diff options
author | Alex Buynytskyy <alexbuy@google.com> | 2024-01-04 00:18:16 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-02-21 19:12:46 +0000 |
commit | 3862cb2c63ab6af563db38017202a7a2577b769f (patch) | |
tree | 68bb5f332c6a56a00577d5d4d411e1e4f82e2d7e | |
parent | 1a8f6eaa61205ea87ce2c67195ee61d6c702a6e0 (diff) | |
download | base-3862cb2c63ab6af563db38017202a7a2577b769f.tar.gz |
Stop marking apps as privileged if they are not signed properly.
Fixes: 311374917
Test: atest android.content.pm.cts.PackageManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3ee5dfdcba047051ce81dca0696d6ddfeafe2d98)
Merged-In: I5b5b81cf43b06837a22c8dfd170a112106dd64c1
Change-Id: I5b5b81cf43b06837a22c8dfd170a112106dd64c1
-rw-r--r-- | services/core/java/com/android/server/pm/InstallPackageHelper.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java index 117ad4729efb..2ed4dfa4e8db 100644 --- a/services/core/java/com/android/server/pm/InstallPackageHelper.java +++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java @@ -4580,7 +4580,9 @@ final class InstallPackageHelper { private void assertPackageWithSharedUserIdIsPrivileged(AndroidPackage pkg) throws PackageManagerException { - if (!AndroidPackageLegacyUtils.isPrivileged(pkg) && (pkg.getSharedUserId() != null)) { + if (!AndroidPackageLegacyUtils.isPrivileged(pkg) + && (pkg.getSharedUserId() != null) + && !pkg.isLeavingSharedUser()) { SharedUserSetting sharedUserSetting = null; try { synchronized (mPm.mLock) { @@ -4620,7 +4622,8 @@ final class InstallPackageHelper { if (((scanFlags & SCAN_AS_PRIVILEGED) == 0) && !AndroidPackageLegacyUtils.isPrivileged(pkg) && (pkg.getSharedUserId() != null) - && !skipVendorPrivilegeScan) { + && !skipVendorPrivilegeScan + && !pkg.isLeavingSharedUser()) { SharedUserSetting sharedUserSetting = null; synchronized (mPm.mLock) { try { |