Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a6db2a1e authored by Patrick Baumann's avatar Patrick Baumann Committed by Android (Google) Code Review
Browse files

Merge "App may trigger bypass of update owner enforcement" into udc-dev

parents 1d14d281 7fbbe85a

core/java/android/content/pm/parsing/ApkLite.java

+20 −3
Original line number Diff line number Diff line
@@ -138,6 +138,11 @@ public class ApkLite { 
     */

    private final boolean mIsSdkLibrary;



    /**

     * Indicates if this package allows an installer to declare update ownership of it.

     */

    private final boolean mAllowUpdateOwnership;



    public ApkLite(String path, String packageName, String splitName, boolean isFeatureSplit,

            String configForSplit, String usesSplitName, boolean isSplitRequired, int versionCode,

            int versionCodeMajor, int revisionCode, int installLocation,
@@ -148,7 +153,7 @@ public class ApkLite { 
            String requiredSystemPropertyName, String requiredSystemPropertyValue,

            int minSdkVersion, int targetSdkVersion, int rollbackDataPolicy,

            Set<String> requiredSplitTypes, Set<String> splitTypes,

            boolean hasDeviceAdminReceiver, boolean isSdkLibrary) {

            boolean hasDeviceAdminReceiver, boolean isSdkLibrary, boolean allowUpdateOwnership) {

        mPath = path;

        mPackageName = packageName;

        mSplitName = splitName;
@@ -182,6 +187,7 @@ public class ApkLite { 
        mRollbackDataPolicy = rollbackDataPolicy;

        mHasDeviceAdminReceiver = hasDeviceAdminReceiver;

        mIsSdkLibrary = isSdkLibrary;

        mAllowUpdateOwnership = allowUpdateOwnership;

    }



    /**
@@ -474,6 +480,9 @@ public class ApkLite { 
        return mRollbackDataPolicy;

    }



    /**

     * Indicates if this app contains a {@link android.app.admin.DeviceAdminReceiver}.

     */

    @DataClass.Generated.Member

    public boolean isHasDeviceAdminReceiver() {

        return mHasDeviceAdminReceiver;
@@ -487,11 +496,19 @@ public class ApkLite { 
        return mIsSdkLibrary;

    }



    /**

     * Indicates if this package allows an installer to declare update ownership of it.

     */

    @DataClass.Generated.Member

    public boolean isAllowUpdateOwnership() {

        return mAllowUpdateOwnership;

    }



    @DataClass.Generated(

            time = 1643063342990L,

            time = 1680122754650L,

            codegenVersion = "1.0.23",

            sourceFile = "frameworks/base/core/java/android/content/pm/parsing/ApkLite.java",

            inputSignatures = "private final @android.annotation.NonNull java.lang.String mPackageName\nprivate final @android.annotation.NonNull java.lang.String mPath\nprivate final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.Nullable java.lang.String mUsesSplitName\nprivate final @android.annotation.Nullable java.lang.String mConfigForSplit\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mSplitTypes\nprivate final  int mVersionCodeMajor\nprivate final  int mVersionCode\nprivate final  int mRevisionCode\nprivate final  int mInstallLocation\nprivate final  int mMinSdkVersion\nprivate final  int mTargetSdkVersion\nprivate final @android.annotation.NonNull android.content.pm.VerifierInfo[] mVerifiers\nprivate final @android.annotation.NonNull android.content.pm.SigningDetails mSigningDetails\nprivate final  boolean mFeatureSplit\nprivate final  boolean mIsolatedSplits\nprivate final  boolean mSplitRequired\nprivate final  boolean mCoreApp\nprivate final  boolean mDebuggable\nprivate final  boolean mProfileableByShell\nprivate final  boolean mMultiArch\nprivate final  boolean mUse32bitAbi\nprivate final  boolean mExtractNativeLibs\nprivate final  boolean mUseEmbeddedDex\nprivate final @android.annotation.Nullable java.lang.String mTargetPackageName\nprivate final  boolean mOverlayIsStatic\nprivate final  int mOverlayPriority\nprivate final @android.annotation.Nullable java.lang.String mRequiredSystemPropertyName\nprivate final @android.annotation.Nullable java.lang.String mRequiredSystemPropertyValue\nprivate final  int mRollbackDataPolicy\nprivate final  boolean mHasDeviceAdminReceiver\nprivate final  boolean mIsSdkLibrary\npublic  long getLongVersionCode()\nprivate  boolean hasAnyRequiredSplitTypes()\nclass ApkLite extends java.lang.Object implements []\n@com.android.internal.util.DataClass(genConstructor=false, genConstDefs=false)")

            inputSignatures = "private final @android.annotation.NonNull java.lang.String mPackageName\nprivate final @android.annotation.NonNull java.lang.String mPath\nprivate final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.Nullable java.lang.String mUsesSplitName\nprivate final @android.annotation.Nullable java.lang.String mConfigForSplit\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mSplitTypes\nprivate final  int mVersionCodeMajor\nprivate final  int mVersionCode\nprivate final  int mRevisionCode\nprivate final  int mInstallLocation\nprivate final  int mMinSdkVersion\nprivate final  int mTargetSdkVersion\nprivate final @android.annotation.NonNull android.content.pm.VerifierInfo[] mVerifiers\nprivate final @android.annotation.NonNull android.content.pm.SigningDetails mSigningDetails\nprivate final  boolean mFeatureSplit\nprivate final  boolean mIsolatedSplits\nprivate final  boolean mSplitRequired\nprivate final  boolean mCoreApp\nprivate final  boolean mDebuggable\nprivate final  boolean mProfileableByShell\nprivate final  boolean mMultiArch\nprivate final  boolean mUse32bitAbi\nprivate final  boolean mExtractNativeLibs\nprivate final  boolean mUseEmbeddedDex\nprivate final @android.annotation.Nullable java.lang.String mTargetPackageName\nprivate final  boolean mOverlayIsStatic\nprivate final  int mOverlayPriority\nprivate final @android.annotation.Nullable java.lang.String mRequiredSystemPropertyName\nprivate final @android.annotation.Nullable java.lang.String mRequiredSystemPropertyValue\nprivate final  int mRollbackDataPolicy\nprivate final  boolean mHasDeviceAdminReceiver\nprivate final  boolean mIsSdkLibrary\nprivate final  boolean mAllowUpdateOwnership\npublic  long getLongVersionCode()\nprivate  boolean hasAnyRequiredSplitTypes()\nclass ApkLite extends java.lang.Object implements []\n@com.android.internal.util.DataClass(genConstructor=false, genConstDefs=false)")

    @Deprecated

    private void __metadata() {}

core/java/android/content/pm/parsing/ApkLiteParseUtils.java

+7 −3
Original line number Diff line number Diff line
@@ -127,7 +127,8 @@ public class ApkLiteParseUtils { 
                            null /* isFeatureSplits */, null /* usesSplitNames */,

                            null /* configForSplit */, null /* splitApkPaths */,

                            null /* splitRevisionCodes */, baseApk.getTargetSdkVersion(),

                            null /* requiredSplitTypes */, null /* splitTypes */));

                            null /* requiredSplitTypes */, null, /* splitTypes */

                            baseApk.isAllowUpdateOwnership()));

        } finally {

            Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

        }
@@ -273,7 +274,8 @@ public class ApkLiteParseUtils { 
        return input.success(

                new PackageLite(codePath, baseCodePath, baseApk, splitNames, isFeatureSplits,

                        usesSplitNames, configForSplits, splitCodePaths, splitRevisionCodes,

                        baseApk.getTargetSdkVersion(), requiredSplitTypes, splitTypes));

                        baseApk.getTargetSdkVersion(), requiredSplitTypes, splitTypes,

                        baseApk.isAllowUpdateOwnership()));

    }



    /**
@@ -400,6 +402,8 @@ public class ApkLiteParseUtils { 
                "isFeatureSplit", false);

        boolean isSplitRequired = parser.getAttributeBooleanValue(ANDROID_RES_NAMESPACE,

                "isSplitRequired", false);

        boolean allowUpdateOwnership = parser.getAttributeBooleanValue(ANDROID_RES_NAMESPACE,

                "allowUpdateOwnership", true);

        String configForSplit = parser.getAttributeValue(null, "configForSplit");



        int targetSdkVersion = DEFAULT_TARGET_SDK_VERSION;
@@ -583,7 +587,7 @@ public class ApkLiteParseUtils { 
                        overlayIsStatic, overlayPriority, requiredSystemPropertyName,

                        requiredSystemPropertyValue, minSdkVersion, targetSdkVersion,

                        rollbackDataPolicy, requiredSplitTypes.first, requiredSplitTypes.second,

                        hasDeviceAdminReceiver, isSdkLibrary));

                        hasDeviceAdminReceiver, isSdkLibrary, allowUpdateOwnership));

    }



    private static boolean isDeviceAdminReceiver(

core/java/android/content/pm/parsing/PackageLite.java

+18 −4
Original line number Diff line number Diff line
@@ -110,10 +110,16 @@ public class PackageLite { 
     */

    private final boolean mIsSdkLibrary;



    /**

     * Indicates if this package allows an installer to declare update ownership of it.

     */

    private final boolean mAllowUpdateOwnership;



    public PackageLite(String path, String baseApkPath, ApkLite baseApk,

            String[] splitNames, boolean[] isFeatureSplits, String[] usesSplitNames,

            String[] configForSplit, String[] splitApkPaths, int[] splitRevisionCodes,

            int targetSdk, Set<String>[] requiredSplitTypes, Set<String>[] splitTypes) {

            int targetSdk, Set<String>[] requiredSplitTypes, Set<String>[] splitTypes,

            boolean allowUpdateOwnership) {

        // The following paths may be different from the path in ApkLite because we

        // move or rename the APK files. Use parameters to indicate the correct paths.

        mPath = path;
@@ -144,6 +150,7 @@ public class PackageLite { 
        mSplitApkPaths = splitApkPaths;

        mSplitRevisionCodes = splitRevisionCodes;

        mTargetSdk = targetSdk;

        mAllowUpdateOwnership = allowUpdateOwnership;

    }



    /**
@@ -414,12 +421,19 @@ public class PackageLite { 
        return mIsSdkLibrary;

    }



    /**

     * Indicates if this package allows an installer to declare update ownership of it.

     */

    @DataClass.Generated.Member

    public boolean isAllowUpdateOwnership() {

        return mAllowUpdateOwnership;

    }



    @DataClass.Generated(

            time = 1643132127068L,

            time = 1680125514341L,

            codegenVersion = "1.0.23",

            sourceFile = "frameworks/base/core/java/android/content/pm/parsing/PackageLite.java",

            inputSignatures =

                    "private final @android.annotation.NonNull java.lang.String mPackageName\nprivate final @android.annotation.NonNull java.lang.String mPath\nprivate final @android.annotation.NonNull java.lang.String mBaseApkPath\nprivate final @android.annotation.Nullable java.lang.String[] mSplitApkPaths\nprivate final @android.annotation.Nullable java.lang.String[] mSplitNames\nprivate final @android.annotation.Nullable java.lang.String[] mUsesSplitNames\nprivate final @android.annotation.Nullable java.lang.String[] mConfigForSplit\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mBaseRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String>[] mRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String>[] mSplitTypes\nprivate final  int mVersionCodeMajor\nprivate final  int mVersionCode\nprivate final  int mTargetSdk\nprivate final  int mBaseRevisionCode\nprivate final @android.annotation.Nullable int[] mSplitRevisionCodes\nprivate final  int mInstallLocation\nprivate final @android.annotation.NonNull android.content.pm.VerifierInfo[] mVerifiers\nprivate final @android.annotation.Nullable boolean[] mIsFeatureSplits\nprivate final  boolean mIsolatedSplits\nprivate final  boolean mSplitRequired\nprivate final  boolean mCoreApp\nprivate final  boolean mDebuggable\nprivate final  boolean mMultiArch\nprivate final  boolean mUse32bitAbi\nprivate final  boolean mExtractNativeLibs\nprivate final  boolean mProfileableByShell\nprivate final  boolean mUseEmbeddedDex\nprivate final  boolean mIsSdkLibrary\npublic  java.util.List<java.lang.String> getAllApkPaths()\npublic  long getLongVersionCode()\nprivate  boolean hasAnyRequiredSplitTypes()\nclass PackageLite extends java.lang.Object implements []\n@com.android.internal.util.DataClass(genConstructor=false, genConstDefs=false)")

            inputSignatures = "private final @android.annotation.NonNull java.lang.String mPackageName\nprivate final @android.annotation.NonNull java.lang.String mPath\nprivate final @android.annotation.NonNull java.lang.String mBaseApkPath\nprivate final @android.annotation.Nullable java.lang.String[] mSplitApkPaths\nprivate final @android.annotation.Nullable java.lang.String[] mSplitNames\nprivate final @android.annotation.Nullable java.lang.String[] mUsesSplitNames\nprivate final @android.annotation.Nullable java.lang.String[] mConfigForSplit\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String> mBaseRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String>[] mRequiredSplitTypes\nprivate final @android.annotation.Nullable java.util.Set<java.lang.String>[] mSplitTypes\nprivate final  int mVersionCodeMajor\nprivate final  int mVersionCode\nprivate final  int mTargetSdk\nprivate final  int mBaseRevisionCode\nprivate final @android.annotation.Nullable int[] mSplitRevisionCodes\nprivate final  int mInstallLocation\nprivate final @android.annotation.NonNull android.content.pm.VerifierInfo[] mVerifiers\nprivate final @android.annotation.Nullable boolean[] mIsFeatureSplits\nprivate final  boolean mIsolatedSplits\nprivate final  boolean mSplitRequired\nprivate final  boolean mCoreApp\nprivate final  boolean mDebuggable\nprivate final  boolean mMultiArch\nprivate final  boolean mUse32bitAbi\nprivate final  boolean mExtractNativeLibs\nprivate final  boolean mProfileableByShell\nprivate final  boolean mUseEmbeddedDex\nprivate final  boolean mIsSdkLibrary\nprivate final  boolean mAllowUpdateOwnership\npublic  java.util.List<java.lang.String> getAllApkPaths()\npublic  long getLongVersionCode()\nprivate  boolean hasAnyRequiredSplitTypes()\nclass PackageLite extends java.lang.Object implements []\n@com.android.internal.util.DataClass(genConstructor=false, genConstDefs=false)")

    @Deprecated

    private void __metadata() {}

services/core/java/com/android/server/pm/PackageInstallerSession.java

+20 −24
Original line number Diff line number Diff line
@@ -745,6 +745,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
    @GuardedBy("mLock")

    private int mValidatedTargetSdk = INVALID_TARGET_SDK_VERSION;



    @GuardedBy("mLock")

    private boolean mAllowsUpdateOwnership = true;



    private static final FileFilter sAddedApkFilter = new FileFilter() {

        @Override

        public boolean accept(File file) {
@@ -866,13 +869,11 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 


    private static final int USER_ACTION_NOT_NEEDED = 0;

    private static final int USER_ACTION_REQUIRED = 1;

    private static final int USER_ACTION_PENDING_APK_PARSING = 2;

    private static final int USER_ACTION_REQUIRED_UPDATE_OWNER_REMINDER = 3;



    @IntDef({

            USER_ACTION_NOT_NEEDED,

            USER_ACTION_REQUIRED,

            USER_ACTION_PENDING_APK_PARSING,

            USER_ACTION_REQUIRED_UPDATE_OWNER_REMINDER,

    })

    @interface UserActionRequirement {}
@@ -963,11 +964,11 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
                && !isApexSession()

                && !isUpdateOwner

                && !isInstallerShell

                && mAllowsUpdateOwnership

                // We don't enforce the update ownership for the managed user and profile.

                && !isFromManagedUserOrProfile) {

            return USER_ACTION_REQUIRED_UPDATE_OWNER_REMINDER;

        }



        if (isPermissionGranted) {

            return USER_ACTION_NOT_NEEDED;

        }
@@ -982,7 +983,20 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
                && isUpdateWithoutUserActionPermissionGranted

                && ((isUpdateOwnershipEnforcementEnabled ? isUpdateOwner

                : isInstallerOfRecord) || isSelfUpdate)) {

            return USER_ACTION_PENDING_APK_PARSING;

            if (!isApexSession()) {

                if (!isTargetSdkConditionSatisfied(this)) {

                    return USER_ACTION_REQUIRED;

                }



                if (!mSilentUpdatePolicy.isSilentUpdateAllowed(

                        getInstallerPackageName(), getPackageName())) {

                    // Fall back to the non-silent update if a repeated installation is invoked

                    // within the throttle time.

                    return USER_ACTION_REQUIRED;

                }

                mSilentUpdatePolicy.track(getInstallerPackageName(), getPackageName());

                return USER_ACTION_NOT_NEEDED;

            }

        }



        return USER_ACTION_REQUIRED;
@@ -2363,26 +2377,6 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
            session.sendPendingUserActionIntent(target);

            return true;

        }



        if (!session.isApexSession() && userActionRequirement == USER_ACTION_PENDING_APK_PARSING) {

            if (!isTargetSdkConditionSatisfied(session)) {

                session.sendPendingUserActionIntent(target);

                return true;

            }



            if (session.params.requireUserAction == SessionParams.USER_ACTION_NOT_REQUIRED) {

                if (!session.mSilentUpdatePolicy.isSilentUpdateAllowed(

                        session.getInstallerPackageName(), session.getPackageName())) {

                    // Fall back to the non-silent update if a repeated installation is invoked

                    // within the throttle time.

                    session.sendPendingUserActionIntent(target);

                    return true;

                }

                session.mSilentUpdatePolicy.track(session.getInstallerPackageName(),

                        session.getPackageName());

            }

        }



        return false;

    }
@@ -3393,6 +3387,8 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
        // {@link PackageLite#getTargetSdk()}

        mValidatedTargetSdk = packageLite.getTargetSdk();



        mAllowsUpdateOwnership = packageLite.isAllowUpdateOwnership();



        return packageLite;

    }

services/core/java/com/android/server/pm/PackageManagerShellCommand.java

+1 −1
Original line number Diff line number Diff line
@@ -692,7 +692,7 @@ class PackageManagerShellCommand extends ShellCommand { 
                        null /* usesSplitNames */, null /* configForSplit */,

                        null /* splitApkPaths */, null /* splitRevisionCodes */,

                        apkLite.getTargetSdkVersion(), null /* requiredSplitTypes */,

                        null /* splitTypes */);

                        null /* splitTypes */, apkLite.isAllowUpdateOwnership());

                sessionSize += InstallLocationUtils.calculateInstalledSize(pkgLite,

                        params.sessionParams.abiOverride, fd.getFileDescriptor());

            } catch (IOException e) {