Prevent uninstall of keyguard apps for user (1666255c) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/DeletePackageHelper.java

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -16,6 +16,7 @@

	package com.android.server.pm;		package com.android.server.pm;

			import static android.Manifest.permission.CONTROL_KEYGUARD;
	import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;		import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
	import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;		import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
	import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;		import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
	@@ -354,6 +355,12 @@ final class DeletePackageHelper {
	synchronized (mPm.mLock) {		synchronized (mPm.mLock) {
	final PackageSetting ps = mPm.mSettings.getPackageLPr(packageName);		final PackageSetting ps = mPm.mSettings.getPackageLPr(packageName);
	final PackageSetting disabledPs = mPm.mSettings.getDisabledSystemPkgLPr(ps);		final PackageSetting disabledPs = mPm.mSettings.getDisabledSystemPkgLPr(ps);
			if (PackageManagerServiceUtils.isSystemApp(ps)
			&& mPm.checkPermission(CONTROL_KEYGUARD, packageName, UserHandle.USER_SYSTEM)
			== PERMISSION_GRANTED) {
			Slog.w(TAG, "Attempt to delete keyguard system package " + packageName);
			return false;
			}
	action = mayDeletePackageLocked(outInfo, ps, disabledPs, flags, user);		action = mayDeletePackageLocked(outInfo, ps, disabledPs, flags, user);
	}		}
	if (DEBUG_REMOVE) Slog.d(TAG, "deletePackageLI: " + packageName + " user " + user);		if (DEBUG_REMOVE) Slog.d(TAG, "deletePackageLI: " + packageName + " user " + user);

services/tests/mockingservicestests/src/com/android/server/pm/DeletePackageHelperTest.kt

+25 −0

Original line number	Original line	Diff line number	Diff line
	@@ -16,9 +16,13 @@

	package com.android.server.pm		package com.android.server.pm

			import android.Manifest.permission.CONTROL_KEYGUARD
	import android.content.pm.PackageManager		import android.content.pm.PackageManager
			import android.content.pm.PackageManager.PERMISSION_DENIED
			import android.content.pm.PackageManager.PERMISSION_GRANTED
	import android.content.pm.UserInfo		import android.content.pm.UserInfo
	import android.os.Build		import android.os.Build
			import android.os.UserHandle.USER_SYSTEM
	import android.util.Log		import android.util.Log
	import com.android.server.testutils.any		import com.android.server.testutils.any
	import com.android.server.testutils.spy		import com.android.server.testutils.spy
	@@ -105,6 +109,8 @@ class DeletePackageHelperTest {
	whenever(PackageManagerServiceUtils.isSystemApp(ps)).thenReturn(true)		whenever(PackageManagerServiceUtils.isSystemApp(ps)).thenReturn(true)
	whenever(mUserManagerInternal.getUserInfo(1)).thenReturn(		whenever(mUserManagerInternal.getUserInfo(1)).thenReturn(
	UserInfo(1, "test", UserInfo.FLAG_ADMIN))		UserInfo(1, "test", UserInfo.FLAG_ADMIN))
			whenever(mPms.checkPermission(CONTROL_KEYGUARD, "a.data.package", USER_SYSTEM))
			.thenReturn(PERMISSION_DENIED)

	val dph = DeletePackageHelper(mPms)		val dph = DeletePackageHelper(mPms)
	val result = dph.deletePackageX("a.data.package", 1L, 1,		val result = dph.deletePackageX("a.data.package", 1L, 1,
	@@ -124,6 +130,8 @@ class DeletePackageHelperTest {
	whenever(mUserManagerInternal.getProfileParentId(userId)).thenReturn(parentId)		whenever(mUserManagerInternal.getProfileParentId(userId)).thenReturn(parentId)
	whenever(mUserManagerInternal.getUserInfo(parentId)).thenReturn(		whenever(mUserManagerInternal.getUserInfo(parentId)).thenReturn(
	UserInfo(userId, "testparent", UserInfo.FLAG_ADMIN))		UserInfo(userId, "testparent", UserInfo.FLAG_ADMIN))
			whenever(mPms.checkPermission(CONTROL_KEYGUARD, "a.data.package", USER_SYSTEM))
			.thenReturn(PERMISSION_DENIED)

	val dph = DeletePackageHelper(mPms)		val dph = DeletePackageHelper(mPms)
	val result = dph.deletePackageX("a.data.package", 1L, userId,		val result = dph.deletePackageX("a.data.package", 1L, userId,
	@@ -138,6 +146,9 @@ class DeletePackageHelperTest {
	whenever(PackageManagerServiceUtils.isUpdatedSystemApp(ps)).thenReturn(true)		whenever(PackageManagerServiceUtils.isUpdatedSystemApp(ps)).thenReturn(true)
	whenever(mUserManagerInternal.getUserInfo(1)).thenReturn(UserInfo(1, "test", 0))		whenever(mUserManagerInternal.getUserInfo(1)).thenReturn(UserInfo(1, "test", 0))
	whenever(mUserManagerInternal.getProfileParentId(1)).thenReturn(1)		whenever(mUserManagerInternal.getProfileParentId(1)).thenReturn(1)
			whenever(PackageManagerServiceUtils.isSystemApp(ps)).thenReturn(true)
			whenever(mPms.checkPermission(CONTROL_KEYGUARD, "a.data.package", USER_SYSTEM))
			.thenReturn(PERMISSION_DENIED)

	val dph = DeletePackageHelper(mPms)		val dph = DeletePackageHelper(mPms)
	val result = dph.deletePackageX("a.data.package", 1L, 1,		val result = dph.deletePackageX("a.data.package", 1L, 1,
	@@ -145,4 +156,18 @@ class DeletePackageHelperTest {

	assertThat(result).isEqualTo(PackageManager.DELETE_SUCCEEDED)		assertThat(result).isEqualTo(PackageManager.DELETE_SUCCEEDED)
	}		}

			@Test
			fun deleteSystemPackageWithKeyguard_fails() {
			val ps = mPms.mSettings.getPackageLPr("a.data.package")
			whenever(PackageManagerServiceUtils.isSystemApp(ps)).thenReturn(true)
			whenever(mPms.checkPermission(CONTROL_KEYGUARD, "a.data.package", USER_SYSTEM))
			.thenReturn(PERMISSION_GRANTED)

			val dph = DeletePackageHelper(mPms)
			val result = dph.deletePackageX("a.data.package", 1L, 1,
			PackageManager.DELETE_SYSTEM_APP, false)

			assertThat(result).isEqualTo(PackageManager.DELETE_FAILED_INTERNAL_ERROR)
			}
	}		}