Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes Iea24e5a1,If71385bc into oc-dev

Browse Source 
* changes:
  expand who can uninstall an instant app
  Final changes to protect the API surface
This commit is contained in:
TreeHugger Robot
2017-06-08 01:40:03 +00:00
committed by Android (Google) Code Review
parent 03a5b3a509 96a7326d90
commit 3834421c96
1 changed files with 102 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
services/core/java/com/android/server/pm/PackageManagerService.java
View File

@@ -2186,12 +2186,12 @@ public class PackageManagerService extends IPackageManager.Stub
private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId,
String[] grantedPermissions) {
SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null) {
return;
}
PermissionsState permissionsState = sb.getPermissionsState();
PermissionsState permissionsState = ps.getPermissionsState();
final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
| PackageManager.FLAG_PERMISSION_POLICY_FIXED;
@@ -3516,7 +3516,7 @@ public class PackageManagerService extends IPackageManager.Stub
* and {@code 0}</li>
* <li>The calling application has the permission
* {@link android.Manifest.permission#ACCESS_INSTANT_APPS}</li>
* <li>[TODO] The calling application is the default launcher on the
* <li>The calling application is the default launcher on the
* system partition.</li>
* </ol>
*/
@@ -4904,9 +4904,13 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
private void updateSequenceNumberLP(String packageName, int[] userList) {
private void updateSequenceNumberLP(PackageSetting pkgSetting, int[] userList) {
for (int i = userList.length - 1; i >= 0; --i) {
final int userId = userList[i];
// don't add instant app to the list of updates
if (pkgSetting.getInstantApp(userId)) {
continue;
}
SparseArray<String> changedPackages = mChangedPackages.get(userId);
if (changedPackages == null) {
changedPackages = new SparseArray<>();
@@ -4917,12 +4921,12 @@ public class PackageManagerService extends IPackageManager.Stub
sequenceNumbers = new HashMap<>();
mChangedPackagesSequenceNumbers.put(userId, sequenceNumbers);
}
final Integer sequenceNumber = sequenceNumbers.get(packageName);
final Integer sequenceNumber = sequenceNumbers.get(pkgSetting.name);
if (sequenceNumber != null) {
changedPackages.remove(sequenceNumber);
}
changedPackages.put(mChangedPackagesSequenceNumber, packageName);
sequenceNumbers.put(packageName, mChangedPackagesSequenceNumber);
changedPackages.put(mChangedPackagesSequenceNumber, pkgSetting.name);
sequenceNumbers.put(pkgSetting.name, mChangedPackagesSequenceNumber);
}
mChangedPackagesSequenceNumber++;
}
@@ -5364,7 +5368,7 @@ public class PackageManagerService extends IPackageManager.Stub
"grantRuntimePermission");
final int uid;
final SettingBase sb;
final PackageSetting ps;
synchronized (mPackages) {
final PackageParser.Package pkg = mPackages.get(packageName);
@@ -5375,12 +5379,9 @@ public class PackageManagerService extends IPackageManager.Stub
if (bp == null) {
throw new IllegalArgumentException("Unknown permission: " + name);
}
sb = (SettingBase) pkg.mExtras;
if (sb == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
if (sb instanceof PackageSetting
&& filterAppAccessLPr((PackageSetting) sb, callingUid, userId)) {
ps = (PackageSetting) pkg.mExtras;
if (ps == null
|| filterAppAccessLPr(ps, callingUid, userId)) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
@@ -5398,7 +5399,7 @@ public class PackageManagerService extends IPackageManager.Stub
uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
final PermissionsState permissionsState = sb.getPermissionsState();
final PermissionsState permissionsState = ps.getPermissionsState();
final int flags = permissionsState.getPermissionFlags(name, userId);
if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
@@ -5420,7 +5421,6 @@ public class PackageManagerService extends IPackageManager.Stub
return;
}
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (ps.getInstantApp(userId) && !bp.isInstant()) {
throw new SecurityException("Cannot grant non-ephemeral permission"
+ name + " for package " + packageName);
@@ -5504,7 +5504,11 @@ public class PackageManagerService extends IPackageManager.Stub
if (pkg == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null
|| filterAppAccessLPr(ps, Binder.getCallingUid(), userId)) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final BasePermission bp = mSettings.mPermissions.get(name);
if (bp == null) {
throw new IllegalArgumentException("Unknown permission: " + name);
@@ -5522,12 +5526,7 @@ public class PackageManagerService extends IPackageManager.Stub
return;
}
SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final PermissionsState permissionsState = sb.getPermissionsState();
final PermissionsState permissionsState = ps.getPermissionsState();
final int flags = permissionsState.getPermissionFlags(name, userId);
if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
@@ -5680,15 +5679,12 @@ public class PackageManagerService extends IPackageManager.Stub
if (bp == null) {
return 0;
}
final SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
final PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null
|| filterAppAccessLPr(ps, callingUid, userId)) {
return 0;
}
if (sb instanceof PackageSetting
&& filterAppAccessLPr((PackageSetting) sb, callingUid, userId)) {
return 0;
}
PermissionsState permissionsState = sb.getPermissionsState();
PermissionsState permissionsState = ps.getPermissionsState();
return permissionsState.getPermissionFlags(name, userId);
}
}
@@ -5702,7 +5698,8 @@ public class PackageManagerService extends IPackageManager.Stub
enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags");
enforceCrossUserPermission(Binder.getCallingUid(), userId,
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId,
true /* requireFullPermission */, true /* checkShell */,
"updatePermissionFlags");
@@ -5720,18 +5717,18 @@ public class PackageManagerService extends IPackageManager.Stub
if (pkg == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null
|| filterAppAccessLPr(ps, callingUid, userId)) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final BasePermission bp = mSettings.mPermissions.get(name);
if (bp == null) {
throw new IllegalArgumentException("Unknown permission: " + name);
}
SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
PermissionsState permissionsState = sb.getPermissionsState();
PermissionsState permissionsState = ps.getPermissionsState();
boolean hadState = permissionsState.getRuntimePermissionState(name, userId) != null;
@@ -5775,11 +5772,11 @@ public class PackageManagerService extends IPackageManager.Stub
final int packageCount = mPackages.size();
for (int pkgIndex = 0; pkgIndex < packageCount; pkgIndex++) {
final PackageParser.Package pkg = mPackages.valueAt(pkgIndex);
SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
final PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null) {
continue;
}
PermissionsState permissionsState = sb.getPermissionsState();
PermissionsState permissionsState = ps.getPermissionsState();
changed |= permissionsState.updatePermissionFlagsForAllPermissions(
userId, flagMask, flagValues);
}
@@ -9573,6 +9570,8 @@ public class PackageManagerService extends IPackageManager.Stub
public void reconcileSecondaryDexFiles(String packageName) {
if (getInstantAppPackageName(Binder.getCallingUid()) != null) {
return;
} else if (isInstantApp(packageName, UserHandle.getCallingUserId())) {
return;
}
mDexManager.reconcileSecondaryDexFiles(packageName);
}
@@ -14350,8 +14349,8 @@ public class PackageManagerService extends IPackageManager.Stub
int userId) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
PackageSetting pkgSetting;
final int uid = Binder.getCallingUid();
enforceCrossUserPermission(uid, userId,
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId,
true /* requireFullPermission */, true /* checkShell */,
"setApplicationHiddenSetting for user " + userId);
@@ -14370,6 +14369,9 @@ public class PackageManagerService extends IPackageManager.Stub
if (pkgSetting == null) {
return false;
}
if (filterAppAccessLPr(pkgSetting, callingUid, userId)) {
return false;
}
// Do not allow "android" is being disabled
if ("android".equals(packageName)) {
Slog.w(TAG, "Cannot hide package: android");
@@ -14386,7 +14388,7 @@ public class PackageManagerService extends IPackageManager.Stub
return false;
}
// Only allow protected packages to hide themselves.
if (hidden && !UserHandle.isSameApp(uid, pkgSetting.appId)
if (hidden && !UserHandle.isSameApp(callingUid, pkgSetting.appId)
&& mProtectedPackages.isPackageStateProtected(userId, packageName)) {
Slog.w(TAG, "Not hiding protected package: " + packageName);
return false;
@@ -14503,6 +14505,20 @@ public class PackageManagerService extends IPackageManager.Stub
if (pkgSetting == null) {
return PackageManager.INSTALL_FAILED_INVALID_URI;
}
if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
// only allow the existing package to be used if it's installed as a full
// application for at least one user
boolean installAllowed = false;
for (int checkUserId : sUserManager.getUserIds()) {
installAllowed = !pkgSetting.getInstantApp(checkUserId);
if (installAllowed) {
break;
}
}
if (!installAllowed) {
return PackageManager.INSTALL_FAILED_INVALID_URI;
}
}
if (!pkgSetting.getInstalled(userId)) {
pkgSetting.setInstalled(true, userId);
pkgSetting.setHidden(false, userId);
@@ -14526,7 +14542,7 @@ public class PackageManagerService extends IPackageManager.Stub
}
sendPackageAddedForUser(packageName, pkgSetting, userId);
synchronized (mPackages) {
updateSequenceNumberLP(packageName, new int[]{ userId });
updateSequenceNumberLP(pkgSetting, new int[]{ userId });
}
}
} finally {
@@ -14572,7 +14588,8 @@ public class PackageManagerService extends IPackageManager.Stub
public String[] setPackagesSuspendedAsUser(String[] packageNames, boolean suspended,
int userId) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
enforceCrossUserPermission(Binder.getCallingUid(), userId,
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId,
true /* requireFullPermission */, true /* checkShell */,
"setPackagesSuspended for user " + userId);
@@ -14593,7 +14610,8 @@ public class PackageManagerService extends IPackageManager.Stub
final int appId;
synchronized (mPackages) {
final PackageSetting pkgSetting = mSettings.mPackages.get(packageName);
if (pkgSetting == null) {
if (pkgSetting == null
|| filterAppAccessLPr(pkgSetting, callingUid, userId)) {
Slog.w(TAG, "Could not find package setting for package \"" + packageName
+ "\". Skipping suspending/un-suspending.");
unactionedPackages.add(packageName);
@@ -15003,6 +15021,10 @@ public class PackageManagerService extends IPackageManager.Stub
boolean result = false;
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (filterAppAccessLPr(ps, Binder.getCallingUid(), UserHandle.getCallingUserId())) {
return false;
}
result = mSettings.updateIntentFilterVerificationStatusLPw(packageName, status, userId);
}
if (result) {
@@ -15103,7 +15125,9 @@ public class PackageManagerService extends IPackageManager.Stub
// writer
synchronized (mPackages) {
PackageSetting targetPackageSetting = mSettings.mPackages.get(targetPackage);
if (targetPackageSetting == null) {
if (targetPackageSetting == null
|| filterAppAccessLPr(
targetPackageSetting, callingUid, UserHandle.getUserId(callingUid))) {
throw new IllegalArgumentException("Unknown target package: " + targetPackage);
}
@@ -15184,7 +15208,9 @@ public class PackageManagerService extends IPackageManager.Stub
if (ps == null) {
throw new IllegalArgumentException("Unknown target package " + packageName);
}
if (filterAppAccessLPr(ps, Binder.getCallingUid(), UserHandle.getCallingUserId())) {
throw new IllegalArgumentException("Unknown target package " + packageName);
}
if (!Objects.equals(callerPackageName, ps.installerPackageName)) {
throw new IllegalArgumentException("Calling package " + callerPackageName
+ " is not installer for " + packageName);
@@ -18205,7 +18231,7 @@ public class PackageManagerService extends IPackageManager.Stub
}
if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) {
updateSequenceNumberLP(pkgName, res.newUsers);
updateSequenceNumberLP(ps, res.newUsers);
updateInstantAppInstallerLocked(pkgName);
}
}
@@ -18431,8 +18457,7 @@ public class PackageManagerService extends IPackageManager.Stub
final int callingUid = Binder.getCallingUid();
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.DELETE_PACKAGES, null);
final int hasAccessInstantApps = mContext.checkCallingOrSelfPermission(
android.Manifest.permission.ACCESS_INSTANT_APPS);
final boolean canViewInstantApps = canViewInstantApps(callingUid, userId);
Preconditions.checkNotNull(versionedPackage);
Preconditions.checkNotNull(observer);
Preconditions.checkArgumentInRange(versionedPackage.getVersionCode(),
@@ -18503,7 +18528,7 @@ public class PackageManagerService extends IPackageManager.Stub
final boolean targetIsInstantApp =
ps.getInstantApp(UserHandle.getUserId(callingUid));
doDeletePackage = !targetIsInstantApp
|| hasAccessInstantApps == PackageManager.PERMISSION_GRANTED;
|| canViewInstantApps;
}
if (doDeletePackage) {
if (!deleteAllUsers) {
@@ -18806,7 +18831,7 @@ public class PackageManagerService extends IPackageManager.Stub
if (pkg != null) {
mInstantAppRegistry.onPackageUninstalledLPw(pkg, info.removedUsers);
}
updateSequenceNumberLP(packageName, info.removedUsers);
updateSequenceNumberLP(uninstalledPs, info.removedUsers);
updateInstantAppInstallerLocked(packageName);
}
}
@@ -21162,7 +21187,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
// Limit who can change which apps
if (!UserHandle.isSameApp(callingUid, pkgSetting.appId)) {
// Don't allow apps that don't have permission to modify other apps
if (!allowedByPermission) {
if (!allowedByPermission
|| filterAppAccessLPr(pkgSetting, callingUid, userId)) {
throw new SecurityException(
"Attempt to change component state; "
+ "pid=" + Binder.getCallingPid()
@@ -21249,7 +21275,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
}
}
scheduleWritePackageRestrictionsLocked(userId);
updateSequenceNumberLP(packageName, new int[] { userId });
updateSequenceNumberLP(pkgSetting, new int[] { userId });
final long callingId = Binder.clearCallingIdentity();
try {
updateInstantAppInstallerLocked(packageName);
@@ -21346,8 +21372,10 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
true /* requireFullPermission */, true /* checkShell */, "stop package");
// writer
synchronized (mPackages) {
if (mSettings.setPackageStoppedStateLPw(this, packageName, stopped,
allowedByPermission, callingUid, userId)) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (!filterAppAccessLPr(ps, callingUid, userId)
&& mSettings.setPackageStoppedStateLPw(this, packageName, stopped,
allowedByPermission, callingUid, userId)) {
scheduleWritePackageRestrictionsLocked(userId);
}
}
@@ -21355,11 +21383,16 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
@Override
public String getInstallerPackageName(String packageName) {
if (getInstantAppPackageName(Binder.getCallingUid()) != null) {
final int callingUid = Binder.getCallingUid();
if (getInstantAppPackageName(callingUid) != null) {
return null;
}
// reader
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (filterAppAccessLPr(ps, callingUid, UserHandle.getUserId(callingUid))) {
return null;
}
return mSettings.getInstallerPackageNameLPr(packageName);
}
}
@@ -24108,7 +24141,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
@Override
public boolean isPackageSignedByKeySet(String packageName, KeySet ks) {
if (getInstantAppPackageName(Binder.getCallingUid()) != null) {
final int callingUid = Binder.getCallingUid();
if (getInstantAppPackageName(callingUid) != null) {
return false;
}
if (packageName == null || ks == null) {
@@ -24116,7 +24150,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
}
synchronized(mPackages) {
final PackageParser.Package pkg = mPackages.get(packageName);
if (pkg == null) {
if (pkg == null
|| filterAppAccessLPr((PackageSetting) pkg.mExtras, callingUid,
UserHandle.getUserId(callingUid))) {
Slog.w(TAG, "KeySet requested for unknown package: " + packageName);
throw new IllegalArgumentException("Unknown package: " + packageName);
}
@@ -24131,7 +24167,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
@Override
public boolean isPackageSignedByKeySetExactly(String packageName, KeySet ks) {
if (getInstantAppPackageName(Binder.getCallingUid()) != null) {
final int callingUid = Binder.getCallingUid();
if (getInstantAppPackageName(callingUid) != null) {
return false;
}
if (packageName == null || ks == null) {
@@ -24139,7 +24176,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
}
synchronized(mPackages) {
final PackageParser.Package pkg = mPackages.get(packageName);
if (pkg == null) {
if (pkg == null
|| filterAppAccessLPr((PackageSetting) pkg.mExtras, callingUid,
UserHandle.getUserId(callingUid))) {
Slog.w(TAG, "KeySet requested for unknown package: " + packageName);
throw new IllegalArgumentException("Unknown package: " + packageName);
}