Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e58a847 authored by Winson's avatar Winson
Browse files

Clean up permissions when system app fails to scan 

When a system APK fails to scan, the full uninstall flow
is not called for the app. So if it had a data variant
or was previously scanned before a system update, residual
data can remain.

This change only fixes up leftover permissions, and there
could be other unhandled cases.

Specifically this fixes the case where an OTA updates a
system app to a higher version that the data variant, but the APK
fails to scan due to invalid signature verification. This would
cause the app to be removed from the deviced entirely while
leaving a declared permission inside PermissionSettings which was
serialized to/from disk. This permission would be checked when
trying to manually install an update, which would verify against
a non-existent package, failing the install.

Because of the serialization, a reboot would not be enough to fix
this case. This reboot issue is technically still a problem if the
permission clean up fails for any reason. Perhaps a future refactor
can address the need to seriailize the permissions at all, and only
write the necessary state, removing state that doesn't have a valid
entry inside a known package.

If this case is ever hit, there will be no working application
on the device as it's assumed that all system packages will scan.
The data variant will be dropped.

Bug: 158567255

Test: atest com.android.server.pm.test.InvalidNewSystemAppTest

Change-Id: I7cbb6ac231a211543a6bd42c61e1c74112b81736
parent e4c1cb51

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −0
Original line number Diff line number Diff line
@@ -3175,6 +3175,10 @@ public class PackageManagerService extends IPackageManager.Stub 
                        psit.remove();

                        logCriticalInfo(Log.WARN, "System package " + ps.name

                                + " no longer exists; it's data will be wiped");













                        // Assume package is truly gone and wipe residual permissions.













                        mPermissionManager.updatePermissions(ps.name, null);



























                        // Actual deletion of code and data will be handled by later















                        // reconciliation step















                    } else {

























services/tests/PackageManagerServiceTests/host/Android.bp



+8
−0




























Original line number
Diff line number
Diff line








@@ -28,6 +28,14 @@ java_test_host {













        ":PackageManagerDummyAppVersion1",















        ":PackageManagerDummyAppVersion2",















        ":PackageManagerDummyAppVersion3",













        ":PackageManagerDummyAppVersion4",















        ":PackageManagerDummyAppOriginalOverride",













        ":PackageManagerServiceHostTestsResources",















    ]















}



























filegroup {













    name: "PackageManagerServiceHostTestsResources",













    srcs: [ "resources/*" ],













    path: "resources/"













}




























services/tests/PackageManagerServiceTests/host/src/com/android/server/pm/test/HostUtils.kt



+10
−0




























Original line number
Diff line number
Diff line








@@ -19,6 +19,7 @@ package com.android.server.pm.test













import com.android.internal.util.test.SystemPreparer















import com.android.tradefed.device.ITestDevice















import java.io.File













import java.io.FileOutputStream































internal fun SystemPreparer.pushApk(file: String, partition: Partition) =















        pushResourceFile(file, HostUtils.makePathForApk(file, partition))









@@ -43,4 +44,13 @@ internal object HostUtils {













                    .resolve(file.nameWithoutExtension)















                    .resolve(file.name)















                    .toString()



























    fun copyResourceToHostFile(javaResourceName: String, file: File): File {













        javaClass.classLoader!!.getResource(javaResourceName).openStream().use { input ->













            FileOutputStream(file).use { output ->













                input.copyTo(output)













            }













        }













        return file













    }















}
























services/tests/PackageManagerServiceTests/host/src/com/android/server/pm/test/InvalidNewSystemAppTest.kt
0 → 100644



+83
−0




























Original line number
Diff line number
Diff line













/*













 * Copyright (C) 2020 The Android Open Source Project













 *













 * Licensed under the Apache License, Version 2.0 (the "License");













 * you may not use this file except in compliance with the License.













 * You may obtain a copy of the License at













 *













 *      http://www.apache.org/licenses/LICENSE-2.0













 *













 * Unless required by applicable law or agreed to in writing, software













 * distributed under the License is distributed on an "AS IS" BASIS,













 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.













 * See the License for the specific language governing permissions and













 * limitations under the License.













 */



























package com.android.server.pm.test



























import com.android.internal.util.test.SystemPreparer













import com.android.tradefed.testtype.DeviceJUnit4ClassRunner













import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test













import com.google.common.truth.Truth.assertThat













import org.junit.After













import org.junit.Before













import org.junit.ClassRule













import org.junit.Rule













import org.junit.Test













import org.junit.rules.RuleChain













import org.junit.rules.TemporaryFolder













import org.junit.runner.RunWith



























@RunWith(DeviceJUnit4ClassRunner::class)













class InvalidNewSystemAppTest : BaseHostJUnit4Test() {



























    companion object {













        private const val TEST_PKG_NAME = "com.android.server.pm.test.dummy_app"













        private const val VERSION_ONE = "PackageManagerDummyAppVersion1.apk"













        private const val VERSION_TWO = "PackageManagerDummyAppVersion2.apk"













        private const val VERSION_THREE_INVALID = "PackageManagerDummyAppVersion3Invalid.apk"













        private const val VERSION_FOUR = "PackageManagerDummyAppVersion4.apk"



























        @get:ClassRule













        val deviceRebootRule = SystemPreparer.TestRuleDelegate(true)













    }



























    private val tempFolder = TemporaryFolder()













    private val preparer: SystemPreparer = SystemPreparer(tempFolder,













            SystemPreparer.RebootStrategy.START_STOP, deviceRebootRule) { this.device }



























    @get:Rule













    val rules = RuleChain.outerRule(tempFolder).around(preparer)!!



























    @Before













    @After













    fun uninstallDataPackage() {













        device.uninstallPackage(TEST_PKG_NAME)













    }



























    @Test













    fun verify() {













        // First, push a system app to the device and then update it so there's a data variant













        val filePath = HostUtils.makePathForApk("PackageManagerDummyApp.apk", Partition.PRODUCT)



























        preparer.pushResourceFile(VERSION_ONE, filePath)













                .reboot()



























        val versionTwoFile = HostUtils.copyResourceToHostFile(VERSION_TWO, tempFolder.newFile())



























        assertThat(device.installPackage(versionTwoFile, true)).isNull()



























        // Then push a bad update to the system, overwriting the existing file as if an OTA occurred













        preparer.deleteFile(filePath)













                .pushResourceFile(VERSION_THREE_INVALID, filePath)













                .reboot()



























        // This will remove the package from the device, which is expected













        assertThat(device.getAppPackageInfo(TEST_PKG_NAME)).isNull()



























        // Then check that a user would still be able to install the application manually













        val versionFourFile = HostUtils.copyResourceToHostFile(VERSION_FOUR, tempFolder.newFile())













        assertThat(device.installPackage(versionFourFile, true)).isNull()













    }













}