summaryrefslogtreecommitdiffstats
path: root/services/java/com/android/server/PackageManagerService.java
diff options
context:
space:
mode:
Diffstat (limited to 'services/java/com/android/server/PackageManagerService.java')
-rw-r--r--services/java/com/android/server/PackageManagerService.java78
1 files changed, 58 insertions, 20 deletions
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java
index 3320a53..6ed488d 100644
--- a/services/java/com/android/server/PackageManagerService.java
+++ b/services/java/com/android/server/PackageManagerService.java
@@ -122,6 +122,8 @@ class PackageManagerService extends IPackageManager.Stub {
private static final boolean GET_CERTIFICATES = true;
+ private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled";
+
private static final int REMOVE_EVENTS =
FileObserver.CLOSE_WRITE | FileObserver.DELETE | FileObserver.MOVED_FROM;
private static final int ADD_EVENTS =
@@ -154,6 +156,10 @@ class PackageManagerService extends IPackageManager.Stub {
// This is where all application persistent data goes.
final File mAppDataDir;
+ // If Encrypted File System feature is enabled, all application persistent data
+ // should go here instead.
+ final File mSecureAppDataDir;
+
// This is the object monitoring the framework dir.
final FileObserver mFrameworkInstallObserver;
@@ -416,6 +422,7 @@ class PackageManagerService extends IPackageManager.Stub {
File dataDir = Environment.getDataDirectory();
mAppDataDir = new File(dataDir, "data");
+ mSecureAppDataDir = new File(dataDir, "secure/data");
mDrmAppPrivateInstallDir = new File(dataDir, "app-private");
if (mInstaller == null) {
@@ -425,6 +432,7 @@ class PackageManagerService extends IPackageManager.Stub {
File miscDir = new File(dataDir, "misc");
miscDir.mkdirs();
mAppDataDir.mkdirs();
+ mSecureAppDataDir.mkdirs();
mDrmAppPrivateInstallDir.mkdirs();
}
@@ -567,7 +575,7 @@ class PackageManagerService extends IPackageManager.Stub {
mAppInstallDir.mkdirs(); // scanDirLI() assumes this dir exists
}
//look for any incomplete package installations
- ArrayList<String> deletePkgsList = mSettings.getListOfIncompleteInstallPackages();
+ ArrayList<PackageSetting> deletePkgsList = mSettings.getListOfIncompleteInstallPackages();
//clean up list
for(int i = 0; i < deletePkgsList.size(); i++) {
//clean up here
@@ -622,20 +630,20 @@ class PackageManagerService extends IPackageManager.Stub {
}
}
- void cleanupInstallFailedPackage(String packageName) {
+ void cleanupInstallFailedPackage(PackageSetting pkgSettings) {
if (mInstaller != null) {
- int retCode = mInstaller.remove(packageName);
+ boolean useSecureFS = useEncryptedFilesystemForPackage(pkgSettings.pkg);
+ int retCode = mInstaller.remove(pkgSettings.name, useSecureFS);
if (retCode < 0) {
Log.w(TAG, "Couldn't remove app data directory for package: "
- + packageName + ", retcode=" + retCode);
+ + pkgSettings.name + ", retcode=" + retCode);
}
} else {
//for emulator
- PackageParser.Package pkg = mPackages.get(packageName);
- File dataDir = new File(pkg.applicationInfo.dataDir);
+ File dataDir = new File(pkgSettings.pkg.applicationInfo.dataDir);
dataDir.delete();
}
- mSettings.removePackageLP(packageName);
+ mSettings.removePackageLP(pkgSettings.name);
}
void readPermissions() {
@@ -2150,6 +2158,11 @@ class PackageManagerService extends IPackageManager.Stub {
return performed ? DEX_OPT_PERFORMED : DEX_OPT_SKIPPED;
}
+ private static boolean useEncryptedFilesystemForPackage(PackageParser.Package pkg) {
+ return Environment.isEncryptedFilesystemEnabled() &&
+ ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_NEVER_ENCRYPT) == 0);
+ }
+
private PackageParser.Package scanPackageLI(
File scanFile, File destCodeFile, File destResourceFile,
PackageParser.Package pkg, int parseFlags, int scanMode) {
@@ -2358,8 +2371,9 @@ class PackageManagerService extends IPackageManager.Stub {
}
if (removeExisting) {
+ boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg);
if (mInstaller != null) {
- int ret = mInstaller.remove(pkgName);
+ int ret = mInstaller.remove(pkgName, useEncryptedFSDir);
if (ret != 0) {
String msg = "System package " + pkg.packageName
+ " could not have data directory erased after signature change.";
@@ -2389,7 +2403,12 @@ class PackageManagerService extends IPackageManager.Stub {
pkg.applicationInfo.dataDir = dataPath.getPath();
} else {
// This is a normal package, need to make its data directory.
- dataPath = new File(mAppDataDir, pkgName);
+ boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg);
+ if (useEncryptedFSDir) {
+ dataPath = new File(mSecureAppDataDir, pkgName);
+ } else {
+ dataPath = new File(mAppDataDir, pkgName);
+ }
if (dataPath.exists()) {
mOutPermissions[1] = 0;
FileUtils.getPermissions(dataPath.getPath(), mOutPermissions);
@@ -2402,7 +2421,7 @@ class PackageManagerService extends IPackageManager.Stub {
// If this is a system app, we can at least delete its
// current data so the application will still work.
if (mInstaller != null) {
- int ret = mInstaller.remove(pkgName);
+ int ret = mInstaller.remove(pkgName, useEncryptedFSDir);
if(ret >= 0) {
// Old data gone!
String msg = "System package " + pkg.packageName
@@ -2413,7 +2432,7 @@ class PackageManagerService extends IPackageManager.Stub {
recovered = true;
// And now re-install the app.
- ret = mInstaller.install(pkgName, pkg.applicationInfo.uid,
+ ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid,
pkg.applicationInfo.uid);
if (ret == -1) {
// Ack should not happen!
@@ -2453,7 +2472,7 @@ class PackageManagerService extends IPackageManager.Stub {
Log.v(TAG, "Want this data dir: " + dataPath);
//invoke installer to do the actual installation
if (mInstaller != null) {
- int ret = mInstaller.install(pkgName, pkg.applicationInfo.uid,
+ int ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid,
pkg.applicationInfo.uid);
if(ret < 0) {
// Error from installer
@@ -3810,7 +3829,13 @@ class PackageManagerService extends IPackageManager.Stub {
PackageParser.Package pkg, boolean forwardLocked, boolean newInstall,
String installerPackageName, PackageInstalledInfo res) {
// Remember this for later, in case we need to rollback this install
- boolean dataDirExists = (new File(mAppDataDir, pkgName)).exists();
+ boolean dataDirExists;
+
+ if (useEncryptedFilesystemForPackage(pkg)) {
+ dataDirExists = (new File(mSecureAppDataDir, pkgName)).exists();
+ } else {
+ dataDirExists = (new File(mAppDataDir, pkgName)).exists();
+ }
res.name = pkgName;
synchronized(mPackages) {
if (mPackages.containsKey(pkgName) || mAppDirs.containsKey(destFilePath)) {
@@ -4540,8 +4565,9 @@ class PackageManagerService extends IPackageManager.Stub {
deletedPs = mSettings.mPackages.get(packageName);
}
if ((flags&PackageManager.DONT_DELETE_DATA) == 0) {
+ boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
- int retCode = mInstaller.remove(packageName);
+ int retCode = mInstaller.remove(packageName, useEncryptedFSDir);
if (retCode < 0) {
Log.w(TAG, "Couldn't remove app data or cache directory for package: "
+ packageName + ", retcode=" + retCode);
@@ -4783,6 +4809,8 @@ class PackageManagerService extends IPackageManager.Stub {
p = ps.pkg;
}
}
+ boolean useEncryptedFSDir = false;
+
if(!dataOnly) {
//need to check this only for fully installed applications
if (p == null) {
@@ -4794,9 +4822,10 @@ class PackageManagerService extends IPackageManager.Stub {
Log.w(TAG, "Package " + packageName + " has no applicationInfo.");
return false;
}
+ useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
}
if (mInstaller != null) {
- int retCode = mInstaller.clearUserData(packageName);
+ int retCode = mInstaller.clearUserData(packageName, useEncryptedFSDir);
if (retCode < 0) {
Log.w(TAG, "Couldn't remove cache files for package: "
+ packageName);
@@ -4847,8 +4876,9 @@ class PackageManagerService extends IPackageManager.Stub {
Log.w(TAG, "Package " + packageName + " has no applicationInfo.");
return false;
}
+ boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
- int retCode = mInstaller.deleteCacheFiles(packageName);
+ int retCode = mInstaller.deleteCacheFiles(packageName, useEncryptedFSDir);
if (retCode < 0) {
Log.w(TAG, "Couldn't remove cache files for package: "
+ packageName);
@@ -4910,9 +4940,10 @@ class PackageManagerService extends IPackageManager.Stub {
}
publicSrcDir = isForwardLocked(p) ? applicationInfo.publicSourceDir : null;
}
+ boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
int res = mInstaller.getSizeInfo(packageName, p.mPath,
- publicSrcDir, pStats);
+ publicSrcDir, pStats, useEncryptedFSDir);
if (res < 0) {
return false;
} else {
@@ -6061,11 +6092,18 @@ class PackageManagerService extends IPackageManager.Stub {
Settings() {
File dataDir = Environment.getDataDirectory();
File systemDir = new File(dataDir, "system");
+ // TODO(oam): This secure dir creation needs to be moved somewhere else (later)
+ File systemSecureDir = new File(dataDir, "secure/system");
systemDir.mkdirs();
+ systemSecureDir.mkdirs();
FileUtils.setPermissions(systemDir.toString(),
FileUtils.S_IRWXU|FileUtils.S_IRWXG
|FileUtils.S_IROTH|FileUtils.S_IXOTH,
-1, -1);
+ FileUtils.setPermissions(systemSecureDir.toString(),
+ FileUtils.S_IRWXU|FileUtils.S_IRWXG
+ |FileUtils.S_IROTH|FileUtils.S_IXOTH,
+ -1, -1);
mSettingsFilename = new File(systemDir, "packages.xml");
mBackupSettingsFilename = new File(systemDir, "packages-backup.xml");
}
@@ -6726,15 +6764,15 @@ class PackageManagerService extends IPackageManager.Stub {
return mReadMessages.toString();
}
- ArrayList<String> getListOfIncompleteInstallPackages() {
+ ArrayList<PackageSetting> getListOfIncompleteInstallPackages() {
HashSet<String> kList = new HashSet<String>(mPackages.keySet());
Iterator<String> its = kList.iterator();
- ArrayList<String> ret = new ArrayList<String>();
+ ArrayList<PackageSetting> ret = new ArrayList<PackageSetting>();
while(its.hasNext()) {
String key = its.next();
PackageSetting ps = mPackages.get(key);
if(ps.getInstallStatus() == PKG_INSTALL_INCOMPLETE) {
- ret.add(key);
+ ret.add(ps);
}
}
return ret;
generated by cgit v1.1 at 2025-06-10 02:44:22 +0000