From b5f554a25d93cd24588c63efc06c617bc63b87e7 Mon Sep 17 00:00:00 2001 From: Hui Shu Date: Wed, 20 Apr 2016 17:17:44 -0700 Subject: [PATCH] WebView downgrade prevention logic Prevent *any* WebView provider packages to be downgraded lower than MonoChrome Stable on the system image. Assuming that all (and future) WebView provider packages follow the same versionCode scheme, we can compare the subsection of Chromium versionCode that contains branch number, which is done by ignoring the least significant 5 digits. Note this CL is a follow-up to go/ag/895502. BUG: 27469181 Change-Id: Iffe3c4b7f912d48c034f107079e065e54130713f --- core/java/android/webkit/WebViewFactory.java | 2 +- .../webkit/WebViewUpdateServiceImpl.java | 31 ++++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/core/java/android/webkit/WebViewFactory.java b/core/java/android/webkit/WebViewFactory.java index f13cbae520b9e..5db0f1659871b 100644 --- a/core/java/android/webkit/WebViewFactory.java +++ b/core/java/android/webkit/WebViewFactory.java @@ -216,7 +216,7 @@ public final class WebViewFactory { } if (chosen.versionCode > toUse.versionCode) { throw new MissingWebViewPackageException("Failed to verify WebView provider, " - + "version code mismatch, expected: " + chosen.versionCode + + "version code is lower than expected: " + chosen.versionCode + " actual: " + toUse.versionCode); } if (getWebViewLibrary(toUse.applicationInfo) == null) { diff --git a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java index d90d922142c39..91de797cf98c6 100644 --- a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java +++ b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java @@ -535,17 +535,38 @@ public class WebViewUpdateServiceImpl { } } + /** + * Both versionCodes should be from a WebView provider package implemented by Chromium. + * VersionCodes from other kinds of packages won't make any sense in this method. + * + * An introduction to Chromium versionCode scheme: + * "BBBBPPPAX" + * BBBB: 4 digit branch number. It monotonically increases over time. + * PPP: patch number in the branch. It is padded with zeroes to the left. These three digits may + * change their meaning in the future. + * A: architecture digit. + * X: A digit to differentiate APKs for other reasons. + * + * This method takes the "BBBB" of versionCodes and compare them. + * + * @return true if versionCode1 is higher than or equal to versionCode2. + */ + private static boolean versionCodeGE(int versionCode1, int versionCode2) { + int v1 = versionCode1 / 100000; + int v2 = versionCode2 / 100000; + + return v1 >= v2; + } + /** * Returns whether this provider is valid for use as a WebView provider. */ public boolean isValidProvider(WebViewProviderInfo configInfo, PackageInfo packageInfo) { - if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0 - && packageInfo.versionCode < getMinimumVersionCode() + if (!versionCodeGE(packageInfo.versionCode, getMinimumVersionCode()) && !mSystemInterface.systemIsDebuggable()) { - // Non-system package webview providers may be downgraded arbitrarily low, prevent - // that by enforcing minimum version code. This check is only enforced for user - // builds. + // Webview providers may be downgraded arbitrarily low, prevent that by enforcing + // minimum version code. This check is only enforced for user builds. return false; } if (providerHasValidSignature(configInfo, packageInfo, mSystemInterface) &&