Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1d7d40e9 authored by Alex Buynytskyy's avatar Alex Buynytskyy
Browse files

Add a new permission to allow usage of system dataloaders. 

Shell delegation only delegates permissions/appops.
Need to add the permission instead of checking UIDs.

Bug: 168508924
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest ChecksumsTest
Change-Id: If31980b698cdfef251ffdca400d641a79948019f
Merged-In: If31980b698cdfef251ffdca400d641a79948019f
parent 4ac678f2

core/res/AndroidManifest.xml

+7 −0
Original line number Diff line number Diff line
@@ -3983,6 +3983,13 @@ 
    <permission android:name="com.android.permission.USE_INSTALLER_V2"

        android:protectionLevel="signature|verifier" />



    <!-- Allows an application to use System Data Loaders.

         <p>Not for use by third-party applications.

         @hide

    -->

    <permission android:name="com.android.permission.USE_SYSTEM_DATA_LOADERS"

                android:protectionLevel="signature" />



    <!-- @SystemApi @TestApi Allows an application to clear user data.

         <p>Not for use by third-party applications

         @hide

packages/Shell/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -86,6 +86,7 @@ 
    <uses-permission android:name="android.permission.INSTALL_PACKAGES" />

    <!--  TODO(b/152310230): remove once APIs are confirmed to be sufficient -->

    <uses-permission android:name="com.android.permission.USE_INSTALLER_V2" />

    <uses-permission android:name="com.android.permission.USE_SYSTEM_DATA_LOADERS" />

    <uses-permission android:name="android.permission.MOVE_PACKAGE" />

    <uses-permission android:name="android.permission.KEEP_UNINSTALLED_PACKAGES" />

    <uses-permission android:name="android.permission.CLEAR_APP_USER_DATA" />

services/core/java/com/android/server/pm/PackageInstallerSession.java

+7 −2
Original line number Diff line number Diff line
@@ -1010,9 +1010,14 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
                throw new IllegalArgumentException(

                        "DataLoader installation of APEX modules is not allowed.");

            }



            if (this.params.dataLoaderParams.getComponentName().getPackageName()

                    == SYSTEM_DATA_LOADER_PACKAGE) {

                assertShellOrSystemCalling("System data loaders");

                    == SYSTEM_DATA_LOADER_PACKAGE && mContext.checkCallingOrSelfPermission(

                    Manifest.permission.USE_SYSTEM_DATA_LOADERS)

                    != PackageManager.PERMISSION_GRANTED) {

                throw new SecurityException("You need the "

                        + "com.android.permission.USE_SYSTEM_DATA_LOADERS permission "

                        + "to use system data loaders");

            }

        }