DO NOT MERGE Isolated processes must fail registering BRs.

Broadcast Receivers should not be allowed to be registered by
isolated processes.

Bug: b/263358101
Test: atest SdkSandboxRestrictionsHostTest
(cherry picked from commit 43b8a91)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d752ea5f24ce50f407504ce99f56535d4cece8e2)
Merged-In: I5bb2ee3ce8a447105a18851fdffa5a769cc3fe49
Change-Id: I5bb2ee3ce8a447105a18851fdffa5a769cc3fe49

Author: Mugdha Lakhani

services/core/java/com/android/server/am/ActivityManagerService.java

@@ -13087,12 +13087,17 @@ public Intent registerReceiver(IApplicationThread caller, String callerPackage,
     public Intent registerReceiverWithFeature(IApplicationThread caller, String callerPackage,
             String callerFeatureId, String receiverId, IIntentReceiver receiver,
             IntentFilter filter, String permission, int userId, int flags) {
+        enforceNotIsolatedCaller("registerReceiver");
+
         // Allow Sandbox process to register only unexported receivers.
-        if ((flags & Context.RECEIVER_NOT_EXPORTED) != 0) {
-            enforceNotIsolatedCaller("registerReceiver");
-        } else if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()) {
-            enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");
+        boolean unexported = (flags & Context.RECEIVER_NOT_EXPORTED) != 0;
+        if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()
+                && Process.isSdkSandboxUid(Binder.getCallingUid())
+                && !unexported) {
+            throw new SecurityException("SDK sandbox process not allowed to call "
+                + "registerReceiver");
         }
+
         ArrayList<Intent> stickyIntents = null;
         ProcessRecord callerApp = null;
         final boolean visibleToInstantApps