Merge "Add limits to session params" into main (b18e8dac) · Commits · e / os / android_frameworks_base

core/java/android/content/pm/PackageInstaller.java

+39 −0

Original line number	Diff line number	Diff line
		@@ -107,6 +107,7 @@ import java.security.cert.X509Certificate;
		import java.util.ArrayList;
		import java.util.Collection;
		import java.util.Collections;
		import java.util.HashSet;
		import java.util.Iterator;
		import java.util.List;
		import java.util.Objects;
		@@ -2815,6 +2816,11 @@ public class PackageInstaller {

		private final ArrayMap<String, Integer> mPermissionStates;

		/** {@hide} */
		public static final int MAX_URI_LENGTH = 2048;
		/** {@hide} */
		public static final int MAX_PERMISSION_STATES_SIZE = 16384;

		/**
		* Construct parameters for a new package install session.
		*
		@@ -2988,6 +2994,11 @@ public class PackageInstaller {
		* @see Intent#EXTRA_ORIGINATING_URI
		*/
		public void setOriginatingUri(@Nullable Uri originatingUri) {
		if (originatingUri != null
		&& originatingUri.toString().length() > MAX_URI_LENGTH) {
		throw new IllegalArgumentException(
		"Originating URI exceeds " + MAX_URI_LENGTH + " length");
		}
		this.originatingUri = originatingUri;
		}

		@@ -3006,6 +3017,10 @@ public class PackageInstaller {
		* @see Intent#EXTRA_REFERRER
		*/
		public void setReferrerUri(@Nullable Uri referrerUri) {
		if (referrerUri != null && referrerUri.toString().length() > MAX_URI_LENGTH) {
		throw new IllegalArgumentException(
		"Referrer URI exceeds " + MAX_URI_LENGTH + " length");
		}
		this.referrerUri = referrerUri;
		}

		@@ -3072,6 +3087,12 @@ public class PackageInstaller {
		throw new IllegalArgumentException("Provided permissionName cannot be "
		+ (permissionName == null ? "null" : "empty"));
		}
		if (state != PERMISSION_STATE_DEFAULT
		&& !validatePermissionStates(Set.of(permissionName))) {
		throw new IllegalArgumentException(
		"Permissions states exceeds size limits total size limit of "
		+ MAX_PERMISSION_STATES_SIZE + " in length");
		}

		switch (state) {
		case PERMISSION_STATE_DEFAULT:
		@@ -3088,9 +3109,27 @@ public class PackageInstaller {
		return this;
		}

		private boolean validatePermissionStates(Collection<String> permissionNames) {
		int totalLength = 0;
		for (String permission : mPermissionStates.keySet()) {
		totalLength += permission.length();
		}
		for (String permission : permissionNames) {
		totalLength += permission.length();
		}
		return totalLength <= MAX_PERMISSION_STATES_SIZE;
		}

		/** @hide */
		public void setPermissionStates(Collection<String> grantPermissions,
		Collection<String> denyPermissions) {
		Set<String> newPermissions = new HashSet<>(grantPermissions);
		newPermissions.addAll(denyPermissions);
		if (!validatePermissionStates(newPermissions)) {
		throw new IllegalArgumentException(
		"Permissions states exceeds size limits total size limit of "
		+ MAX_PERMISSION_STATES_SIZE + " in length");
		}
		for (String grantPermission : grantPermissions) {
		mPermissionStates.put(grantPermission, PERMISSION_STATE_GRANTED);
		}

services/core/java/com/android/server/pm/PackageInstallerService.java

+32 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,8 @@
		package com.android.server.pm;

		import static android.app.admin.DevicePolicyResources.Strings.Core.PACKAGE_DELETED_BY_DO;
		import static android.content.pm.PackageInstaller.SessionParams.MAX_PERMISSION_STATES_SIZE;
		import static android.content.pm.PackageInstaller.SessionParams.MAX_URI_LENGTH;
		import static android.content.pm.PackageInstaller.LOCATION_DATA_APP;
		import static android.content.pm.PackageInstaller.UNARCHIVAL_ERROR_INSTALLER_DISABLED;
		import static android.content.pm.PackageInstaller.UNARCHIVAL_ERROR_INSTALLER_UNINSTALLED;
		@@ -976,6 +978,28 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
		}
		}

		if (params.originatingUri != null
		&& params.originatingUri.toString().length() > MAX_URI_LENGTH) {
		throw new IllegalArgumentException(
		"Originating URI exceeds " + MAX_URI_LENGTH + " length limit");
		}

		if (params.referrerUri != null && params.referrerUri.toString().length() > MAX_URI_LENGTH) {
		throw new IllegalArgumentException(
		"Referrer URI exceeds " + MAX_URI_LENGTH + " length limit");
		}

		if (params.whitelistedRestrictedPermissions != null) {
		params.whitelistedRestrictedPermissions.retainAll(
		mPm.getAllPlatformRestrictedPermissions());
		}

		if (!validatePermissionStates(params.getPermissionStates())) {
		throw new IllegalArgumentException(
		"Permissions states exceeds total size limit "
		+ MAX_PERMISSION_STATES_SIZE + " in length");
		}

		int requestedInstallerPackageUid = INVALID_UID;
		if (requestedInstallerPackageName != null) {
		requestedInstallerPackageUid = snapshot.getPackageUid(requestedInstallerPackageName,
		@@ -1066,6 +1090,14 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
		return sessionId;
		}

		private boolean validatePermissionStates(Map<String, Integer> permissionStates) {
		int totalLength = 0;
		for (String permission : permissionStates.keySet()) {
		totalLength += permission.length();
		}
		return totalLength <= MAX_PERMISSION_STATES_SIZE;
		}

		int getExistingDraftSessionId(int installerUid,
		@NonNull SessionParams sessionParams, int userId) {
		synchronized (mSessions) {

services/core/java/com/android/server/pm/PackageManagerService.java

+23 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,7 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED
		import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED;
		import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER;
		import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
		import static android.content.pm.PackageManager.GET_PERMISSIONS;
		import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
		import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;
		import static android.content.pm.PackageManager.MATCH_DISABLED_COMPONENTS;
		@@ -284,6 +285,7 @@ import java.util.ArrayList;
		import java.util.Arrays;
		import java.util.Collections;
		import java.util.HashMap;
		import java.util.HashSet;
		import java.util.Iterator;
		import java.util.List;
		import java.util.Map;
		@@ -1014,6 +1016,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		private final StorageEventHelper mStorageEventHelper;
		private final FreeStorageHelper mFreeStorageHelper;

		private static Set<String> sRestrictedPermissions;

		private static final boolean ENABLE_BOOST = false;

		@@ -8318,4 +8321,24 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		return UserHandle.isSameApp(uid, Process.SYSTEM_UID)
		\|\| UserHandle.isSameApp(uid, Process.PHONE_UID);
		}

		/**
		* @hide
		*/
		@NonNull
		public Set<String> getAllPlatformRestrictedPermissions() {
		if (sRestrictedPermissions == null) {
		sRestrictedPermissions = new HashSet<>();
		PackageInfo pi = snapshotComputer().getPackageInfo(
		PLATFORM_PACKAGE_NAME, GET_PERMISSIONS, UserHandle.USER_SYSTEM);
		if (pi.permissions != null) {
		for (int i = 0; i < pi.permissions.length; i++) {
		if (pi.permissions[i].isRestricted()) {
		sRestrictedPermissions.add(pi.permissions[i].name);
		}
		}
		}
		}
		return sRestrictedPermissions;
		}
		}