers that need to access
//work
// profile apps don't start breaking. TODO: Remove this hack when launchers stop
//using
// MATCH_UNINSTALLED_PACKAGES to query apps in other profiles. b/31000380
flags |= PackageManager.MATCH_ANY_USER;
}
return updateFlags(flags, userId);
}
Expand Down

0 comments on commit a990b3a

Please sign in to comment.