Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f4b18a1 authored by Michael Groover's avatar Michael Groover
Browse files

Require rollback permission to use rollback install reason 

The platform provides a mechanism to rollback an app to the previously
installed version, but if the APK signing key was rotated on the newer
version the ROLLBACK capability must be set for the previous signing
key to allow the rollback to proceed. However setting the ROLLBACK
capability on a previous signing key negates one of the primary reasons
of rotating as it allows a subsequent app update to proceed with an APK
signed with this previous signing key. Since only platform signed or
priv-apps should have the permission to perform a rollback this commit
will enforce that the rollback install reason is guarded by this
permission. In a future commit the rollback install reason will be used
to allow a rollback of an app even if it's signed with a previous key in
the lineage.

Bug: 175231724
Test: atest NoRollbackPermissionTest
Test: adb shell pm rollback-app <TEST_APP>
Change-Id: I8e1beaba2c22a4b25ada34a2c4b52cde47c780a0
parent c36d7b0f

services/core/java/com/android/server/pm/PackageInstallerService.java

+14 −0
Original line number Diff line number Diff line
@@ -532,6 +532,20 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
                    + "to use a data loader");

        }



        // INSTALL_REASON_ROLLBACK allows an app to be rolled back without requiring the ROLLBACK

        // capability; ensure if this is set as the install reason the app has one of the necessary

        // signature permissions to perform the rollback.

        if (params.installReason == PackageManager.INSTALL_REASON_ROLLBACK) {

            if (mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_ROLLBACKS)

                    != PackageManager.PERMISSION_GRANTED &&

                    mContext.checkCallingOrSelfPermission(Manifest.permission.TEST_MANAGE_ROLLBACKS)

                    != PackageManager.PERMISSION_GRANTED) {

                throw new SecurityException(

                        "INSTALL_REASON_ROLLBACK requires the MANAGE_ROLLBACKS permission or the "

                                + "TEST_MANAGE_ROLLBACKS permission");

            }

        }



        // App package name and label length is restricted so that really long strings aren't

        // written to disk.

        if (params.appPackageName != null