pm: Apps with shared UID must also share selinux domain

There are two existing cases where apps that share a sharedUserId
potentially end up in separate SELinux domains.

1. An app installed in /system/priv-app runs in the priv_app domain.
   An app installed on the /data partition which shares a
   sharedUserId with that priv_app would run in the untrusted_app
   domain (e.g. GTS b/72235911). This issue has existed since
   Android N.
2. The untrusted_app domain may now deprecate permissions based on
   targetSdkVersion, so apps with sharedUserId may have different
   permissions based on which targetSdkVersion they use. This issue
   has existed since Android O, but is particularly problematic for
   feature "Deprecate world accessible app data" which puts every app
   targeting P+ into its own selinux domain.

This change fixes #1 and adds a temporary workaround to prevent #2.

Test: cts-tradefed run cts -m CtsSelinuxTargetSdkCurrentTestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk27TestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk25TestCases
Bug: 72290969
Change-Id: I211de05ad6f10b69e3e082cfe977f2dd43d90549
2 files changed