diff options
author | Oli Lan <olilan@google.com> | 2022-03-25 18:24:39 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-07-07 01:46:37 +0000 |
commit | b1646337a748c912b095b02b7837d6503f38d6b9 (patch) | |
tree | 4736721fb07ed13b954a7b255cbc258d680d94e0 | |
parent | d15f00a09260dee8274a426ae0424a0bc9c05068 (diff) | |
download | base-b1646337a748c912b095b02b7837d6503f38d6b9.tar.gz |
Prevent non-admin users from deleting system apps.
This addresses a security issue where the guest user can remove updates
for system apps.
With this CL, attempts to uninstall/downgrade system apps will fail if
attempted by a non-admin user.
This is a backport of ag/17352264.
Bug: 170646036
Test: manual, try uninstalling system app update as guest
Change-Id: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e
Merged-In: I4e959e296cca9bbdfc8fccc5e5e0e654ca524165
(cherry picked from commit 6c870e157994519094e9e50ddf93e57a26779e22)
Merged-In: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e
-rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index c0486443b97e..6f1c88722e21 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -21657,6 +21657,16 @@ public class PackageManagerService extends IPackageManager.Stub return PackageManager.DELETE_FAILED_INTERNAL_ERROR; } + if (isSystemApp(uninstalledPs)) { + UserInfo userInfo = mUserManager.getUserInfo(userId); + if (userInfo == null || !userInfo.isAdmin()) { + Slog.w(TAG, "Not removing package " + packageName + + " as only admin user may downgrade system apps"); + EventLog.writeEvent(0x534e4554, "170646036", -1, packageName); + return PackageManager.DELETE_FAILED_USER_RESTRICTED; + } + } + disabledSystemPs = mSettings.getDisabledSystemPkgLPr(packageName); // Static shared libs can be declared by any package, so let us not // allow removing a package if it provides a lib others depend on. |