Edge case: overriden system package moved & became privileged in OTA

Because properly continuing permission grants post-OTA has changed policy to include privilege considerations based on install location, make sure that we re-evaluate when we determine that the apk has moved from its pre-OTA location. Bug 11271490 Change-Id: I6c09986e2851a67504268b289932588457c05dfc
author: Christopher Tate <ctate@google.com> 2013-10-22 15:36:01 -0700
committer: The Android Automerger <android-build@google.com> 2013-10-22 18:23:20 -0700
commit: b8db47488253a08d279b061603d1c69c84554284 (patch)
tree: 4bb71dc9670fcd9e7808108b8e819fffeabb9297
parent: b840bd2b601f4df4eb8750a00be7132bf4d26c2e (diff)
download: base-b8db47488253a08d279b061603d1c69c84554284.tar.gz
2 files changed, 13 insertions, 7 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 95dc3738d0bc..e075862a2cc2 100755
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -3585,7 +3585,13 @@ public class PackageManagerService extends IPackageManager.Stub {
                                 + ps.name + " changing from " + updatedPkg.codePathString
                                 + " to " + scanFile);
                         updatedPkg.codePath = scanFile;
-                        updatedPkg.codePathString = scanFile.toString();                        
+                        updatedPkg.codePathString = scanFile.toString();
+                        // This is the point at which we know that the system-disk APK
+                        // for this package has moved during a reboot (e.g. due to an OTA),
+                        // so we need to reevaluate it for privilege policy.
+                        if (locationIsPrivileged(scanFile)) {
+                            updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
+                        }
                     }
                     updatedPkg.pkg = pkg;
                     mLastScanError = PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE;
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 3b4393a894af..b0cfd7eaa798 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -426,12 +426,12 @@ final class Settings {
                         + "; replacing with new");
                 p = null;
             } else {
-                if ((pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0) {
-                    // If what we are scanning is a system package, then
-                    // make it so, regardless of whether it was previously
-                    // installed only in the data partition.
-                    p.pkgFlags |= ApplicationInfo.FLAG_SYSTEM;
-                }
+                // If what we are scanning is a system (and possibly privileged) package,
+                // then make it so, regardless of whether it was previously installed only
+                // in the data partition.
+                final int sysPrivFlags = pkgFlags
+                        & (ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_PRIVILEGED);
+                p.pkgFlags |= sysPrivFlags;
             }
         }
         if (p == null) {
author	Christopher Tate <ctate@google.com>	2013-10-22 15:36:01 -0700
committer	The Android Automerger <android-build@google.com>	2013-10-22 18:23:20 -0700
commit	b8db47488253a08d279b061603d1c69c84554284 (patch)
tree	4bb71dc9670fcd9e7808108b8e819fffeabb9297
parent	b840bd2b601f4df4eb8750a00be7132bf4d26c2e (diff)
download	base-b8db47488253a08d279b061603d1c69c84554284.tar.gz