Tweaks

- 20.0: pick fixes for the deny usb toggle - 20.0: pull in a patch from GrapheneOS removing a package list leak Signed-off-by: Tad <tad@spotco.us>
2025-07-24 15:15:26 -04:00 · 2022-11-07 19:18:13 -05:00 · 2022-11-07 19:18:13 -05:00 · 807a08210a
commit 807a08210a
parent ac3dc319c7
6 changed files with 63 additions and 4 deletions
--- a/Patches/LineageOS-20.0/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch
@ -0,0 +1,52 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Sat, 5 Nov 2022 12:54:52 +0200
+Subject: [PATCH] don't leak device-wide package list to apps when work profile
+ is present
+
+If the primary user had a work profile, then apps installed in primary user could see packages that
+were installed only in secondary user(s). They couldn't see which secondary user had which apps,
+only presence of such packages was revealed.
+
+This special handling of MATCH_UNINSTALLED_PACKAGES flag was added in October 2016 for compatibility
+with legacy launchers. It is not needed anymore, at least for popular third party launchers.
+
+Note that apps in owner user can still see apps in work profile of owner user, it's part of a public
+API. Also, apps that are not installed in primary user are visible in Settings -> Apps, with
+"Not installed for this user" subtitle.
+
+See commit 0d1fd8d09163566d2c7eb72037f63b6404ada642 and issue report
+https://github.com/GrapheneOS/os-issue-tracker/issues/1634 for more details.
+---
+ .../java/com/android/server/pm/ComputerEngine.java   | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
+index 259ca655d2b9..1845d7b1cbcf 100644
+--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
+@@ -2845,24 +2845,12 @@ public class ComputerEngine implements Computer {
+      * Update given flags when being used to request {@link PackageInfo}.
+      */
+     public final long updateFlagsForPackage(long flags, int userId) {
+-        final boolean isCallerSystemUser = UserHandle.getCallingUserId()
+-                == UserHandle.USER_SYSTEM;
+         if ((flags & PackageManager.MATCH_ANY_USER) != 0) {
+             // require the permission to be held; the calling uid and given user id referring
+             // to the same user is not sufficient
+             enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false,
+                     !isRecentsAccessingChildProfiles(Binder.getCallingUid(), userId),
+                     "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission");
+-        } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0
+-                && isCallerSystemUser
+-                && mUserManager.hasProfile(UserHandle.USER_SYSTEM)) {
+-            // If the caller wants all packages and has a profile associated with it,
+-            // then match all users. This is to make sure that launchers that need to access
+-            //work
+-            // profile apps don't start breaking. TODO: Remove this hack when launchers stop
+-            //using
+-            // MATCH_UNINSTALLED_PACKAGES to query apps in other profiles. b/31000380
+-            flags |= PackageManager.MATCH_ANY_USER;
+         }
+         return updateFlags(flags, userId);
+     }