Clear calling identity when get package uid.

Previously, the identity was cleared in LaunchingAppsService before
calling into ActivityManagerService. This would allow
ActivityManagerService to call PackageManager#getPackageUid. Since
the calling identity is now associated with the SafeActivityOptions,
this was removed from LaunchingAppsService. As a result, a
SecurityException is encountered, and app shortcuts from managed
profiles no longer work.

This changelist addresses the issue by clearing the calling identity
in ActivityManagerService. This reduced scope still allows the
SafeActivityOptions to be created with the proper uid associated.

Change-Id: Ic32eae5d7b9e4053e4177938a8c2859385d9eeae
Fixes: 72498756
Test: atest CtsShortcutHostTestCases
Test: atest CtsShortcutManagerTestCases

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 5eb5b14..14d8d2e 100644 (file)
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -25381,11 +25381,14 @@ public class ActivityManagerService extends IActivityManager.Stub
             // "= 0" is needed because otherwise catch(RemoteException) would make it look like
             // packageUid may not be initialized.
             int packageUid = 0;
+            final long ident = Binder.clearCallingIdentity();
             try {
                 packageUid = AppGlobals.getPackageManager().getPackageUid(
                         packageName, PackageManager.MATCH_DEBUG_TRIAGED_MISSING, userId);
             } catch (RemoteException e) {
                 // Shouldn't happen.
+            } finally {
+                Binder.restoreCallingIdentity(ident);
             }
 
             synchronized (ActivityManagerService.this) {