Prevent non-admin users from deleting system apps.

This addresses a security issue where the guest user can remove updates
for system apps.

With this CL, attempts to uninstall/downgrade system apps will fail if
attempted by a non-admin user.

This is a backport of ag/17352264.

Bug: 170646036
Test: manual, try uninstalling system app update as guest
Change-Id: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e
Merged-In: I4e959e296cca9bbdfc8fccc5e5e0e654ca524165
(cherry picked from commit 6c870e157994519094e9e50ddf93e57a26779e22)
Merged-In: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e

1 files changed, 10 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index c0486443b97e..6f1c88722e21 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -21657,6 +21657,16 @@ public class PackageManagerService extends IPackageManager.Stub
                 return PackageManager.DELETE_FAILED_INTERNAL_ERROR;
             }
 
+            if (isSystemApp(uninstalledPs)) {
+                UserInfo userInfo = mUserManager.getUserInfo(userId);
+                if (userInfo == null || !userInfo.isAdmin()) {
+                    Slog.w(TAG, "Not removing package " + packageName
+                            + " as only admin user may downgrade system apps");
+                    EventLog.writeEvent(0x534e4554, "170646036", -1, packageName);
+                    return PackageManager.DELETE_FAILED_USER_RESTRICTED;
+                }
+            }
+
             disabledSystemPs = mSettings.getDisabledSystemPkgLPr(packageName);
             // Static shared libs can be declared by any package, so let us not
             // allow removing a package if it provides a lib others depend on.