Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 898aefda authored by Hani Kazmi's avatar Hani Kazmi
Browse files

Add ECM appOp after UidState is created 

This fixes a bug introduced in ag/22299389.

ECM is enabled for a package by an AppOp being added to it at install
time from InstallPackageHelper#updateSettingsInternalLI. This is
/before/ an AppOp tracker(AppOpsService.UidState) has been created for
the package.
That is created in InstallPackageHelper#handlePackagePostInstall which
will call through to AppOpsService#onPackageAdded.

updateSettingsInternalLI is called before handlePackagePostInstall.
In T and U, this worked fine. If setMode was called before UidState had
been created, it would automatically create it first here.

However, this code has now changed to no longer create the UidState.

This results in setMode silently failing and not setting the appOp to
ERRORED for ECM.

We also fix a different bug where installing the app with a new user on
a multi-user device would result in ECM being set back to errored for
all users.

Bug: 307324622
Test: Manually tested on device
Test: atest android.packageinstaller.install.cts
Change-Id: I68450e0d7ae06039fc7e41f6e9b2332f1491fb02
parent eaf0c9d6

services/core/java/com/android/server/pm/InstallPackageHelper.java

+19 −21
Original line number Diff line number Diff line
@@ -2394,12 +2394,6 @@ final class InstallPackageHelper { 
                permissionParamsBuilder.setAutoRevokePermissionsMode(autoRevokePermissionsMode);

                mPm.mPermissionManager.onPackageInstalled(pkg, installRequest.getPreviousAppId(),

                        permissionParamsBuilder.build(), userId);

                // Apply restricted settings on potentially dangerous packages.

                if (installRequest.getPackageSource() == PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE

                        || installRequest.getPackageSource()

                        == PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE) {

                    enableRestrictedSettings(pkgName, pkg.getUid());

                }

            }

            installRequest.setName(pkgName);

            installRequest.setAppId(pkg.getUid());
@@ -2414,17 +2408,14 @@ final class InstallPackageHelper { 
        Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

    }



    private void enableRestrictedSettings(String pkgName, int appId) {

    private void enableRestrictedSettings(String pkgName, int appId, int userId) {

        final AppOpsManager appOpsManager = mPm.mContext.getSystemService(AppOpsManager.class);

        final int[] allUsersList = mPm.mUserManager.getUserIds();

        for (int userId : allUsersList) {

        final int uid = UserHandle.getUid(userId, appId);

        appOpsManager.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,

                uid,

                pkgName,

                AppOpsManager.MODE_ERRORED);

    }

    }



    /**

     * On successful install, executes remaining steps after commit completes and the package lock
@@ -2847,14 +2838,11 @@ final class InstallPackageHelper { 
                    mPm.mRequiredInstallerPackage,

                    /* packageSender= */ mPm, launchedForRestore, killApp, update, archived);





            // Work that needs to happen on first install within each user

            if (firstUserIds.length > 0) {

            for (int userId : firstUserIds) {

                mPm.restorePermissionsAndUpdateRolesForNewUserInstall(packageName,

                        userId);

            }

            }



            if (request.isAllNewUsers() && !update) {

                mPm.notifyPackageAdded(packageName, request.getAppId());
@@ -2862,6 +2850,16 @@ final class InstallPackageHelper { 
                mPm.notifyPackageChanged(packageName, request.getAppId());

            }



            for (int userId : firstUserIds) {

                // Apply restricted settings on potentially dangerous packages. Needs to happen

                // after appOpsManager is notified of the new package

                if (request.getPackageSource() == PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE

                        || request.getPackageSource()

                        == PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE) {

                    enableRestrictedSettings(packageName, request.getAppId(), userId);

                }

            }



            // Log current value of "unknown sources" setting

            EventLog.writeEvent(EventLogTags.UNKNOWN_SOURCES_ENABLED,

                    getUnknownSourcesSettings());