Fix priv-app edge case across OTAs

In this case: 1. Privileged system app FOO is overlain by an installed update, 2. FOO was replaced during an OTA, 3. The new in-system FOO introduced new privileged permission requests that had not been requested by the original FOO, 4. the update version of FOO still had a higher version code than the new FOO on the system disk, and 5. the update version of FOO had been requesting these same (newly- added-to-system-apk) permissions all along; then the newly-added privileged permission requests were incorrectly being refused. FOO should be able to use any privileged permission used by the APK sited on the system disk; but instead, it was only being granted the permissions used by the *original* version of FOO, even though the system FOO now attempted to use them. Still with me? The fix is to (a) properly track privileged-install state when processing known-to-be-hidden system packages, and (b) to tie the semantics of the permission grant more explicitly to that evaluated state, rather than using the prior (rather fragile) fixed-up privilege calculation applied to the overlain apk's parse records. Bug 11271490 Change-Id: Id8a45d667e52f3b5d18109e3620d5865f85bb9c9
author: Christopher Tate <ctate@google.com> 2013-10-18 18:11:05 -0700
committer: Christopher Tate <ctate@google.com> 2013-10-18 18:11:05 -0700
commit: 628946a6efd7931fac59b3236b58b53c58c6bf20 (patch)
tree: 40b72cc6743feb05bdec751545e7b3dc8634655c /services
parent: da35dded4d7882567eab913b25a7cf2f456d2543 (diff)
download: frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.zip
frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.tar.gz
frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.tar.bz2
3 files changed, 15 insertions, 5 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index fb6e9ed..95dc373 100755
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -5566,9 +5566,9 @@ public class PackageManagerService extends IPackageManager.Stub {
                         // version of the one on the data partition, but which
                         // granted a new system permission that it didn't have
                         // before.  In this case we do want to allow the app to
-                        // now get the new permission if the new system-partition
-                        // apk is privileged to get it.
-                        if (sysPs.pkg != null && isPrivilegedApp(pkg)) {
+                        // now get the new permission if the ancestral apk is
+                        // privileged to get it.
+                        if (sysPs.pkg != null && sysPs.isPrivileged()) {
                             for (int j=0;
                                     j<sysPs.pkg.requestedPermissions.size(); j++) {
                                 if (perm.equals(
@@ -9370,7 +9370,7 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
     }
 
-    boolean locationIsPrivileged(File path) {
+    static boolean locationIsPrivileged(File path) {
         try {
             final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app")
                     .getCanonicalPath();
diff --git a/services/java/com/android/server/pm/PackageSetting.java b/services/java/com/android/server/pm/PackageSetting.java
index b6f9f5b..b447861 100644
--- a/services/java/com/android/server/pm/PackageSetting.java
+++ b/services/java/com/android/server/pm/PackageSetting.java
@@ -16,6 +16,7 @@
 
 package com.android.server.pm;
 
+import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageParser;
 
 import java.io.File;
@@ -56,4 +57,8 @@ final class PackageSetting extends PackageSettingBase {
     public int[] getGids() {
         return sharedUser != null ? sharedUser.gids : gids;
     }
+
+    public boolean isPrivileged() {
+        return (pkgFlags & ApplicationInfo.FLAG_PRIVILEGED) != 0;
+    }
 }
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 92fc6a4..3b4393a 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -2210,7 +2210,11 @@ final class Settings {
 
         int pkgFlags = 0;
         pkgFlags |= ApplicationInfo.FLAG_SYSTEM;
-        PackageSetting ps = new PackageSetting(name, realName, new File(codePathStr),
+        final File codePathFile = new File(codePathStr);
+        if (PackageManagerService.locationIsPrivileged(codePathFile)) {
+            pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
+        }
+        PackageSetting ps = new PackageSetting(name, realName, codePathFile,
                 new File(resourcePathStr), nativeLibraryPathStr, versionCode, pkgFlags);
         String timeStampStr = parser.getAttributeValue(null, "ft");
         if (timeStampStr != null) {
@@ -2266,6 +2270,7 @@ final class Settings {
                 XmlUtils.skipCurrentTag(parser);
             }
         }
+
         mDisabledSysPackages.put(name, ps);
     }
author	Christopher Tate <ctate@google.com>	2013-10-18 18:11:05 -0700
committer	Christopher Tate <ctate@google.com>	2013-10-18 18:11:05 -0700
commit	628946a6efd7931fac59b3236b58b53c58c6bf20 (patch)
tree	40b72cc6743feb05bdec751545e7b3dc8634655c /services
parent	da35dded4d7882567eab913b25a7cf2f456d2543 (diff)
download	frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.zip frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.tar.gz frameworks_base-628946a6efd7931fac59b3236b58b53c58c6bf20.tar.bz2