Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d1cf4990 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

pm: Verify shared-user priv-app install location 

Apps that share a UID with a privileged app are privleged and
should live in /system/priv-app. Otherwise, fail
assertPackageIsValid().

On Taimen, this results in two additional apps failing:
com.android.providers.userdictionary
com.android.providers.downloads.ui

Test: Boot Taimen, verify apps are scanned correctly.
Bug: 71593002
Change-Id: I29b4dc8a2fea18248fe1f6aeee87ae3798028c60
parent 7b71dfe2

services/core/java/com/android/server/pm/PackageManagerService.java

+20 −0
Original line number Diff line number Diff line
@@ -10652,6 +10652,26 @@ public class PackageManagerService extends IPackageManager.Stub 
                    }

                }

            }













            // Verify that packages sharing a user with a privileged app are marked as privileged.













            if (!pkg.isPrivileged() && (pkg.mSharedUserId != null)) {













                SharedUserSetting sharedUserSetting = null;













                try {













                    sharedUserSetting = mSettings.getSharedUserLPw(pkg.mSharedUserId, 0, 0, false);













                } catch (PackageManagerException ignore) {}













                if (sharedUserSetting != null && sharedUserSetting.isPrivileged()) {













                    // Exempt SharedUsers signed with the platform key.













                    PackageSetting platformPkgSetting = mSettings.mPackages.get("android");













                    if ((platformPkgSetting.signatures.mSignatures != null) &&













                            (compareSignatures(platformPkgSetting.signatures.mSignatures,













                                pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH)) {













                        throw new PackageManagerException("Apps that share a user with a " +













                                "privileged app must themselves be marked as privileged. " +













                                pkg.packageName + " shares privileged user " +













                                pkg.mSharedUserId + ".");













                    }













                }













            }















        }















    }







































services/core/java/com/android/server/pm/SharedUserSetting.java



+5
−0




























Original line number
Diff line number
Diff line








@@ -17,6 +17,7 @@













package com.android.server.pm;































import android.annotation.Nullable;













import android.content.pm.ApplicationInfo;















import android.content.pm.PackageParser;















import android.service.pm.PackageServiceDumpProto;















import android.util.ArraySet;










@@ -102,4 +103,8 @@ public final class SharedUserSetting extends SettingBase {













        }















        return pkgList;















    }



























    public boolean isPrivileged() {













        return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;













    }















}