Support privileged apps installed in APEX.

If an APEX contains a priv-app/ directory, and the APEX package itself is located in a partition for which privileged apps are allowed, then the APKs under said directory will be included in the initial scan and made available to the system. Bug: 138429615 Test: Move PermissionController to com.android.permission APEX. Run CtsPermissionTestCases and verify that the 16 failures out of 264 tests, which seem unrelated to PermissionController, happen also on an unpatched build on head. Exempt-From-Owner-Approval: Approved in https://googleplex-android-review.git.corp.google.com/c/platform/frameworks/base/+/9593749 Merged-In: If809db5d0a061c1a55aeb7f830c183fa822adca5 Change-Id: If809db5d0a061c1a55aeb7f830c183fa822adca5
2019-10-22 14:14:00 +01:00
parent 7d038cd0e9
commit 787471af48
2 changed files with 27 additions and 22 deletions
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -756,17 +756,17 @@ public class PackageManagerService extends IPackageManager.Stub
    static final List<SystemPartition> SYSTEM_PARTITIONS = Collections.unmodifiableList(
            Arrays.asList(
                    new SystemPartition(Environment.getRootDirectory(), 0 /* scanFlag */,
-                            true /* hasPriv */, false /* hasOverlays */),
+                            false /* hasOverlays */),
                    new SystemPartition(Environment.getVendorDirectory(), SCAN_AS_VENDOR,
-                            true /* hasPriv */, true /* hasOverlays */),
+                            true /* hasOverlays */),
                    new SystemPartition(Environment.getOdmDirectory(), SCAN_AS_ODM,
-                            true /* hasPriv */, true /* hasOverlays */),
+                            true /* hasOverlays */),
                    new SystemPartition(Environment.getOemDirectory(), SCAN_AS_OEM,
-                            false /* hasPriv */, true /* hasOverlays */),
+                            true /* hasOverlays */),
                    new SystemPartition(Environment.getProductDirectory(), SCAN_AS_PRODUCT,
-                            true /* hasPriv */, true /* hasOverlays */),
+                            true /* hasOverlays */),
                    new SystemPartition(Environment.getSystemExtDirectory(), SCAN_AS_SYSTEM_EXT,
-                            true /* hasPriv */, true /* hasOverlays */)));
+                            true /* hasOverlays */)));

    private final List<SystemPartition> mDirsToScanAsSystem;

@@ -2436,12 +2436,28 @@ public class PackageManagerService extends IPackageManager.Stub
        @Nullable
        public final File overlayFolder;

-        private SystemPartition(File folder, int scanFlag, boolean hasPrivApps,
-                boolean hasOverlays) {
+
+        private static boolean shouldScanPrivApps(@ScanFlags int scanFlags) {
+            if ((scanFlags & SCAN_AS_OEM) != 0) {
+                return false;
+            }
+            if (scanFlags == 0) {  // /system partition
+                return true;
+            }
+            if ((scanFlags
+                    & (SCAN_AS_VENDOR | SCAN_AS_ODM | SCAN_AS_PRODUCT | SCAN_AS_SYSTEM_EXT)) != 0) {
+                return true;
+            }
+            return false;
+        }
+
+        private SystemPartition(File folder, int scanFlag, boolean hasOverlays) {
            this.folder = folder;
            this.scanFlag = scanFlag;
            this.appFolder = toCanonical(new File(folder, "app"));
-            this.privAppFolder = hasPrivApps ? toCanonical(new File(folder, "priv-app")) : null;
+            this.privAppFolder = shouldScanPrivApps(scanFlag)
+                    ? toCanonical(new File(folder, "priv-app"))
+                    : null;
            this.overlayFolder = hasOverlays ? toCanonical(new File(folder, "overlay")) : null;
        }

@@ -18388,17 +18404,6 @@ public class PackageManagerService extends IPackageManager.Stub
        }
    }

-    static boolean locationIsPrivileged(String path) {
-        // TODO(dariofreni): include APEX partitions when they will support priv apps.
-        for (int i = 0, size = SYSTEM_PARTITIONS.size(); i < size; i++) {
-            SystemPartition partition = SYSTEM_PARTITIONS.get(i);
-            if (partition.containsPrivPath(path)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
    private static @Nullable SystemPartition resolveApexToSystemPartition(
            ApexManager.ActiveApexInfo apexInfo) {
        for (int i = 0, size = SYSTEM_PARTITIONS.size(); i < size; i++) {
@@ -18406,7 +18411,7 @@ public class PackageManagerService extends IPackageManager.Stub
            if (apexInfo.preinstalledApexPath.getAbsolutePath().startsWith(
                    sp.folder.getAbsolutePath())) {
                return new SystemPartition(apexInfo.apexDirectory, sp.scanFlag,
-                        false /* hasPriv */, false /* hasOverlays */);
+                        false /* hasOverlays */);
            }
        }
        return null;
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -3506,7 +3506,7 @@ public final class Settings {
        int pkgFlags = 0;
        int pkgPrivateFlags = 0;
        pkgFlags |= ApplicationInfo.FLAG_SYSTEM;
-        if (PackageManagerService.locationIsPrivileged(codePathStr)) {
+        if (codePathStr.contains("/priv-app/")) {
            pkgPrivateFlags |= ApplicationInfo.PRIVATE_FLAG_PRIVILEGED;
        }
        PackageSetting ps = new PackageSetting(name, realName, new File(codePathStr),