Expose isInstantApp() to more callers
Instead of just allowing the instant app itself, also allow anyone
with ACCESS_INSTANT_APP permission or apps that the instant app
has granted access.
Change-Id: I5a79ef9520db908ba9ab56af0157b1646d2d8cc1
Fixes: 34123112
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 116c0a3..73ba299 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -7310,12 +7310,17 @@
return false;
}
- if (!isCallerSameApp(packageName)) {
- return false;
- }
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
- if (ps != null) {
+ final boolean returnAllowed =
+ ps != null
+ && (isCallerSameApp(packageName)
+ || mContext.checkCallingOrSelfPermission(
+ android.Manifest.permission.ACCESS_INSTANT_APPS)
+ == PERMISSION_GRANTED
+ || mInstantAppRegistry.isInstantAccessGranted(
+ userId, UserHandle.getAppId(Binder.getCallingUid()), ps.appId));
+ if (returnAllowed) {
return ps.getInstantApp(userId);
}
}