RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps.

This addresses a security issue where the guest user can remove updates for system apps. With this CL, attempts to uninstall/downgrade system apps will fail if attempted by a non-admin user. This is a backport of ag/17352264. Bug: 170646036 Test: manual, try uninstalling system app update as guest Change-Id: I5bbaaf83d035c500bfc02ff4b9b0e7fb1e7c2feb Merged-In: I4e959e296cca9bbdfc8fccc5e5e0e654ca524165
2022-03-25 10:02:41 +00:00
parent 81f051eff4
commit a7621e0ce0
1 changed files with 10 additions and 0 deletions
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -18690,6 +18690,16 @@ public class PackageManagerService extends IPackageManager.Stub
                return PackageManager.DELETE_FAILED_INTERNAL_ERROR;
            }

+            if (isSystemApp(uninstalledPs)) {
+                UserInfo userInfo = sUserManager.getUserInfo(userId);
+                if (userInfo == null || !userInfo.isAdmin()) {
+                    Slog.w(TAG, "Not removing package " + packageName
+                            + " as only admin user may downgrade system apps");
+                    EventLog.writeEvent(0x534e4554, "170646036", -1, packageName);
+                    return PackageManager.DELETE_FAILED_USER_RESTRICTED;
+                }
+            }
+
            disabledSystemPs = mSettings.getDisabledSystemPkgLPr(packageName);
            // Save the enabled state before we delete the package. When deleting a stub
            // application we always set the enabled state to 'disabled'.