summaryrefslogtreecommitdiff
path: root/com/android/server/pm
diff options
context:
space:
mode:
Diffstat (limited to 'com/android/server/pm')
-rw-r--r--com/android/server/pm/Installer.java2
-rw-r--r--com/android/server/pm/InstantAppResolver.java2
-rw-r--r--com/android/server/pm/LauncherAppsService.java20
-rw-r--r--com/android/server/pm/OtaDexoptService.java2
-rw-r--r--com/android/server/pm/PackageDexOptimizer.java14
-rw-r--r--com/android/server/pm/PackageInstallerSession.java16
-rw-r--r--com/android/server/pm/PackageManagerService.java216
-rw-r--r--com/android/server/pm/PackageManagerShellCommand.java6
-rw-r--r--com/android/server/pm/PackageSettingBase.java12
-rw-r--r--com/android/server/pm/Settings.java21
-rw-r--r--com/android/server/pm/ShortcutPackageInfo.java17
-rw-r--r--com/android/server/pm/ShortcutService.java3
-rw-r--r--com/android/server/pm/permission/BasePermission.java28
-rw-r--r--com/android/server/pm/permission/DefaultPermissionGrantPolicy.java5
14 files changed, 226 insertions, 138 deletions
diff --git a/com/android/server/pm/Installer.java b/com/android/server/pm/Installer.java
index 9d3f48b4..45f1a2b8 100644
--- a/com/android/server/pm/Installer.java
+++ b/com/android/server/pm/Installer.java
@@ -67,6 +67,8 @@ public class Installer extends SystemService {
public static final int DEXOPT_ENABLE_HIDDEN_API_CHECKS = 1 << 10;
/** Indicates that dexopt should convert to CompactDex. */
public static final int DEXOPT_GENERATE_COMPACT_DEX = 1 << 11;
+ /** Indicates that dexopt should generate an app image */
+ public static final int DEXOPT_GENERATE_APP_IMAGE = 1 << 12;
// NOTE: keep in sync with installd
public static final int FLAG_CLEAR_CACHE_ONLY = 1 << 8;
diff --git a/com/android/server/pm/InstantAppResolver.java b/com/android/server/pm/InstantAppResolver.java
index bc9fa4b7..dbf0940f 100644
--- a/com/android/server/pm/InstantAppResolver.java
+++ b/com/android/server/pm/InstantAppResolver.java
@@ -256,8 +256,6 @@ public abstract class InstantAppResolver {
int flags = origIntent.getFlags();
final Intent intent = new Intent();
intent.setFlags(flags
- | Intent.FLAG_ACTIVITY_NEW_TASK
- | Intent.FLAG_ACTIVITY_CLEAR_TASK
| Intent.FLAG_ACTIVITY_NO_HISTORY
| Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
if (token != null) {
diff --git a/com/android/server/pm/LauncherAppsService.java b/com/android/server/pm/LauncherAppsService.java
index 8e78703f..595de9e3 100644
--- a/com/android/server/pm/LauncherAppsService.java
+++ b/com/android/server/pm/LauncherAppsService.java
@@ -39,6 +39,7 @@ import android.content.pm.ResolveInfo;
import android.content.pm.ShortcutInfo;
import android.content.pm.ShortcutServiceInternal;
import android.content.pm.ShortcutServiceInternal.ShortcutChangeListener;
+import android.content.pm.UserInfo;
import android.graphics.Rect;
import android.net.Uri;
import android.os.Binder;
@@ -49,6 +50,7 @@ import android.os.ParcelFileDescriptor;
import android.os.RemoteCallbackList;
import android.os.RemoteException;
import android.os.UserHandle;
+import android.os.UserManager;
import android.os.UserManagerInternal;
import android.provider.Settings;
import android.util.Log;
@@ -101,6 +103,7 @@ public class LauncherAppsService extends SystemService {
private static final boolean DEBUG = false;
private static final String TAG = "LauncherAppsService";
private final Context mContext;
+ private final UserManager mUm;
private final UserManagerInternal mUserManagerInternal;
private final ActivityManagerInternal mActivityManagerInternal;
private final ShortcutServiceInternal mShortcutServiceInternal;
@@ -113,6 +116,7 @@ public class LauncherAppsService extends SystemService {
public LauncherAppsImpl(Context context) {
mContext = context;
+ mUm = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
mUserManagerInternal = Preconditions.checkNotNull(
LocalServices.getService(UserManagerInternal.class));
mActivityManagerInternal = Preconditions.checkNotNull(
@@ -233,6 +237,22 @@ public class LauncherAppsService extends SystemService {
* group.
*/
private boolean canAccessProfile(int targetUserId, String message) {
+ final int callingUserId = injectCallingUserId();
+
+ if (targetUserId == callingUserId) return true;
+
+ long ident = injectClearCallingIdentity();
+ try {
+ final UserInfo callingUserInfo = mUm.getUserInfo(callingUserId);
+ if (callingUserInfo != null && callingUserInfo.isManagedProfile()) {
+ Slog.w(TAG, message + " for another profile "
+ + targetUserId + " from " + callingUserId + " not allowed");
+ return false;
+ }
+ } finally {
+ injectRestoreCallingIdentity(ident);
+ }
+
return mUserManagerInternal.isProfileAccessible(injectCallingUserId(), targetUserId,
message, true);
}
diff --git a/com/android/server/pm/OtaDexoptService.java b/com/android/server/pm/OtaDexoptService.java
index 5a7893aa..320affb1 100644
--- a/com/android/server/pm/OtaDexoptService.java
+++ b/com/android/server/pm/OtaDexoptService.java
@@ -267,7 +267,7 @@ public class OtaDexoptService extends IOtaDexopt.Stub {
final StringBuilder builder = new StringBuilder();
// The current version.
- builder.append("8 ");
+ builder.append("9 ");
builder.append("dexopt");
diff --git a/com/android/server/pm/PackageDexOptimizer.java b/com/android/server/pm/PackageDexOptimizer.java
index 892fa12d..ebab1a72 100644
--- a/com/android/server/pm/PackageDexOptimizer.java
+++ b/com/android/server/pm/PackageDexOptimizer.java
@@ -60,6 +60,7 @@ import static com.android.server.pm.Installer.DEXOPT_STORAGE_DE;
import static com.android.server.pm.Installer.DEXOPT_IDLE_BACKGROUND_JOB;
import static com.android.server.pm.Installer.DEXOPT_ENABLE_HIDDEN_API_CHECKS;
import static com.android.server.pm.Installer.DEXOPT_GENERATE_COMPACT_DEX;
+import static com.android.server.pm.Installer.DEXOPT_GENERATE_APP_IMAGE;
import static com.android.server.pm.InstructionSets.getAppDexInstructionSets;
import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets;
@@ -521,6 +522,10 @@ public class PackageDexOptimizer {
return getDexFlags(pkg.applicationInfo, compilerFilter, options);
}
+ private boolean isAppImageEnabled() {
+ return SystemProperties.get("dalvik.vm.appimageformat", "").length() > 0;
+ }
+
private int getDexFlags(ApplicationInfo info, String compilerFilter, DexoptOptions options) {
int flags = info.flags;
boolean debuggable = (flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
@@ -547,6 +552,14 @@ public class PackageDexOptimizer {
case PackageManagerService.REASON_INSTALL:
generateCompactDex = false;
}
+ // Use app images only if it is enabled and we are compiling
+ // profile-guided (so the app image doesn't conservatively contain all classes).
+ // If the app didn't request for the splits to be loaded in isolation or if it does not
+ // declare inter-split dependencies, then all the splits will be loaded in the base
+ // apk class loader (in the order of their definition, otherwise disable app images
+ // because they are unsupported for multiple class loaders. b/7269679
+ boolean generateAppImage = isProfileGuidedFilter && (info.splitDependencies == null ||
+ !info.requestsIsolatedSplitLoading()) && isAppImageEnabled();
int dexFlags =
(isPublic ? DEXOPT_PUBLIC : 0)
| (debuggable ? DEXOPT_DEBUGGABLE : 0)
@@ -554,6 +567,7 @@ public class PackageDexOptimizer {
| (options.isBootComplete() ? DEXOPT_BOOTCOMPLETE : 0)
| (options.isDexoptIdleBackgroundJob() ? DEXOPT_IDLE_BACKGROUND_JOB : 0)
| (generateCompactDex ? DEXOPT_GENERATE_COMPACT_DEX : 0)
+ | (generateAppImage ? DEXOPT_GENERATE_APP_IMAGE : 0)
| hiddenApiFlag;
return adjustDexoptFlags(dexFlags);
}
diff --git a/com/android/server/pm/PackageInstallerSession.java b/com/android/server/pm/PackageInstallerSession.java
index ee326185..f7a02156 100644
--- a/com/android/server/pm/PackageInstallerSession.java
+++ b/com/android/server/pm/PackageInstallerSession.java
@@ -122,8 +122,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
private static final boolean LOGD = true;
private static final String REMOVE_SPLIT_MARKER_EXTENSION = ".removed";
- private static final int MSG_COMMIT = 0;
- private static final int MSG_ON_PACKAGE_INSTALLED = 1;
+ private static final int MSG_EARLY_BIND = 0;
+ private static final int MSG_COMMIT = 1;
+ private static final int MSG_ON_PACKAGE_INSTALLED = 2;
/** XML constants used for persisting a session */
static final String TAG_SESSION = "session";
@@ -280,6 +281,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
@Override
public boolean handleMessage(Message msg) {
switch (msg.what) {
+ case MSG_EARLY_BIND:
+ earlyBindToDefContainer();
+ break;
case MSG_COMMIT:
synchronized (mLock) {
try {
@@ -315,6 +319,10 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
}
};
+ private void earlyBindToDefContainer() {
+ mPm.earlyBindToDefContainer();
+ }
+
/**
* @return {@code true} iff the installing is app an device owner or affiliated profile owner.
*/
@@ -410,6 +418,10 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
} finally {
Binder.restoreCallingIdentity(identity);
}
+ // attempt to bind to the DefContainer as early as possible
+ if ((params.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) {
+ mHandler.sendMessage(mHandler.obtainMessage(MSG_EARLY_BIND));
+ }
}
public SessionInfo generateInfo() {
diff --git a/com/android/server/pm/PackageManagerService.java b/com/android/server/pm/PackageManagerService.java
index 2e530af8..a0476041 100644
--- a/com/android/server/pm/PackageManagerService.java
+++ b/com/android/server/pm/PackageManagerService.java
@@ -17,12 +17,12 @@
package com.android.server.pm;
import static android.Manifest.permission.DELETE_PACKAGES;
-import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;
-import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;
import static android.Manifest.permission.INSTALL_PACKAGES;
+import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;
import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
import static android.Manifest.permission.REQUEST_DELETE_PACKAGES;
+import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;
import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
import static android.content.pm.PackageManager.CERT_INPUT_RAW_X509;
import static android.content.pm.PackageManager.CERT_INPUT_SHA256;
@@ -167,8 +167,8 @@ import android.content.pm.PackageInfoLite;
import android.content.pm.PackageInstaller;
import android.content.pm.PackageList;
import android.content.pm.PackageManager;
-import android.content.pm.PackageManagerInternal;
import android.content.pm.PackageManager.LegacyPackageDeleteObserver;
+import android.content.pm.PackageManagerInternal;
import android.content.pm.PackageManagerInternal.PackageListObserver;
import android.content.pm.PackageParser;
import android.content.pm.PackageParser.ActivityIntentInfo;
@@ -274,6 +274,7 @@ import com.android.internal.R;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.app.IMediaContainerService;
import com.android.internal.app.ResolverActivity;
+import com.android.internal.app.SuspendedAppActivity;
import com.android.internal.content.NativeLibraryHelper;
import com.android.internal.content.PackageHelper;
import com.android.internal.logging.MetricsLogger;
@@ -310,10 +311,10 @@ import com.android.server.pm.dex.DexoptOptions;
import com.android.server.pm.dex.PackageDexUsage;
import com.android.server.pm.permission.BasePermission;
import com.android.server.pm.permission.DefaultPermissionGrantPolicy;
-import com.android.server.pm.permission.PermissionManagerService;
-import com.android.server.pm.permission.PermissionManagerInternal;
import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;
+import com.android.server.pm.permission.PermissionManagerInternal;
import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
+import com.android.server.pm.permission.PermissionManagerService;
import com.android.server.pm.permission.PermissionsState;
import com.android.server.pm.permission.PermissionsState.PermissionState;
import com.android.server.security.VerityUtils;
@@ -1326,6 +1327,7 @@ public class PackageManagerService extends IPackageManager.Stub
static final int INTENT_FILTER_VERIFIED = 18;
static final int WRITE_PACKAGE_LIST = 19;
static final int INSTANT_APP_RESOLUTION_PHASE_TWO = 20;
+ static final int DEF_CONTAINER_BIND = 21;
static final int WRITE_SETTINGS_DELAY = 10*1000; // 10 seconds
@@ -1417,8 +1419,7 @@ public class PackageManagerService extends IPackageManager.Stub
new ArrayList<HandlerParams>();
private boolean connectToService() {
- if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to bind to" +
- " DefaultContainerService");
+ if (DEBUG_INSTALL) Log.i(TAG, "Trying to bind to DefaultContainerService");
Intent service = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT);
Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT);
if (mContext.bindServiceAsUser(service, mDefContainerConn,
@@ -1453,6 +1454,17 @@ public class PackageManagerService extends IPackageManager.Stub
void doHandleMessage(Message msg) {
switch (msg.what) {
+ case DEF_CONTAINER_BIND:
+ if (!mBound) {
+ Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "earlyBindingMCS",
+ System.identityHashCode(mHandler));
+ if (!connectToService()) {
+ Slog.e(TAG, "Failed to bind to media container service");
+ }
+ Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "earlyBindingMCS",
+ System.identityHashCode(mHandler));
+ }
+ break;
case INIT_COPY: {
HandlerParams params = (HandlerParams) msg.obj;
int idx = mPendingInstalls.size();
@@ -1511,7 +1523,6 @@ public class PackageManagerService extends IPackageManager.Stub
Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER,
params.traceMethod, params.traceCookie);
}
- return;
}
mPendingInstalls.clear();
} else {
@@ -3935,7 +3946,7 @@ public class PackageManagerService extends IPackageManager.Stub
ai.uid = UserHandle.getUid(userId, ps.appId);
ai.primaryCpuAbi = ps.primaryCpuAbiString;
ai.secondaryCpuAbi = ps.secondaryCpuAbiString;
- ai.versionCode = ps.versionCode;
+ ai.setVersionCode(ps.versionCode);
ai.flags = ps.pkgFlags;
ai.privateFlags = ps.pkgPrivateFlags;
pi.applicationInfo = PackageParser.generateApplicationInfo(ai, flags, state, userId);
@@ -5932,8 +5943,8 @@ public class PackageManagerService extends IPackageManager.Stub
@Override
public ResolveInfo resolveIntent(Intent intent, String resolvedType,
int flags, int userId) {
- return resolveIntentInternal(
- intent, resolvedType, flags, userId, false /*resolveForStart*/);
+ return resolveIntentInternal(intent, resolvedType, flags, userId, false,
+ Binder.getCallingUid());
}
/**
@@ -5942,19 +5953,19 @@ public class PackageManagerService extends IPackageManager.Stub
* since we need to allow the system to start any installed application.
*/
private ResolveInfo resolveIntentInternal(Intent intent, String resolvedType,
- int flags, int userId, boolean resolveForStart) {
+ int flags, int userId, boolean resolveForStart, int filterCallingUid) {
try {
Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "resolveIntent");
if (!sUserManager.exists(userId)) return null;
final int callingUid = Binder.getCallingUid();
- flags = updateFlagsForResolve(flags, userId, intent, callingUid, resolveForStart);
+ flags = updateFlagsForResolve(flags, userId, intent, filterCallingUid, resolveForStart);
mPermissionManager.enforceCrossUserPermission(callingUid, userId,
false /*requireFullPermission*/, false /*checkShell*/, "resolve intent");
Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "queryIntentActivities");
final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType,
- flags, callingUid, userId, resolveForStart, true /*allowDynamicSplits*/);
+ flags, filterCallingUid, userId, resolveForStart, true /*allowDynamicSplits*/);
Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
final ResolveInfo bestChoice =
@@ -6762,7 +6773,7 @@ public class PackageManagerService extends IPackageManager.Stub
// the instant application, we'll do the right thing.
final ApplicationInfo ai = localInstantApp.activityInfo.applicationInfo;
auxiliaryResponse = new AuxiliaryResolveInfo(null /* failureActivity */,
- ai.packageName, ai.versionCode, null /* splitName */);
+ ai.packageName, ai.longVersionCode, null /* splitName */);
}
}
if (intent.isWebIntent() && auxiliaryResponse == null) {
@@ -6946,7 +6957,7 @@ public class PackageManagerService extends IPackageManager.Stub
installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo(
installFailureActivity,
info.activityInfo.packageName,
- info.activityInfo.applicationInfo.versionCode,
+ info.activityInfo.applicationInfo.longVersionCode,
info.activityInfo.splitName);
// add a non-generic filter
installerInfo.filter = new IntentFilter();
@@ -7692,7 +7703,7 @@ public class PackageManagerService extends IPackageManager.Stub
installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo(
null /* installFailureActivity */,
info.serviceInfo.packageName,
- info.serviceInfo.applicationInfo.versionCode,
+ info.serviceInfo.applicationInfo.longVersionCode,
info.serviceInfo.splitName);
// add a non-generic filter
installerInfo.filter = new IntentFilter();
@@ -7810,7 +7821,7 @@ public class PackageManagerService extends IPackageManager.Stub
installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo(
null /*failureActivity*/,
info.providerInfo.packageName,
- info.providerInfo.applicationInfo.versionCode,
+ info.providerInfo.applicationInfo.longVersionCode,
info.providerInfo.splitName);
// add a non-generic filter
installerInfo.filter = new IntentFilter();
@@ -8185,35 +8196,22 @@ public class PackageManagerService extends IPackageManager.Stub
private ProviderInfo resolveContentProviderInternal(String name, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
flags = updateFlagsForComponent(flags, userId, name);
- final String instantAppPkgName = getInstantAppPackageName(Binder.getCallingUid());
- // reader
+ final int callingUid = Binder.getCallingUid();
synchronized (mPackages) {
final PackageParser.Provider provider = mProvidersByAuthority.get(name);
PackageSetting ps = provider != null
? mSettings.mPackages.get(provider.owner.packageName)
: null;
if (ps != null) {
- final boolean isInstantApp = ps.getInstantApp(userId);
- // normal application; filter out instant application provider
- if (instantAppPkgName == null && isInstantApp) {
- return null;
- }
- // instant application; filter out other instant applications
- if (instantAppPkgName != null
- && isInstantApp
- && !provider.owner.packageName.equals(instantAppPkgName)) {
- return null;
- }
- // instant application; filter out non-exposed provider
- if (instantAppPkgName != null
- && !isInstantApp
- && (provider.info.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0) {
- return null;
- }
// provider not enabled
if (!mSettings.isEnabledAndMatchLPr(provider.info, flags, userId)) {
return null;
}
+ final ComponentName component =
+ new ComponentName(provider.info.packageName, provider.info.name);
+ if (filterAppAccessLPr(ps, callingUid, component, TYPE_PROVIDER, userId)) {
+ return null;
+ }
return PackageParser.generateProviderInfo(
provider, flags, ps.readUserState(userId), userId);
}
@@ -8702,7 +8700,7 @@ public class PackageManagerService extends IPackageManager.Stub
disabledPkgSetting /* pkgSetting */, null /* disabledPkgSetting */,
null /* originalPkgSetting */, null, parseFlags, scanFlags,
(pkg == mPlatformPackage), user);
- applyPolicy(pkg, parseFlags, scanFlags);
+ applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage);
scanPackageOnlyLI(request, mFactoryTest, -1L);
}
}
@@ -9709,7 +9707,7 @@ public class PackageManagerService extends IPackageManager.Stub
if (expectedCertDigests.length > 1) {
// For apps targeting O MR1 we require explicit enumeration of all certs.
- final String[] libCertDigests = (targetSdk > Build.VERSION_CODES.O)
+ final String[] libCertDigests = (targetSdk >= Build.VERSION_CODES.O_MR1)
? PackageUtils.computeSignaturesSha256Digests(
libPkg.mSigningDetails.signatures)
: PackageUtils.computeSignaturesSha256Digests(
@@ -10021,7 +10019,7 @@ public class PackageManagerService extends IPackageManager.Stub
scanFlags = adjustScanFlags(scanFlags, pkgSetting, disabledPkgSetting, user, pkg);
synchronized (mPackages) {
- applyPolicy(pkg, parseFlags, scanFlags);
+ applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage);
assertPackageIsValid(pkg, parseFlags, scanFlags);
SharedUserSetting sharedUserSetting = null;
@@ -10184,20 +10182,10 @@ public class PackageManagerService extends IPackageManager.Stub
// The signature has changed, but this package is in the system
// image... let's recover!
pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
- // However... if this package is part of a shared user, but it
- // doesn't match the signature of the shared user, let's fail.
- // What this means is that you can't change the signatures
- // associated with an overall shared user, which doesn't seem all
- // that unreasonable.
+ // If the system app is part of a shared user we allow that shared user to change
+ // signatures as well in part as part of an OTA.
if (signatureCheckPs.sharedUser != null) {
- if (compareSignatures(
- signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,
- pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {
- throw new PackageManagerException(
- INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
- "Signature mismatch for shared user: "
- + pkgSetting.sharedUser);
- }
+ signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;
}
// File a report about this.
String msg = "System package " + pkg.packageName
@@ -10701,7 +10689,7 @@ public class PackageManagerService extends IPackageManager.Stub
* ideally be static, but, it requires locks to read system state.
*/
private static void applyPolicy(PackageParser.Package pkg, final @ParseFlags int parseFlags,
- final @ScanFlags int scanFlags) {
+ final @ScanFlags int scanFlags, PackageParser.Package platformPkg) {
if ((scanFlags & SCAN_AS_SYSTEM) != 0) {
pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM;
if (pkg.applicationInfo.isDirectBootAware()) {
@@ -10787,6 +10775,15 @@ public class PackageManagerService extends IPackageManager.Stub
pkg.applicationInfo.privateFlags |= ApplicationInfo.PRIVATE_FLAG_PRODUCT;
}
+ // Check if the package is signed with the same key as the platform package.
+ if (PLATFORM_PACKAGE_NAME.equals(pkg.packageName) ||
+ (platformPkg != null && compareSignatures(
+ platformPkg.mSigningDetails.signatures,
+ pkg.mSigningDetails.signatures) == PackageManager.SIGNATURE_MATCH)) {
+ pkg.applicationInfo.privateFlags |=
+ ApplicationInfo.PRIVATE_FLAG_SIGNED_WITH_PLATFORM_KEY;
+ }
+
if (!isSystemApp(pkg)) {
// Only system apps can use these features.
pkg.mOriginalPackages = null;
@@ -13634,6 +13631,14 @@ public class PackageManagerService extends IPackageManager.Stub
return installReason;
}
+ /**
+ * Attempts to bind to the default container service explicitly instead of doing so lazily on
+ * install commit.
+ */
+ void earlyBindToDefContainer() {
+ mHandler.sendMessage(mHandler.obtainMessage(DEF_CONTAINER_BIND));
+ }
+
void installStage(String packageName, File stagedDir,
IPackageInstallObserver2 observer, PackageInstaller.SessionParams sessionParams,
String installerPackageName, int installerUid, UserHandle user,
@@ -13991,8 +13996,8 @@ public class PackageManagerService extends IPackageManager.Stub
@Override
public String[] setPackagesSuspendedAsUser(String[] packageNames, boolean suspended,
- PersistableBundle appExtras, PersistableBundle launcherExtras, String callingPackage,
- int userId) {
+ PersistableBundle appExtras, PersistableBundle launcherExtras, String dialogMessage,
+ String callingPackage, int userId) {
try {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.SUSPEND_APPS, null);
} catch (SecurityException e) {
@@ -14006,7 +14011,7 @@ public class PackageManagerService extends IPackageManager.Stub
"setPackagesSuspended for user " + userId);
if (callingUid != Process.ROOT_UID &&
!UserHandle.isSameApp(getPackageUid(callingPackage, 0, userId), callingUid)) {
- throw new IllegalArgumentException("callingPackage " + callingPackage + " does not"
+ throw new IllegalArgumentException("CallingPackage " + callingPackage + " does not"
+ " belong to calling app id " + UserHandle.getAppId(callingUid));
}
@@ -14030,20 +14035,18 @@ public class PackageManagerService extends IPackageManager.Stub
final PackageSetting pkgSetting = mSettings.mPackages.get(packageName);
if (pkgSetting == null
|| filterAppAccessLPr(pkgSetting, callingUid, userId)) {
- Slog.w(TAG, "Could not find package setting for package \"" + packageName
- + "\". Skipping suspending/un-suspending.");
+ Slog.w(TAG, "Could not find package setting for package: " + packageName
+ + ". Skipping suspending/un-suspending.");
unactionedPackages.add(packageName);
continue;
}
- if (pkgSetting.getSuspended(userId) != suspended) {
- if (!canSuspendPackageForUserLocked(packageName, userId)) {
- unactionedPackages.add(packageName);
- continue;
- }
- pkgSetting.setSuspended(suspended, callingPackage, appExtras,
- launcherExtras, userId);
- changedPackagesList.add(packageName);
+ if (!canSuspendPackageForUserLocked(packageName, userId)) {
+ unactionedPackages.add(packageName);
+ continue;
}
+ pkgSetting.setSuspended(suspended, callingPackage, dialogMessage, appExtras,
+ launcherExtras, userId);
+ changedPackagesList.add(packageName);
}
}
} finally {
@@ -14058,7 +14061,6 @@ public class PackageManagerService extends IPackageManager.Stub
scheduleWritePackageRestrictionsLocked(userId);
}
}
-
return unactionedPackages.toArray(new String[unactionedPackages.size()]);
}
@@ -14066,7 +14068,8 @@ public class PackageManagerService extends IPackageManager.Stub
public PersistableBundle getSuspendedPackageAppExtras(String packageName, int userId) {
final int callingUid = Binder.getCallingUid();
if (getPackageUid(packageName, 0, userId) != callingUid) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null);
+ throw new SecurityException("Calling package " + packageName
+ + " does not belong to calling uid " + callingUid);
}
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
@@ -14081,25 +14084,6 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
- @Override
- public void setSuspendedPackageAppExtras(String packageName, PersistableBundle appExtras,
- int userId) {
- final int callingUid = Binder.getCallingUid();
- mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null);
- synchronized (mPackages) {
- final PackageSetting ps = mSettings.mPackages.get(packageName);
- if (ps == null || filterAppAccessLPr(ps, callingUid, userId)) {
- throw new IllegalArgumentException("Unknown target package: " + packageName);
- }
- final PackageUserState packageUserState = ps.readUserState(userId);
- if (packageUserState.suspended) {
- packageUserState.suspendedAppExtras = appExtras;
- sendMyPackageSuspendedOrUnsuspended(new String[] {packageName}, true, appExtras,
- userId);
- }
- }
- }
-
private void sendMyPackageSuspendedOrUnsuspended(String[] affectedPackages, boolean suspended,
PersistableBundle appExtras, int userId) {
final String action;
@@ -14142,9 +14126,6 @@ public class PackageManagerService extends IPackageManager.Stub
mPermissionManager.enforceCrossUserPermission(callingUid, userId,
true /* requireFullPermission */, false /* checkShell */,
"isPackageSuspendedForUser for user " + userId);
- if (getPackageUid(packageName, 0, userId) != callingUid) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null);
- }
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (ps == null || filterAppAccessLPr(ps, callingUid, userId)) {
@@ -14154,18 +14135,26 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
- void onSuspendingPackageRemoved(String packageName, int userId) {
- final int[] userIds = (userId == UserHandle.USER_ALL) ? sUserManager.getUserIds()
- : new int[] {userId};
- synchronized (mPackages) {
- for (PackageSetting ps : mSettings.mPackages.values()) {
- for (int user : userIds) {
- final PackageUserState pus = ps.readUserState(user);
+ void onSuspendingPackageRemoved(String packageName, int removedForUser) {
+ final int[] userIds = (removedForUser == UserHandle.USER_ALL) ? sUserManager.getUserIds()
+ : new int[] {removedForUser};
+ for (int userId : userIds) {
+ List<String> affectedPackages = new ArrayList<>();
+ synchronized (mPackages) {
+ for (PackageSetting ps : mSettings.mPackages.values()) {
+ final PackageUserState pus = ps.readUserState(userId);
if (pus.suspended && packageName.equals(pus.suspendingPackage)) {
- ps.setSuspended(false, null, null, null, user);
+ ps.setSuspended(false, null, null, null, null, userId);
+ affectedPackages.add(ps.name);
}
}
}
+ if (!affectedPackages.isEmpty()) {
+ final String[] packageArray = affectedPackages.toArray(
+ new String[affectedPackages.size()]);
+ sendMyPackageSuspendedOrUnsuspended(packageArray, false, null, userId);
+ sendPackagesSuspendedForUser(packageArray, userId, false, null);
+ }
}
}
@@ -18896,6 +18885,7 @@ public class PackageManagerService extends IPackageManager.Stub
false /*hidden*/,
false /*suspended*/,
null, /*suspendingPackage*/
+ null, /*dialogMessage*/
null, /*suspendedAppExtras*/
null, /*suspendedLauncherExtras*/
false /*instantApp*/,
@@ -23780,6 +23770,30 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
}
@Override
+ public boolean isPackageSuspended(String packageName, int userId) {
+ synchronized (mPackages) {
+ final PackageSetting ps = mSettings.mPackages.get(packageName);
+ return (ps != null) ? ps.getSuspended(userId) : false;
+ }
+ }
+
+ @Override
+ public String getSuspendingPackage(String suspendedPackage, int userId) {
+ synchronized (mPackages) {
+ final PackageSetting ps = mSettings.mPackages.get(suspendedPackage);
+ return (ps != null) ? ps.readUserState(userId).suspendingPackage : null;
+ }
+ }
+
+ @Override
+ public String getSuspendedDialogMessage(String suspendedPackage, int userId) {
+ synchronized (mPackages) {
+ final PackageSetting ps = mSettings.mPackages.get(suspendedPackage);
+ return (ps != null) ? ps.readUserState(userId).dialogMessage : null;
+ }
+ }
+
+ @Override
public int getPackageUid(String packageName, int flags, int userId) {
return PackageManagerService.this
.getPackageUid(packageName, flags, userId);
@@ -24001,9 +24015,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
@Override
public ResolveInfo resolveIntent(Intent intent, String resolvedType,
- int flags, int userId, boolean resolveForStart) {
+ int flags, int userId, boolean resolveForStart, int filterCallingUid) {
return resolveIntentInternal(
- intent, resolvedType, flags, userId, resolveForStart);
+ intent, resolvedType, flags, userId, resolveForStart, filterCallingUid);
}
@Override
diff --git a/com/android/server/pm/PackageManagerShellCommand.java b/com/android/server/pm/PackageManagerShellCommand.java
index 28e32a54..a92fbb67 100644
--- a/com/android/server/pm/PackageManagerShellCommand.java
+++ b/com/android/server/pm/PackageManagerShellCommand.java
@@ -1505,6 +1505,7 @@ class PackageManagerShellCommand extends ShellCommand {
private int runSuspend(boolean suspendedState) {
final PrintWriter pw = getOutPrintWriter();
int userId = UserHandle.USER_SYSTEM;
+ String dialogMessage = null;
final PersistableBundle appExtras = new PersistableBundle();
final PersistableBundle launcherExtras = new PersistableBundle();
String opt;
@@ -1513,6 +1514,9 @@ class PackageManagerShellCommand extends ShellCommand {
case "--user":
userId = UserHandle.parseUserArg(getNextArgRequired());
break;
+ case "--dialogMessage":
+ dialogMessage = getNextArgRequired();
+ break;
case "--ael":
case "--aes":
case "--aed":
@@ -1553,7 +1557,7 @@ class PackageManagerShellCommand extends ShellCommand {
(Binder.getCallingUid() == Process.ROOT_UID) ? "root" : "com.android.shell";
try {
mInterface.setPackagesSuspendedAsUser(new String[]{packageName}, suspendedState,
- appExtras, launcherExtras, callingPackage, userId);
+ appExtras, launcherExtras, dialogMessage, callingPackage, userId);
pw.println("Package " + packageName + " new suspended state: "
+ mInterface.isPackageSuspendedForUser(packageName, userId));
return 0;
diff --git a/com/android/server/pm/PackageSettingBase.java b/com/android/server/pm/PackageSettingBase.java
index 008a81cd..138594cc 100644
--- a/com/android/server/pm/PackageSettingBase.java
+++ b/com/android/server/pm/PackageSettingBase.java
@@ -20,8 +20,6 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
-import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;
-
import android.content.pm.ApplicationInfo;
import android.content.pm.IntentFilterVerificationInfo;
import android.content.pm.PackageManager;
@@ -398,11 +396,12 @@ public abstract class PackageSettingBase extends SettingBase {
return readUserState(userId).suspended;
}
- void setSuspended(boolean suspended, String suspendingPackage, PersistableBundle appExtras,
- PersistableBundle launcherExtras, int userId) {
+ void setSuspended(boolean suspended, String suspendingPackage, String dialogMessage,
+ PersistableBundle appExtras, PersistableBundle launcherExtras, int userId) {
final PackageUserState existingUserState = modifyUserState(userId);
existingUserState.suspended = suspended;
existingUserState.suspendingPackage = suspended ? suspendingPackage : null;
+ existingUserState.dialogMessage = suspended ? dialogMessage : null;
existingUserState.suspendedAppExtras = suspended ? appExtras : null;
existingUserState.suspendedLauncherExtras = suspended ? launcherExtras : null;
}
@@ -425,8 +424,8 @@ public abstract class PackageSettingBase extends SettingBase {
void setUserState(int userId, long ceDataInode, int enabled, boolean installed, boolean stopped,
boolean notLaunched, boolean hidden, boolean suspended, String suspendingPackage,
- PersistableBundle suspendedAppExtras, PersistableBundle suspendedLauncherExtras,
- boolean instantApp,
+ String dialogMessage, PersistableBundle suspendedAppExtras,
+ PersistableBundle suspendedLauncherExtras, boolean instantApp,
boolean virtualPreload, String lastDisableAppCaller,
ArraySet<String> enabledComponents, ArraySet<String> disabledComponents,
int domainVerifState, int linkGeneration, int installReason,
@@ -440,6 +439,7 @@ public abstract class PackageSettingBase extends SettingBase {
state.hidden = hidden;
state.suspended = suspended;
state.suspendingPackage = suspendingPackage;
+ state.dialogMessage = dialogMessage;
state.suspendedAppExtras = suspendedAppExtras;
state.suspendedLauncherExtras = suspendedLauncherExtras;
state.lastDisableAppCaller = lastDisableAppCaller;
diff --git a/com/android/server/pm/Settings.java b/com/android/server/pm/Settings.java
index d0e85443..898ecf3c 100644
--- a/com/android/server/pm/Settings.java
+++ b/com/android/server/pm/Settings.java
@@ -222,6 +222,7 @@ public final class Settings {
private static final String ATTR_HIDDEN = "hidden";
private static final String ATTR_SUSPENDED = "suspended";
private static final String ATTR_SUSPENDING_PACKAGE = "suspending-package";
+ private static final String ATTR_SUSPEND_DIALOG_MESSAGE = "suspend_dialog_message";
// Legacy, uninstall blocks are stored separately.
@Deprecated
private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall";
@@ -734,6 +735,7 @@ public final class Settings {
false /*hidden*/,
false /*suspended*/,
null, /*suspendingPackage*/
+ null, /*dialogMessage*/
null, /*suspendedAppExtras*/
null, /*suspendedLauncherExtras*/
instantApp,
@@ -1628,6 +1630,7 @@ public final class Settings {
false /*hidden*/,
false /*suspended*/,
null, /*suspendingPackage*/
+ null, /*dialogMessage*/
null, /*suspendedAppExtras*/
null, /*suspendedLauncherExtras*/
false /*instantApp*/,
@@ -1704,6 +1707,8 @@ public final class Settings {
false);
String suspendingPackage = parser.getAttributeValue(null,
ATTR_SUSPENDING_PACKAGE);
+ final String dialogMessage = parser.getAttributeValue(null,
+ ATTR_SUSPEND_DIALOG_MESSAGE);
if (suspended && suspendingPackage == null) {
suspendingPackage = PLATFORM_PACKAGE_NAME;
}
@@ -1767,7 +1772,7 @@ public final class Settings {
setBlockUninstallLPw(userId, name, true);
}
ps.setUserState(userId, ceDataInode, enabled, installed, stopped, notLaunched,
- hidden, suspended, suspendingPackage, suspendedAppExtras,
+ hidden, suspended, suspendingPackage, dialogMessage, suspendedAppExtras,
suspendedLauncherExtras, instantApp, virtualPreload, enabledCaller,
enabledComponents, disabledComponents, verifState, linkGeneration,
installReason, harmfulAppWarning);
@@ -2077,7 +2082,14 @@ public final class Settings {
}
if (ustate.suspended) {
serializer.attribute(null, ATTR_SUSPENDED, "true");
- serializer.attribute(null, ATTR_SUSPENDING_PACKAGE, ustate.suspendingPackage);
+ if (ustate.suspendingPackage != null) {
+ serializer.attribute(null, ATTR_SUSPENDING_PACKAGE,
+ ustate.suspendingPackage);
+ }
+ if (ustate.dialogMessage != null) {
+ serializer.attribute(null, ATTR_SUSPEND_DIALOG_MESSAGE,
+ ustate.dialogMessage);
+ }
if (ustate.suspendedAppExtras != null) {
serializer.startTag(null, TAG_SUSPENDED_APP_EXTRAS);
try {
@@ -4750,8 +4762,11 @@ public final class Settings {
pw.print(" suspended=");
pw.print(ps.getSuspended(user.id));
if (ps.getSuspended(user.id)) {
+ final PackageUserState pus = ps.readUserState(user.id);
pw.print(" suspendingPackage=");
- pw.print(ps.readUserState(user.id).suspendingPackage);
+ pw.print(pus.suspendingPackage);
+ pw.print(" dialogMessage=");
+ pw.print(pus.dialogMessage);
}
pw.print(" stopped=");
pw.print(ps.getStopped(user.id));
diff --git a/com/android/server/pm/ShortcutPackageInfo.java b/com/android/server/pm/ShortcutPackageInfo.java
index eeaa3330..8c7871ff 100644
--- a/com/android/server/pm/ShortcutPackageInfo.java
+++ b/com/android/server/pm/ShortcutPackageInfo.java
@@ -21,6 +21,7 @@ import android.content.pm.PackageInfo;
import android.content.pm.PackageManagerInternal;
import android.content.pm.ShortcutInfo;
import android.content.pm.Signature;
+import android.content.pm.SigningInfo;
import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
@@ -164,12 +165,13 @@ class ShortcutPackageInfo {
ShortcutService s, String packageName, @UserIdInt int packageUserId) {
final PackageInfo pi = s.getPackageInfoWithSignatures(packageName, packageUserId);
// retrieve the newest sigs
- Signature[][] signingHistory = pi.signingCertificateHistory;
- if (signingHistory == null || signingHistory.length == 0) {
+ SigningInfo signingInfo = pi.signingInfo;
+ if (signingInfo == null) {
Slog.e(TAG, "Can't get signatures: package=" + packageName);
return null;
}
- Signature[] signatures = signingHistory[signingHistory.length - 1];
+ // TODO (b/73988180) use entire signing history in case of rollbacks
+ Signature[] signatures = signingInfo.getApkContentsSigners();
final ShortcutPackageInfo ret = new ShortcutPackageInfo(pi.getLongVersionCode(),
pi.lastUpdateTime, BackupUtils.hashSignatureArray(signatures), /* shadow=*/ false);
@@ -192,13 +194,14 @@ class ShortcutPackageInfo {
return;
}
// retrieve the newest sigs
- Signature[][] signingHistory = pi.signingCertificateHistory;
- if (signingHistory == null || signingHistory.length == 0) {
+ SigningInfo signingInfo = pi.signingInfo;
+ if (signingInfo == null) {
Slog.w(TAG, "Not refreshing signature for " + pkg.getPackageName()
- + " since it appears to have no signature history.");
+ + " since it appears to have no signing info.");
return;
}
- Signature[] signatures = signingHistory[signingHistory.length - 1];
+ // TODO (b/73988180) use entire signing history in case of rollbacks
+ Signature[] signatures = signingInfo.getApkContentsSigners();
mSigHashes = BackupUtils.hashSignatureArray(signatures);
}
diff --git a/com/android/server/pm/ShortcutService.java b/com/android/server/pm/ShortcutService.java
index 15b46172..599e5a57 100644
--- a/com/android/server/pm/ShortcutService.java
+++ b/com/android/server/pm/ShortcutService.java
@@ -48,7 +48,6 @@ import android.content.pm.ResolveInfo;
import android.content.pm.ShortcutInfo;
import android.content.pm.ShortcutServiceInternal;
import android.content.pm.ShortcutServiceInternal.ShortcutChangeListener;
-import android.content.pm.UserInfo;
import android.content.res.Resources;
import android.content.res.XmlResourceParser;
import android.graphics.Bitmap;
@@ -100,7 +99,7 @@ import com.android.internal.util.DumpUtils;
import com.android.internal.util.FastXmlSerializer;
import com.android.internal.util.Preconditions;
import com.android.server.LocalServices;
-import com.android.server.StatLogger;
+import com.android.internal.util.StatLogger;
import com.android.server.SystemService;
import com.android.server.pm.ShortcutUser.PackageWithUser;
diff --git a/com/android/server/pm/permission/BasePermission.java b/com/android/server/pm/permission/BasePermission.java
index bcf4b07d..1d002efc 100644
--- a/com/android/server/pm/permission/BasePermission.java
+++ b/com/android/server/pm/permission/BasePermission.java
@@ -411,17 +411,23 @@ public final class BasePermission {
}
public @NonNull PermissionInfo generatePermissionInfo(int adjustedProtectionLevel, int flags) {
- final boolean protectionLevelChanged = protectionLevel != adjustedProtectionLevel;
- // if we return different protection level, don't use the cached info
- if (perm != null && !protectionLevelChanged) {
- return PackageParser.generatePermissionInfo(perm, flags);
- }
- final PermissionInfo pi = new PermissionInfo();
- pi.name = name;
- pi.packageName = sourcePackageName;
- pi.nonLocalizedLabel = name;
- pi.protectionLevel = protectionLevelChanged ? adjustedProtectionLevel : protectionLevel;
- return pi;
+ PermissionInfo permissionInfo;
+ if (perm != null) {
+ final boolean protectionLevelChanged = protectionLevel != adjustedProtectionLevel;
+ permissionInfo = PackageParser.generatePermissionInfo(perm, flags);
+ if (protectionLevelChanged && permissionInfo == perm.info) {
+ // if we return different protection level, don't use the cached info
+ permissionInfo = new PermissionInfo(permissionInfo);
+ permissionInfo.protectionLevel = adjustedProtectionLevel;
+ }
+ return permissionInfo;
+ }
+ permissionInfo = new PermissionInfo();
+ permissionInfo.name = name;
+ permissionInfo.packageName = sourcePackageName;
+ permissionInfo.nonLocalizedLabel = name;
+ permissionInfo.protectionLevel = protectionLevel;
+ return permissionInfo;
}
public static boolean readLPw(@NonNull Map<String, BasePermission> out,
diff --git a/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 518d464e..4055a475 100644
--- a/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -1052,7 +1052,8 @@ public final class DefaultPermissionGrantPolicy {
private PackageParser.Package getDefaultSystemHandlerActivityPackage(
Intent intent, int userId) {
ResolveInfo handler = mServiceInternal.resolveIntent(intent,
- intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
+ intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false,
+ Binder.getCallingUid());
if (handler == null || handler.activityInfo == null) {
return null;
}
@@ -1093,7 +1094,7 @@ public final class DefaultPermissionGrantPolicy {
ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
- userId, false);
+ userId, false, Binder.getCallingUid());
if (homeActivity != null) {
continue;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 02:03:20 +0000