Merge "WebView downgrade prevention logic" into nyc-dev

am: e12d62b

* commit 'e12d62bd79d27f1719ac6db01b1dd53289fe03d4':
  WebView downgrade prevention logic

Change-Id: I9d67d612696078b647eef9ac575da0e47e08eab4

core/java/android/webkit/WebViewFactory.java

@@ -216,7 +216,7 @@ public final class WebViewFactory {
         }
         if (chosen.versionCode > toUse.versionCode) {
             throw new MissingWebViewPackageException("Failed to verify WebView provider, "
-                    + "version code mismatch, expected: " + chosen.versionCode
+                    + "version code is lower than expected: " + chosen.versionCode
                     + " actual: " + toUse.versionCode);
         }
         if (getWebViewLibrary(toUse.applicationInfo) == null) {

services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java

@@ -535,17 +535,38 @@ public class WebViewUpdateServiceImpl {
             }
         }
 
+        /**
+         * Both versionCodes should be from a WebView provider package implemented by Chromium.
+         * VersionCodes from other kinds of packages won't make any sense in this method.
+         *
+         * An introduction to Chromium versionCode scheme:
+         * "BBBBPPPAX"
+         * BBBB: 4 digit branch number. It monotonically increases over time.
+         * PPP: patch number in the branch. It is padded with zeroes to the left. These three digits may
+         * change their meaning in the future.
+         * A: architecture digit.
+         * X: A digit to differentiate APKs for other reasons.
+         *
+         * This method takes the "BBBB" of versionCodes and compare them.
+         *
+         * @return true if versionCode1 is higher than or equal to versionCode2.
+         */
+        private static boolean versionCodeGE(int versionCode1, int versionCode2) {
+            int v1 = versionCode1 / 100000;
+            int v2 = versionCode2 / 100000;
+
+            return v1 >= v2;
+        }
+
         /**
          * Returns whether this provider is valid for use as a WebView provider.
          */
         public boolean isValidProvider(WebViewProviderInfo configInfo,
                 PackageInfo packageInfo) {
-            if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0
-                    && packageInfo.versionCode < getMinimumVersionCode()
+            if (!versionCodeGE(packageInfo.versionCode, getMinimumVersionCode())
                     && !mSystemInterface.systemIsDebuggable()) {
-                // Non-system package webview providers may be downgraded arbitrarily low, prevent
-                // that by enforcing minimum version code. This check is only enforced for user
-                // builds.
+                // Webview providers may be downgraded arbitrarily low, prevent that by enforcing
+                // minimum version code. This check is only enforced for user builds.
                 return false;
             }
             if (providerHasValidSignature(configInfo, packageInfo, mSystemInterface) &&