Fix security vulnerability in DPMS#isProvisioningAllowed
isProvisioningAllowed was calling packageManager#getPackageUidAsUser for the provided packageName to compare against the callerUid, this call throws a NameNotFoundException if the package isn't installed. This allows the caller to identify if an package is installed or not without holding the QUERY_ALL_PACKAGES permission. This is now changed to call packageManager#getPackagesForUid for the calling uid and comparing it against the provided packageName. If an uninstalled package is provided, it will now fail with a general error message "Caller uid doesn't match the one for the provided package." Test: Confirmed that the PoC app can no longer query which packages are installed Test: atest com.android.cts.devicepolicy.CustomManagedProfileTest#testIsProvisioningAllowed Bug: 184525395 Change-Id: I13135d941f4944b4313ab2a2b20f1af30a5880a5
Loading
Please register or sign in to comment