diff options
| author | Christopher Tate <ctate@google.com> | 2013-10-18 18:11:05 -0700 |
|---|---|---|
| committer | Christopher Tate <ctate@google.com> | 2013-10-18 18:11:05 -0700 |
| commit | 628946a6efd7931fac59b3236b58b53c58c6bf20 (patch) | |
| tree | 40b72cc6743feb05bdec751545e7b3dc8634655c /services/java/com/android/server/pm/PackageManagerService.java | |
| parent | da35dded4d7882567eab913b25a7cf2f456d2543 (diff) | |
Fix priv-app edge case across OTAs
In this case:
1. Privileged system app FOO is overlain by an installed update,
2. FOO was replaced during an OTA,
3. The new in-system FOO introduced new privileged permission requests
that had not been requested by the original FOO,
4. the update version of FOO still had a higher version code than
the new FOO on the system disk, and
5. the update version of FOO had been requesting these same (newly-
added-to-system-apk) permissions all along;
then the newly-added privileged permission requests were incorrectly being
refused. FOO should be able to use any privileged permission used by the
APK sited on the system disk; but instead, it was only being granted the
permissions used by the *original* version of FOO, even though the system
FOO now attempted to use them.
Still with me?
The fix is to (a) properly track privileged-install state when processing
known-to-be-hidden system packages, and (b) to tie the semantics of the
permission grant more explicitly to that evaluated state, rather than
using the prior (rather fragile) fixed-up privilege calculation applied
to the overlain apk's parse records.
Bug 11271490
Change-Id: Id8a45d667e52f3b5d18109e3620d5865f85bb9c9
Diffstat (limited to 'services/java/com/android/server/pm/PackageManagerService.java')
| -rwxr-xr-x | services/java/com/android/server/pm/PackageManagerService.java | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index fb6e9edcbb6c..95dc3738d0bc 100755 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -5566,9 +5566,9 @@ public class PackageManagerService extends IPackageManager.Stub { // version of the one on the data partition, but which // granted a new system permission that it didn't have // before. In this case we do want to allow the app to - // now get the new permission if the new system-partition - // apk is privileged to get it. - if (sysPs.pkg != null && isPrivilegedApp(pkg)) { + // now get the new permission if the ancestral apk is + // privileged to get it. + if (sysPs.pkg != null && sysPs.isPrivileged()) { for (int j=0; j<sysPs.pkg.requestedPermissions.size(); j++) { if (perm.equals( @@ -9370,7 +9370,7 @@ public class PackageManagerService extends IPackageManager.Stub { } } - boolean locationIsPrivileged(File path) { + static boolean locationIsPrivileged(File path) { try { final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app") .getCanonicalPath(); |