diff options
Diffstat (limited to 'com/android/server/pm')
-rw-r--r-- | com/android/server/pm/Installer.java | 2 | ||||
-rw-r--r-- | com/android/server/pm/InstantAppResolver.java | 2 | ||||
-rw-r--r-- | com/android/server/pm/LauncherAppsService.java | 20 | ||||
-rw-r--r-- | com/android/server/pm/OtaDexoptService.java | 2 | ||||
-rw-r--r-- | com/android/server/pm/PackageDexOptimizer.java | 14 | ||||
-rw-r--r-- | com/android/server/pm/PackageInstallerSession.java | 16 | ||||
-rw-r--r-- | com/android/server/pm/PackageManagerService.java | 216 | ||||
-rw-r--r-- | com/android/server/pm/PackageManagerShellCommand.java | 6 | ||||
-rw-r--r-- | com/android/server/pm/PackageSettingBase.java | 12 | ||||
-rw-r--r-- | com/android/server/pm/Settings.java | 21 | ||||
-rw-r--r-- | com/android/server/pm/ShortcutPackageInfo.java | 17 | ||||
-rw-r--r-- | com/android/server/pm/ShortcutService.java | 3 | ||||
-rw-r--r-- | com/android/server/pm/permission/BasePermission.java | 28 | ||||
-rw-r--r-- | com/android/server/pm/permission/DefaultPermissionGrantPolicy.java | 5 |
14 files changed, 226 insertions, 138 deletions
diff --git a/com/android/server/pm/Installer.java b/com/android/server/pm/Installer.java index 9d3f48b4..45f1a2b8 100644 --- a/com/android/server/pm/Installer.java +++ b/com/android/server/pm/Installer.java @@ -67,6 +67,8 @@ public class Installer extends SystemService { public static final int DEXOPT_ENABLE_HIDDEN_API_CHECKS = 1 << 10; /** Indicates that dexopt should convert to CompactDex. */ public static final int DEXOPT_GENERATE_COMPACT_DEX = 1 << 11; + /** Indicates that dexopt should generate an app image */ + public static final int DEXOPT_GENERATE_APP_IMAGE = 1 << 12; // NOTE: keep in sync with installd public static final int FLAG_CLEAR_CACHE_ONLY = 1 << 8; diff --git a/com/android/server/pm/InstantAppResolver.java b/com/android/server/pm/InstantAppResolver.java index bc9fa4b7..dbf0940f 100644 --- a/com/android/server/pm/InstantAppResolver.java +++ b/com/android/server/pm/InstantAppResolver.java @@ -256,8 +256,6 @@ public abstract class InstantAppResolver { int flags = origIntent.getFlags(); final Intent intent = new Intent(); intent.setFlags(flags - | Intent.FLAG_ACTIVITY_NEW_TASK - | Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY | Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS); if (token != null) { diff --git a/com/android/server/pm/LauncherAppsService.java b/com/android/server/pm/LauncherAppsService.java index 8e78703f..595de9e3 100644 --- a/com/android/server/pm/LauncherAppsService.java +++ b/com/android/server/pm/LauncherAppsService.java @@ -39,6 +39,7 @@ import android.content.pm.ResolveInfo; import android.content.pm.ShortcutInfo; import android.content.pm.ShortcutServiceInternal; import android.content.pm.ShortcutServiceInternal.ShortcutChangeListener; +import android.content.pm.UserInfo; import android.graphics.Rect; import android.net.Uri; import android.os.Binder; @@ -49,6 +50,7 @@ import android.os.ParcelFileDescriptor; import android.os.RemoteCallbackList; import android.os.RemoteException; import android.os.UserHandle; +import android.os.UserManager; import android.os.UserManagerInternal; import android.provider.Settings; import android.util.Log; @@ -101,6 +103,7 @@ public class LauncherAppsService extends SystemService { private static final boolean DEBUG = false; private static final String TAG = "LauncherAppsService"; private final Context mContext; + private final UserManager mUm; private final UserManagerInternal mUserManagerInternal; private final ActivityManagerInternal mActivityManagerInternal; private final ShortcutServiceInternal mShortcutServiceInternal; @@ -113,6 +116,7 @@ public class LauncherAppsService extends SystemService { public LauncherAppsImpl(Context context) { mContext = context; + mUm = (UserManager) mContext.getSystemService(Context.USER_SERVICE); mUserManagerInternal = Preconditions.checkNotNull( LocalServices.getService(UserManagerInternal.class)); mActivityManagerInternal = Preconditions.checkNotNull( @@ -233,6 +237,22 @@ public class LauncherAppsService extends SystemService { * group. */ private boolean canAccessProfile(int targetUserId, String message) { + final int callingUserId = injectCallingUserId(); + + if (targetUserId == callingUserId) return true; + + long ident = injectClearCallingIdentity(); + try { + final UserInfo callingUserInfo = mUm.getUserInfo(callingUserId); + if (callingUserInfo != null && callingUserInfo.isManagedProfile()) { + Slog.w(TAG, message + " for another profile " + + targetUserId + " from " + callingUserId + " not allowed"); + return false; + } + } finally { + injectRestoreCallingIdentity(ident); + } + return mUserManagerInternal.isProfileAccessible(injectCallingUserId(), targetUserId, message, true); } diff --git a/com/android/server/pm/OtaDexoptService.java b/com/android/server/pm/OtaDexoptService.java index 5a7893aa..320affb1 100644 --- a/com/android/server/pm/OtaDexoptService.java +++ b/com/android/server/pm/OtaDexoptService.java @@ -267,7 +267,7 @@ public class OtaDexoptService extends IOtaDexopt.Stub { final StringBuilder builder = new StringBuilder(); // The current version. - builder.append("8 "); + builder.append("9 "); builder.append("dexopt"); diff --git a/com/android/server/pm/PackageDexOptimizer.java b/com/android/server/pm/PackageDexOptimizer.java index 892fa12d..ebab1a72 100644 --- a/com/android/server/pm/PackageDexOptimizer.java +++ b/com/android/server/pm/PackageDexOptimizer.java @@ -60,6 +60,7 @@ import static com.android.server.pm.Installer.DEXOPT_STORAGE_DE; import static com.android.server.pm.Installer.DEXOPT_IDLE_BACKGROUND_JOB; import static com.android.server.pm.Installer.DEXOPT_ENABLE_HIDDEN_API_CHECKS; import static com.android.server.pm.Installer.DEXOPT_GENERATE_COMPACT_DEX; +import static com.android.server.pm.Installer.DEXOPT_GENERATE_APP_IMAGE; import static com.android.server.pm.InstructionSets.getAppDexInstructionSets; import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets; @@ -521,6 +522,10 @@ public class PackageDexOptimizer { return getDexFlags(pkg.applicationInfo, compilerFilter, options); } + private boolean isAppImageEnabled() { + return SystemProperties.get("dalvik.vm.appimageformat", "").length() > 0; + } + private int getDexFlags(ApplicationInfo info, String compilerFilter, DexoptOptions options) { int flags = info.flags; boolean debuggable = (flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0; @@ -547,6 +552,14 @@ public class PackageDexOptimizer { case PackageManagerService.REASON_INSTALL: generateCompactDex = false; } + // Use app images only if it is enabled and we are compiling + // profile-guided (so the app image doesn't conservatively contain all classes). + // If the app didn't request for the splits to be loaded in isolation or if it does not + // declare inter-split dependencies, then all the splits will be loaded in the base + // apk class loader (in the order of their definition, otherwise disable app images + // because they are unsupported for multiple class loaders. b/7269679 + boolean generateAppImage = isProfileGuidedFilter && (info.splitDependencies == null || + !info.requestsIsolatedSplitLoading()) && isAppImageEnabled(); int dexFlags = (isPublic ? DEXOPT_PUBLIC : 0) | (debuggable ? DEXOPT_DEBUGGABLE : 0) @@ -554,6 +567,7 @@ public class PackageDexOptimizer { | (options.isBootComplete() ? DEXOPT_BOOTCOMPLETE : 0) | (options.isDexoptIdleBackgroundJob() ? DEXOPT_IDLE_BACKGROUND_JOB : 0) | (generateCompactDex ? DEXOPT_GENERATE_COMPACT_DEX : 0) + | (generateAppImage ? DEXOPT_GENERATE_APP_IMAGE : 0) | hiddenApiFlag; return adjustDexoptFlags(dexFlags); } diff --git a/com/android/server/pm/PackageInstallerSession.java b/com/android/server/pm/PackageInstallerSession.java index ee326185..f7a02156 100644 --- a/com/android/server/pm/PackageInstallerSession.java +++ b/com/android/server/pm/PackageInstallerSession.java @@ -122,8 +122,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { private static final boolean LOGD = true; private static final String REMOVE_SPLIT_MARKER_EXTENSION = ".removed"; - private static final int MSG_COMMIT = 0; - private static final int MSG_ON_PACKAGE_INSTALLED = 1; + private static final int MSG_EARLY_BIND = 0; + private static final int MSG_COMMIT = 1; + private static final int MSG_ON_PACKAGE_INSTALLED = 2; /** XML constants used for persisting a session */ static final String TAG_SESSION = "session"; @@ -280,6 +281,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { @Override public boolean handleMessage(Message msg) { switch (msg.what) { + case MSG_EARLY_BIND: + earlyBindToDefContainer(); + break; case MSG_COMMIT: synchronized (mLock) { try { @@ -315,6 +319,10 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { } }; + private void earlyBindToDefContainer() { + mPm.earlyBindToDefContainer(); + } + /** * @return {@code true} iff the installing is app an device owner or affiliated profile owner. */ @@ -410,6 +418,10 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { } finally { Binder.restoreCallingIdentity(identity); } + // attempt to bind to the DefContainer as early as possible + if ((params.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) { + mHandler.sendMessage(mHandler.obtainMessage(MSG_EARLY_BIND)); + } } public SessionInfo generateInfo() { diff --git a/com/android/server/pm/PackageManagerService.java b/com/android/server/pm/PackageManagerService.java index 2e530af8..a0476041 100644 --- a/com/android/server/pm/PackageManagerService.java +++ b/com/android/server/pm/PackageManagerService.java @@ -17,12 +17,12 @@ package com.android.server.pm; import static android.Manifest.permission.DELETE_PACKAGES; -import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; -import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.Manifest.permission.INSTALL_PACKAGES; +import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; +import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.content.pm.PackageManager.CERT_INPUT_RAW_X509; import static android.content.pm.PackageManager.CERT_INPUT_SHA256; @@ -167,8 +167,8 @@ import android.content.pm.PackageInfoLite; import android.content.pm.PackageInstaller; import android.content.pm.PackageList; import android.content.pm.PackageManager; -import android.content.pm.PackageManagerInternal; import android.content.pm.PackageManager.LegacyPackageDeleteObserver; +import android.content.pm.PackageManagerInternal; import android.content.pm.PackageManagerInternal.PackageListObserver; import android.content.pm.PackageParser; import android.content.pm.PackageParser.ActivityIntentInfo; @@ -274,6 +274,7 @@ import com.android.internal.R; import com.android.internal.annotations.GuardedBy; import com.android.internal.app.IMediaContainerService; import com.android.internal.app.ResolverActivity; +import com.android.internal.app.SuspendedAppActivity; import com.android.internal.content.NativeLibraryHelper; import com.android.internal.content.PackageHelper; import com.android.internal.logging.MetricsLogger; @@ -310,10 +311,10 @@ import com.android.server.pm.dex.DexoptOptions; import com.android.server.pm.dex.PackageDexUsage; import com.android.server.pm.permission.BasePermission; import com.android.server.pm.permission.DefaultPermissionGrantPolicy; -import com.android.server.pm.permission.PermissionManagerService; -import com.android.server.pm.permission.PermissionManagerInternal; import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback; +import com.android.server.pm.permission.PermissionManagerInternal; import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; +import com.android.server.pm.permission.PermissionManagerService; import com.android.server.pm.permission.PermissionsState; import com.android.server.pm.permission.PermissionsState.PermissionState; import com.android.server.security.VerityUtils; @@ -1326,6 +1327,7 @@ public class PackageManagerService extends IPackageManager.Stub static final int INTENT_FILTER_VERIFIED = 18; static final int WRITE_PACKAGE_LIST = 19; static final int INSTANT_APP_RESOLUTION_PHASE_TWO = 20; + static final int DEF_CONTAINER_BIND = 21; static final int WRITE_SETTINGS_DELAY = 10*1000; // 10 seconds @@ -1417,8 +1419,7 @@ public class PackageManagerService extends IPackageManager.Stub new ArrayList<HandlerParams>(); private boolean connectToService() { - if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to bind to" + - " DefaultContainerService"); + if (DEBUG_INSTALL) Log.i(TAG, "Trying to bind to DefaultContainerService"); Intent service = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); if (mContext.bindServiceAsUser(service, mDefContainerConn, @@ -1453,6 +1454,17 @@ public class PackageManagerService extends IPackageManager.Stub void doHandleMessage(Message msg) { switch (msg.what) { + case DEF_CONTAINER_BIND: + if (!mBound) { + Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "earlyBindingMCS", + System.identityHashCode(mHandler)); + if (!connectToService()) { + Slog.e(TAG, "Failed to bind to media container service"); + } + Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "earlyBindingMCS", + System.identityHashCode(mHandler)); + } + break; case INIT_COPY: { HandlerParams params = (HandlerParams) msg.obj; int idx = mPendingInstalls.size(); @@ -1511,7 +1523,6 @@ public class PackageManagerService extends IPackageManager.Stub Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, params.traceMethod, params.traceCookie); } - return; } mPendingInstalls.clear(); } else { @@ -3935,7 +3946,7 @@ public class PackageManagerService extends IPackageManager.Stub ai.uid = UserHandle.getUid(userId, ps.appId); ai.primaryCpuAbi = ps.primaryCpuAbiString; ai.secondaryCpuAbi = ps.secondaryCpuAbiString; - ai.versionCode = ps.versionCode; + ai.setVersionCode(ps.versionCode); ai.flags = ps.pkgFlags; ai.privateFlags = ps.pkgPrivateFlags; pi.applicationInfo = PackageParser.generateApplicationInfo(ai, flags, state, userId); @@ -5932,8 +5943,8 @@ public class PackageManagerService extends IPackageManager.Stub @Override public ResolveInfo resolveIntent(Intent intent, String resolvedType, int flags, int userId) { - return resolveIntentInternal( - intent, resolvedType, flags, userId, false /*resolveForStart*/); + return resolveIntentInternal(intent, resolvedType, flags, userId, false, + Binder.getCallingUid()); } /** @@ -5942,19 +5953,19 @@ public class PackageManagerService extends IPackageManager.Stub * since we need to allow the system to start any installed application. */ private ResolveInfo resolveIntentInternal(Intent intent, String resolvedType, - int flags, int userId, boolean resolveForStart) { + int flags, int userId, boolean resolveForStart, int filterCallingUid) { try { Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "resolveIntent"); if (!sUserManager.exists(userId)) return null; final int callingUid = Binder.getCallingUid(); - flags = updateFlagsForResolve(flags, userId, intent, callingUid, resolveForStart); + flags = updateFlagsForResolve(flags, userId, intent, filterCallingUid, resolveForStart); mPermissionManager.enforceCrossUserPermission(callingUid, userId, false /*requireFullPermission*/, false /*checkShell*/, "resolve intent"); Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "queryIntentActivities"); final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType, - flags, callingUid, userId, resolveForStart, true /*allowDynamicSplits*/); + flags, filterCallingUid, userId, resolveForStart, true /*allowDynamicSplits*/); Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); final ResolveInfo bestChoice = @@ -6762,7 +6773,7 @@ public class PackageManagerService extends IPackageManager.Stub // the instant application, we'll do the right thing. final ApplicationInfo ai = localInstantApp.activityInfo.applicationInfo; auxiliaryResponse = new AuxiliaryResolveInfo(null /* failureActivity */, - ai.packageName, ai.versionCode, null /* splitName */); + ai.packageName, ai.longVersionCode, null /* splitName */); } } if (intent.isWebIntent() && auxiliaryResponse == null) { @@ -6946,7 +6957,7 @@ public class PackageManagerService extends IPackageManager.Stub installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( installFailureActivity, info.activityInfo.packageName, - info.activityInfo.applicationInfo.versionCode, + info.activityInfo.applicationInfo.longVersionCode, info.activityInfo.splitName); // add a non-generic filter installerInfo.filter = new IntentFilter(); @@ -7692,7 +7703,7 @@ public class PackageManagerService extends IPackageManager.Stub installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( null /* installFailureActivity */, info.serviceInfo.packageName, - info.serviceInfo.applicationInfo.versionCode, + info.serviceInfo.applicationInfo.longVersionCode, info.serviceInfo.splitName); // add a non-generic filter installerInfo.filter = new IntentFilter(); @@ -7810,7 +7821,7 @@ public class PackageManagerService extends IPackageManager.Stub installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( null /*failureActivity*/, info.providerInfo.packageName, - info.providerInfo.applicationInfo.versionCode, + info.providerInfo.applicationInfo.longVersionCode, info.providerInfo.splitName); // add a non-generic filter installerInfo.filter = new IntentFilter(); @@ -8185,35 +8196,22 @@ public class PackageManagerService extends IPackageManager.Stub private ProviderInfo resolveContentProviderInternal(String name, int flags, int userId) { if (!sUserManager.exists(userId)) return null; flags = updateFlagsForComponent(flags, userId, name); - final String instantAppPkgName = getInstantAppPackageName(Binder.getCallingUid()); - // reader + final int callingUid = Binder.getCallingUid(); synchronized (mPackages) { final PackageParser.Provider provider = mProvidersByAuthority.get(name); PackageSetting ps = provider != null ? mSettings.mPackages.get(provider.owner.packageName) : null; if (ps != null) { - final boolean isInstantApp = ps.getInstantApp(userId); - // normal application; filter out instant application provider - if (instantAppPkgName == null && isInstantApp) { - return null; - } - // instant application; filter out other instant applications - if (instantAppPkgName != null - && isInstantApp - && !provider.owner.packageName.equals(instantAppPkgName)) { - return null; - } - // instant application; filter out non-exposed provider - if (instantAppPkgName != null - && !isInstantApp - && (provider.info.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0) { - return null; - } // provider not enabled if (!mSettings.isEnabledAndMatchLPr(provider.info, flags, userId)) { return null; } + final ComponentName component = + new ComponentName(provider.info.packageName, provider.info.name); + if (filterAppAccessLPr(ps, callingUid, component, TYPE_PROVIDER, userId)) { + return null; + } return PackageParser.generateProviderInfo( provider, flags, ps.readUserState(userId), userId); } @@ -8702,7 +8700,7 @@ public class PackageManagerService extends IPackageManager.Stub disabledPkgSetting /* pkgSetting */, null /* disabledPkgSetting */, null /* originalPkgSetting */, null, parseFlags, scanFlags, (pkg == mPlatformPackage), user); - applyPolicy(pkg, parseFlags, scanFlags); + applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage); scanPackageOnlyLI(request, mFactoryTest, -1L); } } @@ -9709,7 +9707,7 @@ public class PackageManagerService extends IPackageManager.Stub if (expectedCertDigests.length > 1) { // For apps targeting O MR1 we require explicit enumeration of all certs. - final String[] libCertDigests = (targetSdk > Build.VERSION_CODES.O) + final String[] libCertDigests = (targetSdk >= Build.VERSION_CODES.O_MR1) ? PackageUtils.computeSignaturesSha256Digests( libPkg.mSigningDetails.signatures) : PackageUtils.computeSignaturesSha256Digests( @@ -10021,7 +10019,7 @@ public class PackageManagerService extends IPackageManager.Stub scanFlags = adjustScanFlags(scanFlags, pkgSetting, disabledPkgSetting, user, pkg); synchronized (mPackages) { - applyPolicy(pkg, parseFlags, scanFlags); + applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage); assertPackageIsValid(pkg, parseFlags, scanFlags); SharedUserSetting sharedUserSetting = null; @@ -10184,20 +10182,10 @@ public class PackageManagerService extends IPackageManager.Stub // The signature has changed, but this package is in the system // image... let's recover! pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails; - // However... if this package is part of a shared user, but it - // doesn't match the signature of the shared user, let's fail. - // What this means is that you can't change the signatures - // associated with an overall shared user, which doesn't seem all - // that unreasonable. + // If the system app is part of a shared user we allow that shared user to change + // signatures as well in part as part of an OTA. if (signatureCheckPs.sharedUser != null) { - if (compareSignatures( - signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures, - pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) { - throw new PackageManagerException( - INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES, - "Signature mismatch for shared user: " - + pkgSetting.sharedUser); - } + signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails; } // File a report about this. String msg = "System package " + pkg.packageName @@ -10701,7 +10689,7 @@ public class PackageManagerService extends IPackageManager.Stub * ideally be static, but, it requires locks to read system state. */ private static void applyPolicy(PackageParser.Package pkg, final @ParseFlags int parseFlags, - final @ScanFlags int scanFlags) { + final @ScanFlags int scanFlags, PackageParser.Package platformPkg) { if ((scanFlags & SCAN_AS_SYSTEM) != 0) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; if (pkg.applicationInfo.isDirectBootAware()) { @@ -10787,6 +10775,15 @@ public class PackageManagerService extends IPackageManager.Stub pkg.applicationInfo.privateFlags |= ApplicationInfo.PRIVATE_FLAG_PRODUCT; } + // Check if the package is signed with the same key as the platform package. + if (PLATFORM_PACKAGE_NAME.equals(pkg.packageName) || + (platformPkg != null && compareSignatures( + platformPkg.mSigningDetails.signatures, + pkg.mSigningDetails.signatures) == PackageManager.SIGNATURE_MATCH)) { + pkg.applicationInfo.privateFlags |= + ApplicationInfo.PRIVATE_FLAG_SIGNED_WITH_PLATFORM_KEY; + } + if (!isSystemApp(pkg)) { // Only system apps can use these features. pkg.mOriginalPackages = null; @@ -13634,6 +13631,14 @@ public class PackageManagerService extends IPackageManager.Stub return installReason; } + /** + * Attempts to bind to the default container service explicitly instead of doing so lazily on + * install commit. + */ + void earlyBindToDefContainer() { + mHandler.sendMessage(mHandler.obtainMessage(DEF_CONTAINER_BIND)); + } + void installStage(String packageName, File stagedDir, IPackageInstallObserver2 observer, PackageInstaller.SessionParams sessionParams, String installerPackageName, int installerUid, UserHandle user, @@ -13991,8 +13996,8 @@ public class PackageManagerService extends IPackageManager.Stub @Override public String[] setPackagesSuspendedAsUser(String[] packageNames, boolean suspended, - PersistableBundle appExtras, PersistableBundle launcherExtras, String callingPackage, - int userId) { + PersistableBundle appExtras, PersistableBundle launcherExtras, String dialogMessage, + String callingPackage, int userId) { try { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.SUSPEND_APPS, null); } catch (SecurityException e) { @@ -14006,7 +14011,7 @@ public class PackageManagerService extends IPackageManager.Stub "setPackagesSuspended for user " + userId); if (callingUid != Process.ROOT_UID && !UserHandle.isSameApp(getPackageUid(callingPackage, 0, userId), callingUid)) { - throw new IllegalArgumentException("callingPackage " + callingPackage + " does not" + throw new IllegalArgumentException("CallingPackage " + callingPackage + " does not" + " belong to calling app id " + UserHandle.getAppId(callingUid)); } @@ -14030,20 +14035,18 @@ public class PackageManagerService extends IPackageManager.Stub final PackageSetting pkgSetting = mSettings.mPackages.get(packageName); if (pkgSetting == null || filterAppAccessLPr(pkgSetting, callingUid, userId)) { - Slog.w(TAG, "Could not find package setting for package \"" + packageName - + "\". Skipping suspending/un-suspending."); + Slog.w(TAG, "Could not find package setting for package: " + packageName + + ". Skipping suspending/un-suspending."); unactionedPackages.add(packageName); continue; } - if (pkgSetting.getSuspended(userId) != suspended) { - if (!canSuspendPackageForUserLocked(packageName, userId)) { - unactionedPackages.add(packageName); - continue; - } - pkgSetting.setSuspended(suspended, callingPackage, appExtras, - launcherExtras, userId); - changedPackagesList.add(packageName); + if (!canSuspendPackageForUserLocked(packageName, userId)) { + unactionedPackages.add(packageName); + continue; } + pkgSetting.setSuspended(suspended, callingPackage, dialogMessage, appExtras, + launcherExtras, userId); + changedPackagesList.add(packageName); } } } finally { @@ -14058,7 +14061,6 @@ public class PackageManagerService extends IPackageManager.Stub scheduleWritePackageRestrictionsLocked(userId); } } - return unactionedPackages.toArray(new String[unactionedPackages.size()]); } @@ -14066,7 +14068,8 @@ public class PackageManagerService extends IPackageManager.Stub public PersistableBundle getSuspendedPackageAppExtras(String packageName, int userId) { final int callingUid = Binder.getCallingUid(); if (getPackageUid(packageName, 0, userId) != callingUid) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null); + throw new SecurityException("Calling package " + packageName + + " does not belong to calling uid " + callingUid); } synchronized (mPackages) { final PackageSetting ps = mSettings.mPackages.get(packageName); @@ -14081,25 +14084,6 @@ public class PackageManagerService extends IPackageManager.Stub } } - @Override - public void setSuspendedPackageAppExtras(String packageName, PersistableBundle appExtras, - int userId) { - final int callingUid = Binder.getCallingUid(); - mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null); - synchronized (mPackages) { - final PackageSetting ps = mSettings.mPackages.get(packageName); - if (ps == null || filterAppAccessLPr(ps, callingUid, userId)) { - throw new IllegalArgumentException("Unknown target package: " + packageName); - } - final PackageUserState packageUserState = ps.readUserState(userId); - if (packageUserState.suspended) { - packageUserState.suspendedAppExtras = appExtras; - sendMyPackageSuspendedOrUnsuspended(new String[] {packageName}, true, appExtras, - userId); - } - } - } - private void sendMyPackageSuspendedOrUnsuspended(String[] affectedPackages, boolean suspended, PersistableBundle appExtras, int userId) { final String action; @@ -14142,9 +14126,6 @@ public class PackageManagerService extends IPackageManager.Stub mPermissionManager.enforceCrossUserPermission(callingUid, userId, true /* requireFullPermission */, false /* checkShell */, "isPackageSuspendedForUser for user " + userId); - if (getPackageUid(packageName, 0, userId) != callingUid) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.SUSPEND_APPS, null); - } synchronized (mPackages) { final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null || filterAppAccessLPr(ps, callingUid, userId)) { @@ -14154,18 +14135,26 @@ public class PackageManagerService extends IPackageManager.Stub } } - void onSuspendingPackageRemoved(String packageName, int userId) { - final int[] userIds = (userId == UserHandle.USER_ALL) ? sUserManager.getUserIds() - : new int[] {userId}; - synchronized (mPackages) { - for (PackageSetting ps : mSettings.mPackages.values()) { - for (int user : userIds) { - final PackageUserState pus = ps.readUserState(user); + void onSuspendingPackageRemoved(String packageName, int removedForUser) { + final int[] userIds = (removedForUser == UserHandle.USER_ALL) ? sUserManager.getUserIds() + : new int[] {removedForUser}; + for (int userId : userIds) { + List<String> affectedPackages = new ArrayList<>(); + synchronized (mPackages) { + for (PackageSetting ps : mSettings.mPackages.values()) { + final PackageUserState pus = ps.readUserState(userId); if (pus.suspended && packageName.equals(pus.suspendingPackage)) { - ps.setSuspended(false, null, null, null, user); + ps.setSuspended(false, null, null, null, null, userId); + affectedPackages.add(ps.name); } } } + if (!affectedPackages.isEmpty()) { + final String[] packageArray = affectedPackages.toArray( + new String[affectedPackages.size()]); + sendMyPackageSuspendedOrUnsuspended(packageArray, false, null, userId); + sendPackagesSuspendedForUser(packageArray, userId, false, null); + } } } @@ -18896,6 +18885,7 @@ public class PackageManagerService extends IPackageManager.Stub false /*hidden*/, false /*suspended*/, null, /*suspendingPackage*/ + null, /*dialogMessage*/ null, /*suspendedAppExtras*/ null, /*suspendedLauncherExtras*/ false /*instantApp*/, @@ -23780,6 +23770,30 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } @Override + public boolean isPackageSuspended(String packageName, int userId) { + synchronized (mPackages) { + final PackageSetting ps = mSettings.mPackages.get(packageName); + return (ps != null) ? ps.getSuspended(userId) : false; + } + } + + @Override + public String getSuspendingPackage(String suspendedPackage, int userId) { + synchronized (mPackages) { + final PackageSetting ps = mSettings.mPackages.get(suspendedPackage); + return (ps != null) ? ps.readUserState(userId).suspendingPackage : null; + } + } + + @Override + public String getSuspendedDialogMessage(String suspendedPackage, int userId) { + synchronized (mPackages) { + final PackageSetting ps = mSettings.mPackages.get(suspendedPackage); + return (ps != null) ? ps.readUserState(userId).dialogMessage : null; + } + } + + @Override public int getPackageUid(String packageName, int flags, int userId) { return PackageManagerService.this .getPackageUid(packageName, flags, userId); @@ -24001,9 +24015,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); @Override public ResolveInfo resolveIntent(Intent intent, String resolvedType, - int flags, int userId, boolean resolveForStart) { + int flags, int userId, boolean resolveForStart, int filterCallingUid) { return resolveIntentInternal( - intent, resolvedType, flags, userId, resolveForStart); + intent, resolvedType, flags, userId, resolveForStart, filterCallingUid); } @Override diff --git a/com/android/server/pm/PackageManagerShellCommand.java b/com/android/server/pm/PackageManagerShellCommand.java index 28e32a54..a92fbb67 100644 --- a/com/android/server/pm/PackageManagerShellCommand.java +++ b/com/android/server/pm/PackageManagerShellCommand.java @@ -1505,6 +1505,7 @@ class PackageManagerShellCommand extends ShellCommand { private int runSuspend(boolean suspendedState) { final PrintWriter pw = getOutPrintWriter(); int userId = UserHandle.USER_SYSTEM; + String dialogMessage = null; final PersistableBundle appExtras = new PersistableBundle(); final PersistableBundle launcherExtras = new PersistableBundle(); String opt; @@ -1513,6 +1514,9 @@ class PackageManagerShellCommand extends ShellCommand { case "--user": userId = UserHandle.parseUserArg(getNextArgRequired()); break; + case "--dialogMessage": + dialogMessage = getNextArgRequired(); + break; case "--ael": case "--aes": case "--aed": @@ -1553,7 +1557,7 @@ class PackageManagerShellCommand extends ShellCommand { (Binder.getCallingUid() == Process.ROOT_UID) ? "root" : "com.android.shell"; try { mInterface.setPackagesSuspendedAsUser(new String[]{packageName}, suspendedState, - appExtras, launcherExtras, callingPackage, userId); + appExtras, launcherExtras, dialogMessage, callingPackage, userId); pw.println("Package " + packageName + " new suspended state: " + mInterface.isPackageSuspendedForUser(packageName, userId)); return 0; diff --git a/com/android/server/pm/PackageSettingBase.java b/com/android/server/pm/PackageSettingBase.java index 008a81cd..138594cc 100644 --- a/com/android/server/pm/PackageSettingBase.java +++ b/com/android/server/pm/PackageSettingBase.java @@ -20,8 +20,6 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; -import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME; - import android.content.pm.ApplicationInfo; import android.content.pm.IntentFilterVerificationInfo; import android.content.pm.PackageManager; @@ -398,11 +396,12 @@ public abstract class PackageSettingBase extends SettingBase { return readUserState(userId).suspended; } - void setSuspended(boolean suspended, String suspendingPackage, PersistableBundle appExtras, - PersistableBundle launcherExtras, int userId) { + void setSuspended(boolean suspended, String suspendingPackage, String dialogMessage, + PersistableBundle appExtras, PersistableBundle launcherExtras, int userId) { final PackageUserState existingUserState = modifyUserState(userId); existingUserState.suspended = suspended; existingUserState.suspendingPackage = suspended ? suspendingPackage : null; + existingUserState.dialogMessage = suspended ? dialogMessage : null; existingUserState.suspendedAppExtras = suspended ? appExtras : null; existingUserState.suspendedLauncherExtras = suspended ? launcherExtras : null; } @@ -425,8 +424,8 @@ public abstract class PackageSettingBase extends SettingBase { void setUserState(int userId, long ceDataInode, int enabled, boolean installed, boolean stopped, boolean notLaunched, boolean hidden, boolean suspended, String suspendingPackage, - PersistableBundle suspendedAppExtras, PersistableBundle suspendedLauncherExtras, - boolean instantApp, + String dialogMessage, PersistableBundle suspendedAppExtras, + PersistableBundle suspendedLauncherExtras, boolean instantApp, boolean virtualPreload, String lastDisableAppCaller, ArraySet<String> enabledComponents, ArraySet<String> disabledComponents, int domainVerifState, int linkGeneration, int installReason, @@ -440,6 +439,7 @@ public abstract class PackageSettingBase extends SettingBase { state.hidden = hidden; state.suspended = suspended; state.suspendingPackage = suspendingPackage; + state.dialogMessage = dialogMessage; state.suspendedAppExtras = suspendedAppExtras; state.suspendedLauncherExtras = suspendedLauncherExtras; state.lastDisableAppCaller = lastDisableAppCaller; diff --git a/com/android/server/pm/Settings.java b/com/android/server/pm/Settings.java index d0e85443..898ecf3c 100644 --- a/com/android/server/pm/Settings.java +++ b/com/android/server/pm/Settings.java @@ -222,6 +222,7 @@ public final class Settings { private static final String ATTR_HIDDEN = "hidden"; private static final String ATTR_SUSPENDED = "suspended"; private static final String ATTR_SUSPENDING_PACKAGE = "suspending-package"; + private static final String ATTR_SUSPEND_DIALOG_MESSAGE = "suspend_dialog_message"; // Legacy, uninstall blocks are stored separately. @Deprecated private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall"; @@ -734,6 +735,7 @@ public final class Settings { false /*hidden*/, false /*suspended*/, null, /*suspendingPackage*/ + null, /*dialogMessage*/ null, /*suspendedAppExtras*/ null, /*suspendedLauncherExtras*/ instantApp, @@ -1628,6 +1630,7 @@ public final class Settings { false /*hidden*/, false /*suspended*/, null, /*suspendingPackage*/ + null, /*dialogMessage*/ null, /*suspendedAppExtras*/ null, /*suspendedLauncherExtras*/ false /*instantApp*/, @@ -1704,6 +1707,8 @@ public final class Settings { false); String suspendingPackage = parser.getAttributeValue(null, ATTR_SUSPENDING_PACKAGE); + final String dialogMessage = parser.getAttributeValue(null, + ATTR_SUSPEND_DIALOG_MESSAGE); if (suspended && suspendingPackage == null) { suspendingPackage = PLATFORM_PACKAGE_NAME; } @@ -1767,7 +1772,7 @@ public final class Settings { setBlockUninstallLPw(userId, name, true); } ps.setUserState(userId, ceDataInode, enabled, installed, stopped, notLaunched, - hidden, suspended, suspendingPackage, suspendedAppExtras, + hidden, suspended, suspendingPackage, dialogMessage, suspendedAppExtras, suspendedLauncherExtras, instantApp, virtualPreload, enabledCaller, enabledComponents, disabledComponents, verifState, linkGeneration, installReason, harmfulAppWarning); @@ -2077,7 +2082,14 @@ public final class Settings { } if (ustate.suspended) { serializer.attribute(null, ATTR_SUSPENDED, "true"); - serializer.attribute(null, ATTR_SUSPENDING_PACKAGE, ustate.suspendingPackage); + if (ustate.suspendingPackage != null) { + serializer.attribute(null, ATTR_SUSPENDING_PACKAGE, + ustate.suspendingPackage); + } + if (ustate.dialogMessage != null) { + serializer.attribute(null, ATTR_SUSPEND_DIALOG_MESSAGE, + ustate.dialogMessage); + } if (ustate.suspendedAppExtras != null) { serializer.startTag(null, TAG_SUSPENDED_APP_EXTRAS); try { @@ -4750,8 +4762,11 @@ public final class Settings { pw.print(" suspended="); pw.print(ps.getSuspended(user.id)); if (ps.getSuspended(user.id)) { + final PackageUserState pus = ps.readUserState(user.id); pw.print(" suspendingPackage="); - pw.print(ps.readUserState(user.id).suspendingPackage); + pw.print(pus.suspendingPackage); + pw.print(" dialogMessage="); + pw.print(pus.dialogMessage); } pw.print(" stopped="); pw.print(ps.getStopped(user.id)); diff --git a/com/android/server/pm/ShortcutPackageInfo.java b/com/android/server/pm/ShortcutPackageInfo.java index eeaa3330..8c7871ff 100644 --- a/com/android/server/pm/ShortcutPackageInfo.java +++ b/com/android/server/pm/ShortcutPackageInfo.java @@ -21,6 +21,7 @@ import android.content.pm.PackageInfo; import android.content.pm.PackageManagerInternal; import android.content.pm.ShortcutInfo; import android.content.pm.Signature; +import android.content.pm.SigningInfo; import android.util.Slog; import com.android.internal.annotations.VisibleForTesting; @@ -164,12 +165,13 @@ class ShortcutPackageInfo { ShortcutService s, String packageName, @UserIdInt int packageUserId) { final PackageInfo pi = s.getPackageInfoWithSignatures(packageName, packageUserId); // retrieve the newest sigs - Signature[][] signingHistory = pi.signingCertificateHistory; - if (signingHistory == null || signingHistory.length == 0) { + SigningInfo signingInfo = pi.signingInfo; + if (signingInfo == null) { Slog.e(TAG, "Can't get signatures: package=" + packageName); return null; } - Signature[] signatures = signingHistory[signingHistory.length - 1]; + // TODO (b/73988180) use entire signing history in case of rollbacks + Signature[] signatures = signingInfo.getApkContentsSigners(); final ShortcutPackageInfo ret = new ShortcutPackageInfo(pi.getLongVersionCode(), pi.lastUpdateTime, BackupUtils.hashSignatureArray(signatures), /* shadow=*/ false); @@ -192,13 +194,14 @@ class ShortcutPackageInfo { return; } // retrieve the newest sigs - Signature[][] signingHistory = pi.signingCertificateHistory; - if (signingHistory == null || signingHistory.length == 0) { + SigningInfo signingInfo = pi.signingInfo; + if (signingInfo == null) { Slog.w(TAG, "Not refreshing signature for " + pkg.getPackageName() - + " since it appears to have no signature history."); + + " since it appears to have no signing info."); return; } - Signature[] signatures = signingHistory[signingHistory.length - 1]; + // TODO (b/73988180) use entire signing history in case of rollbacks + Signature[] signatures = signingInfo.getApkContentsSigners(); mSigHashes = BackupUtils.hashSignatureArray(signatures); } diff --git a/com/android/server/pm/ShortcutService.java b/com/android/server/pm/ShortcutService.java index 15b46172..599e5a57 100644 --- a/com/android/server/pm/ShortcutService.java +++ b/com/android/server/pm/ShortcutService.java @@ -48,7 +48,6 @@ import android.content.pm.ResolveInfo; import android.content.pm.ShortcutInfo; import android.content.pm.ShortcutServiceInternal; import android.content.pm.ShortcutServiceInternal.ShortcutChangeListener; -import android.content.pm.UserInfo; import android.content.res.Resources; import android.content.res.XmlResourceParser; import android.graphics.Bitmap; @@ -100,7 +99,7 @@ import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.Preconditions; import com.android.server.LocalServices; -import com.android.server.StatLogger; +import com.android.internal.util.StatLogger; import com.android.server.SystemService; import com.android.server.pm.ShortcutUser.PackageWithUser; diff --git a/com/android/server/pm/permission/BasePermission.java b/com/android/server/pm/permission/BasePermission.java index bcf4b07d..1d002efc 100644 --- a/com/android/server/pm/permission/BasePermission.java +++ b/com/android/server/pm/permission/BasePermission.java @@ -411,17 +411,23 @@ public final class BasePermission { } public @NonNull PermissionInfo generatePermissionInfo(int adjustedProtectionLevel, int flags) { - final boolean protectionLevelChanged = protectionLevel != adjustedProtectionLevel; - // if we return different protection level, don't use the cached info - if (perm != null && !protectionLevelChanged) { - return PackageParser.generatePermissionInfo(perm, flags); - } - final PermissionInfo pi = new PermissionInfo(); - pi.name = name; - pi.packageName = sourcePackageName; - pi.nonLocalizedLabel = name; - pi.protectionLevel = protectionLevelChanged ? adjustedProtectionLevel : protectionLevel; - return pi; + PermissionInfo permissionInfo; + if (perm != null) { + final boolean protectionLevelChanged = protectionLevel != adjustedProtectionLevel; + permissionInfo = PackageParser.generatePermissionInfo(perm, flags); + if (protectionLevelChanged && permissionInfo == perm.info) { + // if we return different protection level, don't use the cached info + permissionInfo = new PermissionInfo(permissionInfo); + permissionInfo.protectionLevel = adjustedProtectionLevel; + } + return permissionInfo; + } + permissionInfo = new PermissionInfo(); + permissionInfo.name = name; + permissionInfo.packageName = sourcePackageName; + permissionInfo.nonLocalizedLabel = name; + permissionInfo.protectionLevel = protectionLevel; + return permissionInfo; } public static boolean readLPw(@NonNull Map<String, BasePermission> out, diff --git a/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java index 518d464e..4055a475 100644 --- a/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java +++ b/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java @@ -1052,7 +1052,8 @@ public final class DefaultPermissionGrantPolicy { private PackageParser.Package getDefaultSystemHandlerActivityPackage( Intent intent, int userId) { ResolveInfo handler = mServiceInternal.resolveIntent(intent, - intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); + intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false, + Binder.getCallingUid()); if (handler == null || handler.activityInfo == null) { return null; } @@ -1093,7 +1094,7 @@ public final class DefaultPermissionGrantPolicy { ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, - userId, false); + userId, false, Binder.getCallingUid()); if (homeActivity != null) { continue; } |