Enforce permissions for calls with specified userId

Fix a couple of places where incorrect userIds were being passed in.

Change-Id: I398c676e0488ff7e584be96e96c8b32652134238

Author: Amith Yamasani

core/java/android/app/ApplicationPackageManager.java

@@ -502,19 +502,27 @@ public List<ResolveInfo> queryIntentActivityOptions(
         }
     }
 
+    /**
+     * @hide
+     */
     @Override
-    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags) {
+    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags, int userId) {
         try {
             return mPM.queryIntentReceivers(
                 intent,
                 intent.resolveTypeIfNeeded(mContext.getContentResolver()),
                 flags,
-                UserHandle.myUserId());
+                userId);
         } catch (RemoteException e) {
             throw new RuntimeException("Package manager has died", e);
         }
     }
 
+    @Override
+    public List<ResolveInfo> queryBroadcastReceivers(Intent intent, int flags) {
+        return queryBroadcastReceivers(intent, flags, UserHandle.myUserId());
+    }
+
     @Override
     public ResolveInfo resolveService(Intent intent, int flags) {
         try {

core/java/android/content/pm/PackageManager.java

@@ -1795,6 +1795,26 @@ public abstract List<ResolveInfo> queryIntentActivityOptions(
     public abstract List<ResolveInfo> queryBroadcastReceivers(Intent intent,
             int flags);
 
+    /**
+     * Retrieve all receivers that can handle a broadcast of the given intent, for a specific
+     * user.
+     *
+     * @param intent The desired intent as per resolveActivity().
+     * @param flags Additional option flags.
+     * @param userId The userId of the user being queried.
+     *
+     * @return A List&lt;ResolveInfo&gt; containing one entry for each matching
+     *         Receiver. These are ordered from first to last in priority.  If
+     *         there are no matching receivers, an empty list is returned.
+     *
+     * @see #MATCH_DEFAULT_ONLY
+     * @see #GET_INTENT_FILTERS
+     * @see #GET_RESOLVED_FILTER
+     * @hide
+     */
+    public abstract List<ResolveInfo> queryBroadcastReceivers(Intent intent,
+            int flags, int userId);
+
     /**
      * Determine the best service to handle for a given Intent.
      *

core/java/android/server/search/Searchables.java

@@ -27,6 +27,7 @@
 import android.content.pm.IPackageManager;
 import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
+import android.os.Binder;
 import android.os.Bundle;
 import android.os.RemoteException;
 import android.provider.Settings;
@@ -70,7 +71,7 @@ public class Searchables {
             "com.google.android.providers.enhancedgooglesearch/.Launcher";
 
     // Cache the package manager instance
-    private IPackageManager mPm;
+    final private IPackageManager mPm;
     // User for which this Searchables caches information
     private int mUserId;
 
@@ -81,6 +82,7 @@ public class Searchables {
     public Searchables (Context context, int userId) {
         mContext = context;
         mUserId = userId;
+        mPm = AppGlobals.getPackageManager();
     }
 
     /**
@@ -125,50 +127,50 @@ public SearchableInfo getSearchableInfo(ComponentName activity) {
 
         ActivityInfo ai = null;
         try {
-            ai = mContext.getPackageManager().
-                       getActivityInfo(activity, PackageManager.GET_META_DATA );
-            String refActivityName = null;
+            ai = mPm.getActivityInfo(activity, PackageManager.GET_META_DATA, mUserId);
+        } catch (RemoteException re) {
+            Log.e(LOG_TAG, "Error getting activity info " + re);
+            return null;
+        }
+        String refActivityName = null;
 
-            // First look for activity-specific reference
-            Bundle md = ai.metaData;
+        // First look for activity-specific reference
+        Bundle md = ai.metaData;
+        if (md != null) {
+            refActivityName = md.getString(MD_LABEL_DEFAULT_SEARCHABLE);
+        }
+        // If not found, try for app-wide reference
+        if (refActivityName == null) {
+            md = ai.applicationInfo.metaData;
             if (md != null) {
                 refActivityName = md.getString(MD_LABEL_DEFAULT_SEARCHABLE);
             }
-            // If not found, try for app-wide reference
-            if (refActivityName == null) {
-                md = ai.applicationInfo.metaData;
-                if (md != null) {
-                    refActivityName = md.getString(MD_LABEL_DEFAULT_SEARCHABLE);
-                }
-            }
+        }
 
-            // Irrespective of source, if a reference was found, follow it.
-            if (refActivityName != null)
-            {
-                // This value is deprecated, return null
-                if (refActivityName.equals(MD_SEARCHABLE_SYSTEM_SEARCH)) {
-                    return null;
-                }
-                String pkg = activity.getPackageName();
-                ComponentName referredActivity;
-                if (refActivityName.charAt(0) == '.') {
-                    referredActivity = new ComponentName(pkg, pkg + refActivityName);
-                } else {
-                    referredActivity = new ComponentName(pkg, refActivityName);
-                }
+        // Irrespective of source, if a reference was found, follow it.
+        if (refActivityName != null)
+        {
+            // This value is deprecated, return null
+            if (refActivityName.equals(MD_SEARCHABLE_SYSTEM_SEARCH)) {
+                return null;
+            }
+            String pkg = activity.getPackageName();
+            ComponentName referredActivity;
+            if (refActivityName.charAt(0) == '.') {
+                referredActivity = new ComponentName(pkg, pkg + refActivityName);
+            } else {
+                referredActivity = new ComponentName(pkg, refActivityName);
+            }
 
-                // Now try the referred activity, and if found, cache
-                // it against the original name so we can skip the check
-                synchronized (this) {
-                    result = mSearchablesMap.get(referredActivity);
-                    if (result != null) {
-                        mSearchablesMap.put(activity, result);
-                        return result;
-                    }
+            // Now try the referred activity, and if found, cache
+            // it against the original name so we can skip the check
+            synchronized (this) {
+                result = mSearchablesMap.get(referredActivity);
+                if (result != null) {
+                    mSearchablesMap.put(activity, result);
+                    return result;
                 }
             }
-        } catch (PackageManager.NameNotFoundException e) {
-            // case 3: no metadata
         }
 
         // Step 3.  None found. Return null.
@@ -208,6 +210,7 @@ public void buildSearchableList() {
         // Use intent resolver to generate list of ACTION_SEARCH & ACTION_WEB_SEARCH receivers.
         List<ResolveInfo> searchList;
         final Intent intent = new Intent(Intent.ACTION_SEARCH);
+        
         searchList = queryIntentActivities(intent, PackageManager.GET_META_DATA);
 
         List<ResolveInfo> webSearchInfoList;
@@ -219,6 +222,7 @@ public void buildSearchableList() {
             int search_count = (searchList == null ? 0 : searchList.size());
             int web_search_count = (webSearchInfoList == null ? 0 : webSearchInfoList.size());
             int count = search_count + web_search_count;
+            long token = Binder.clearCallingIdentity();
             for (int ii = 0; ii < count; ii++) {
                 // for each component, try to find metadata
                 ResolveInfo info = (ii < search_count)
@@ -237,6 +241,7 @@ public void buildSearchableList() {
                     }
                 }
             }
+            Binder.restoreCallingIdentity(token);
         }
 
         List<ResolveInfo> newGlobalSearchActivities = findGlobalSearchActivities();
@@ -391,9 +396,6 @@ private ComponentName findWebSearchActivity(ComponentName globalSearchActivity)
     }
 
     private List<ResolveInfo> queryIntentActivities(Intent intent, int flags) {
-        if (mPm == null) {
-            mPm = AppGlobals.getPackageManager();
-        }
         List<ResolveInfo> activities = null;
         try {
             activities =

services/java/com/android/server/AppWidgetServiceImpl.java

@@ -1514,11 +1514,12 @@ void readStateFromFileLocked(FileInputStream stream) {
                         String pkg = parser.getAttributeValue(null, "pkg");
                         String cl = parser.getAttributeValue(null, "cl");
 
-                        final PackageManager packageManager = mContext.getPackageManager();
+                        final IPackageManager packageManager = AppGlobals.getPackageManager();
                         try {
-                            packageManager.getReceiverInfo(new ComponentName(pkg, cl), 0);
-                        } catch (PackageManager.NameNotFoundException e) {
-                            String[] pkgs = packageManager
+                            packageManager.getReceiverInfo(new ComponentName(pkg, cl), 0,
+                                    UserHandle.getCallingUserId());
+                        } catch (RemoteException e) {
+                            String[] pkgs = mContext.getPackageManager()
                                     .currentToCanonicalPackageNames(new String[] { pkg });
                             pkg = pkgs[0];
                         }

services/java/com/android/server/NotificationManagerService.java

@@ -21,6 +21,7 @@
 import static org.xmlpull.v1.XmlPullParser.START_TAG;
 
 import android.app.ActivityManagerNative;
+import android.app.AppGlobals;
 import android.app.IActivityManager;
 import android.app.INotificationManager;
 import android.app.ITransientNotification;
@@ -1313,14 +1314,14 @@ void checkCallerIsSystemOrSameApp(String pkg) {
             return;
         }
         try {
-            ApplicationInfo ai = mContext.getPackageManager().getApplicationInfo(
-                    pkg, 0);
+            ApplicationInfo ai = AppGlobals.getPackageManager().getApplicationInfo(
+                    pkg, 0, UserHandle.getCallingUserId());
             if (!UserHandle.isSameApp(ai.uid, uid)) {
                 throw new SecurityException("Calling uid " + uid + " gave package"
                         + pkg + " which is owned by uid " + ai.uid);
             }
-        } catch (PackageManager.NameNotFoundException e) {
-            throw new SecurityException("Unknown package " + pkg);
+        } catch (RemoteException re) {
+            throw new SecurityException("Unknown package " + pkg + "\n" + re);
         }
     }
 

services/java/com/android/server/am/ActivityManagerService.java

@@ -8193,7 +8193,7 @@ private void appendDropBoxProcessHeaders(ProcessRecord process, String processNa
             for (String pkg : process.pkgList) {
                 sb.append("Package: ").append(pkg);
                 try {
-                    PackageInfo pi = pm.getPackageInfo(pkg, 0, 0);
+                    PackageInfo pi = pm.getPackageInfo(pkg, 0, UserHandle.getCallingUserId());
                     if (pi != null) {
                         sb.append(" v").append(pi.versionCode);
                         if (pi.versionName != null) {