Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b80870ef authored by John Wu's avatar John Wu
Browse files

Prevent inheritKeyStoreKeys from taking effect on system UID apps 

When an app that used to share UID with system decided to leave shared
UID, it should not be allowed to inherit all keys from its previous UID
as that will nuke all system UID keys, breaking critical system
functionality.

Test: manual
Bug: 216560195
Change-Id: I27eea398b7c2ec624f1239aee72755cfb8d50339
parent c523daa4

services/core/java/com/android/server/pm/AppDataHelper.java

+5 −1
Original line number Diff line number Diff line
@@ -48,8 +48,8 @@ import com.android.server.SystemServerInitThreadPool; 
import com.android.server.pm.dex.ArtManagerService;

import com.android.server.pm.parsing.pkg.AndroidPackage;

import com.android.server.pm.parsing.pkg.AndroidPackageUtils;

import com.android.server.pm.pkg.SELinuxUtil;

import com.android.server.pm.pkg.PackageStateInternal;

import com.android.server.pm.pkg.SELinuxUtil;



import dalvik.system.VMRuntime;
@@ -549,6 +549,10 @@ final class AppDataHelper { 
    }



    public void migrateKeyStoreData(int previousAppId, int appId) {

        // If previous UID is system UID, declaring inheritKeyStoreKeys is not supported.

        // Silently ignore the request to migrate keys.

        if (previousAppId == Process.SYSTEM_UID) return;



        for (int userId : mPm.resolveUserIds(UserHandle.USER_ALL)) {

            int srcUid = UserHandle.getUid(userId, previousAppId);

            int destUid = UserHandle.getUid(userId, appId);