Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 435c8fe2 authored by Songchun Fan's avatar Songchun Fan
Browse files

[pm] prevent non-debuggable app downgrades via shell 

Downgrade can only be performed if the following conditions are met:

1. Downgrade is requested in the installFlags
2a. App is debuggable
Or 2b: If app is not debuggable, the build is debuggable or the calling
uid is system or root.

This means shell can't downgrade a non-debuggable app on a non-debuggable build.

BUG: 256202273
Test: manual
Change-Id: I841878502eaa9574e98a38a77e73352fd9735677
parent 729d0a62

services/core/java/com/android/server/pm/PackageInstallerService.java

+5 −1
Original line number Diff line number Diff line
@@ -705,7 +705,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
            }

        }



        if (Build.IS_DEBUGGABLE || isCalledBySystemOrShell(callingUid)) {

        if (Build.IS_DEBUGGABLE || isCalledBySystem(callingUid)) {

            params.installFlags |= PackageManager.INSTALL_ALLOW_DOWNGRADE;

        } else {

            params.installFlags &= ~PackageManager.INSTALL_ALLOW_DOWNGRADE;
@@ -906,6 +906,10 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        return sessionId;

    }



    private static boolean isCalledBySystem(int callingUid) {

        return callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID;

    }



    private boolean isCalledBySystemOrShell(int callingUid) {

        return callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID

                || callingUid == Process.SHELL_UID;