Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8904b536 authored by Patrick Baumann's avatar Patrick Baumann Committed by Android Build Coastguard Worker
Browse files

Fixes update ownership preapproval flow 

This change sets the package name when computing commit preapproval
reason. Previously, with the package name unavailable that path would
not be able to look up the existing package and so wouldn't know the
owner. Additionally, if the installer required user action, the wrong
dialog would have been displayed when the update ownership dialog should
have been. This fixes both issues.

Add new change id to check whether the build includes the fix or not.
If the change is disabled, it means the build includes the fix. If
the build doesn't include the change id, when the caller checks the
change, it is enabled.

Bug: 293644536
Test: atest PreapprovalInstallTest UpdateOwnershipEnforcementTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:917f02221653e456d83bf58cdfd7f86a54789909)
Merged-In: I210fe1bb13a2096eb7e087806298ed1d4fa4905d
Change-Id: I210fe1bb13a2096eb7e087806298ed1d4fa4905d
parent 8dbb7c38

services/core/java/com/android/server/pm/PackageInstallerSession.java

+32 −7
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ import android.app.admin.DevicePolicyEventLogger; 
import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManagerInternal;

import android.compat.annotation.ChangeId;

import android.compat.annotation.Disabled;

import android.compat.annotation.EnabledSince;

import android.content.ComponentName;

import android.content.Context;
@@ -310,6 +311,19 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
    @EnabledSince(targetSdkVersion = Build.VERSION_CODES.S)

    private static final long SILENT_INSTALL_ALLOWED = 265131695L;



    /**

     * The system supports pre-approval and update ownership features from

     * {@link Build.VERSION_CODES#UPSIDE_DOWN_CAKE API 34}. The change id is used to make sure

     * the system includes the fix of pre-approval with update ownership case. When checking the

     * change id, if it is disabled, it means the build includes the fix. The more detail is on

     * b/293644536.

     * See {@link PackageInstaller.SessionParams#setRequestUpdateOwnership(boolean)} and

     * {@link #requestUserPreapproval(PreapprovalDetails, IntentSender)} for more details.

     */

    @Disabled

    @ChangeId

    private static final long PRE_APPROVAL_WITH_UPDATE_OWNERSHIP_FIX = 293644536L;



    /**

     * The default value of {@link #mValidatedTargetSdk} is {@link Integer#MAX_VALUE}. If {@link

     * #mValidatedTargetSdk} is compared with {@link Build.VERSION_CODES#S} before getting the
@@ -893,16 +907,27 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
            if (mPermissionsManuallyAccepted) {

                return USER_ACTION_NOT_NEEDED;

            }

            // For pre-pappvoal case, the mPackageName would be null.

            if (mPackageName != null) {

                packageName = mPackageName;

            } else if (mPreapprovalRequested.get() && mPreapprovalDetails != null) {

                packageName = mPreapprovalDetails.getPackageName();

            } else {

                packageName = null;

            }

            hasDeviceAdminReceiver = mHasDeviceAdminReceiver;

        }



        final boolean forcePermissionPrompt =

        // For the below cases, force user action prompt

        // 1. installFlags includes INSTALL_FORCE_PERMISSION_PROMPT

        // 2. params.requireUserAction is USER_ACTION_REQUIRED

        final boolean forceUserActionPrompt =

                (params.installFlags & PackageManager.INSTALL_FORCE_PERMISSION_PROMPT) != 0

                        || params.requireUserAction == SessionParams.USER_ACTION_REQUIRED;

        if (forcePermissionPrompt) {

            return USER_ACTION_REQUIRED;

        }

        final int userActionNotTypicallyNeededResponse = forceUserActionPrompt

                ? USER_ACTION_REQUIRED

                : USER_ACTION_NOT_NEEDED;



        // It is safe to access mInstallerUid and mInstallSource without lock

        // because they are immutable after sealing.

        final Computer snapshot = mPm.snapshotComputer();
@@ -956,7 +981,7 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
                || isInstallerDeviceOwnerOrAffiliatedProfileOwner();



        if (noUserActionNecessary) {

            return USER_ACTION_NOT_NEEDED;

            return userActionNotTypicallyNeededResponse;

        }



        if (isUpdateOwnershipEnforcementEnabled
@@ -969,7 +994,7 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
        }



        if (isPermissionGranted) {

            return USER_ACTION_NOT_NEEDED;

            return userActionNotTypicallyNeededResponse;

        }



        if (snapshot.isInstallDisabledForPackage(getInstallerPackageName(), mInstallerUid,