summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Patrick Baumann <patb@google.com> 2023-05-04 19:46:27 +0000
committer Patrick Baumann <patb@google.com> 2023-05-10 23:59:35 +0000
commit08c993b8cabed6aa3c7862bad44ba89a84b59b85 (patch)
treec565e3e1bb1689d4f8a32744423413af71b6ff2f
parent31a3d5b052a6958e6e5c01109025938d0045a41b (diff)
Revert "Add new manifest attr allowUpdateOwnership (4/n)"
This reverts commit d378c630bb70689240329d4736680df717f1c8de. Reason for revert: Apps can no longer opt out of udpate ownership Bug: 281898063 Test: atest UpdateOwnershipEnforcementTest Change-Id: I3bc3ca266d9d5b1978a7f9419d278db06bfbbaa4
Diffstat
-rw-r--r--core/res/res/values/attrs_manifest.xml7
-rw-r--r--services/core/java/com/android/server/pm/InstallPackageHelper.java33
-rw-r--r--services/core/java/com/android/server/pm/parsing/pkg/PackageImpl.java11
-rw-r--r--services/core/java/com/android/server/pm/pkg/AndroidPackage.java6
-rw-r--r--services/core/java/com/android/server/pm/pkg/parsing/ParsingPackage.java2
-rw-r--r--services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java5
-rw-r--r--services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/parsing/parcelling/AndroidPackageTest.kt1
7 files changed, 13 insertions, 52 deletions
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 1bbe8eeaf37f..7f0566ec12f6 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1796,12 +1796,6 @@
-->
<attr name="attributionTags" format="string" />
- <!-- Default value <code>true</code> allows an installer to enable update
- ownership enforcement for this package via {@link
- android.content.pm.PackageInstaller.SessionParams#setRequestUpdateOwnership}
- during initial installation. This overrides the installer's use of {@link
- android.content.pm.PackageInstaller.SessionParams#setRequestUpdateOwnership}.
- -->
<attr name="allowUpdateOwnership" format="boolean" />
<!-- The <code>manifest</code> tag is the root of an
@@ -1841,7 +1835,6 @@
<attr name="isSplitRequired" />
<attr name="requiredSplitTypes" />
<attr name="splitTypes" />
- <attr name="allowUpdateOwnership" />
</declare-styleable>
<!-- The <code>application</code> tag describes application-level components
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index be8890bc8786..00a32297fa89 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -324,7 +324,6 @@ final class InstallPackageHelper {
InstallSource installSource = request.getInstallSource();
final boolean isApex = (scanFlags & SCAN_AS_APEX) != 0;
final boolean pkgAlreadyExists = oldPkgSetting != null;
- final boolean isAllowUpdateOwnership = parsedPackage.isAllowUpdateOwnership();
final String oldUpdateOwner =
pkgAlreadyExists ? oldPkgSetting.getInstallSource().mUpdateOwnerPackageName : null;
final String updateOwnerFromSysconfig = isApex || !pkgSetting.isSystem() ? null
@@ -346,11 +345,7 @@ final class InstallPackageHelper {
}
// Handle the update ownership enforcement for APK
- if (!isAllowUpdateOwnership) {
- // If the app wants to opt-out of the update ownership enforcement via manifest,
- // it overrides the installer's use of #setRequestUpdateOwnership.
- installSource = installSource.setUpdateOwnerPackageName(null);
- } else if (!isApex) {
+ if (!isApex) {
// User installer UID as "current" userId if present; otherwise, use the userId
// from InstallRequest.
final int userId = installSource.mInstallerPackageUid != Process.INVALID_UID
@@ -391,22 +386,18 @@ final class InstallPackageHelper {
// For non-standard install (addForInit), installSource is null.
} else if (pkgSetting.isSystem()) {
// We still honor the manifest attr if the system app wants to opt-out of it.
- if (!isAllowUpdateOwnership) {
- pkgSetting.setUpdateOwnerPackage(null);
+ final boolean isSameUpdateOwner = isUpdateOwnershipEnabled
+ && TextUtils.equals(oldUpdateOwner, updateOwnerFromSysconfig);
+
+ // Here we handle the update owner for the system package, and the rules are:
+ // -. We use the update owner from sysconfig as the initial value.
+ // -. Once an app becomes to system app later via OTA, only retains the update
+ // owner if it's consistence with sysconfig.
+ // -. Clear the update owner when update owner changes from sysconfig.
+ if (!pkgAlreadyExists || isSameUpdateOwner) {
+ pkgSetting.setUpdateOwnerPackage(updateOwnerFromSysconfig);
} else {
- final boolean isSameUpdateOwner = isUpdateOwnershipEnabled
- && TextUtils.equals(oldUpdateOwner, updateOwnerFromSysconfig);
-
- // Here we handle the update owner for the system package, and the rules are:
- // -. We use the update owner from sysconfig as the initial value.
- // -. Once an app becomes to system app later via OTA, only retains the update
- // owner if it's consistence with sysconfig.
- // -. Clear the update owner when update owner changes from sysconfig.
- if (!pkgAlreadyExists || isSameUpdateOwner) {
- pkgSetting.setUpdateOwnerPackage(updateOwnerFromSysconfig);
- } else {
- pkgSetting.setUpdateOwnerPackage(null);
- }
+ pkgSetting.setUpdateOwnerPackage(null);
}
}
diff --git a/services/core/java/com/android/server/pm/parsing/pkg/PackageImpl.java b/services/core/java/com/android/server/pm/parsing/pkg/PackageImpl.java
index de31b4699918..f036835f7d4e 100644
--- a/services/core/java/com/android/server/pm/parsing/pkg/PackageImpl.java
+++ b/services/core/java/com/android/server/pm/parsing/pkg/PackageImpl.java
@@ -1810,11 +1810,6 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal,
}
@Override
- public boolean isAllowUpdateOwnership() {
- return getBoolean2(Booleans2.ALLOW_UPDATE_OWNERSHIP);
- }
-
- @Override
public boolean isVmSafeMode() {
return getBoolean(Booleans.VM_SAFE_MODE);
}
@@ -2518,11 +2513,6 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal,
}
@Override
- public PackageImpl setAllowUpdateOwnership(boolean value) {
- return setBoolean2(Booleans2.ALLOW_UPDATE_OWNERSHIP, value);
- }
-
- @Override
public PackageImpl sortActivities() {
Collections.sort(this.activities, ORDER_COMPARATOR);
return this;
@@ -3736,6 +3726,5 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal,
private static final long STUB = 1L;
private static final long APEX = 1L << 1;
- private static final long ALLOW_UPDATE_OWNERSHIP = 1L << 2;
}
}
diff --git a/services/core/java/com/android/server/pm/pkg/AndroidPackage.java b/services/core/java/com/android/server/pm/pkg/AndroidPackage.java
index 2fdda1210394..e54f34d1c4ac 100644
--- a/services/core/java/com/android/server/pm/pkg/AndroidPackage.java
+++ b/services/core/java/com/android/server/pm/pkg/AndroidPackage.java
@@ -1483,10 +1483,4 @@ public interface AndroidPackage {
* @hide
*/
boolean isVisibleToInstantApps();
-
- /**
- * @see R.styleable#AndroidManifest_allowUpdateOwnership
- * @hide
- */
- boolean isAllowUpdateOwnership();
}
diff --git a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackage.java b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackage.java
index 6cb6a9783134..7fc33568f9b9 100644
--- a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackage.java
+++ b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackage.java
@@ -388,8 +388,6 @@ public interface ParsingPackage {
ParsingPackage setLocaleConfigResourceId(int localeConfigRes);
- ParsingPackage setAllowUpdateOwnership(boolean value);
-
/**
* Sets the trusted host certificates of apps that are allowed to embed activities of this
* application.
diff --git a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
index fda44e495b89..1567af081857 100644
--- a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
+++ b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
@@ -219,7 +219,6 @@ public class ParsingPackageUtils {
public static final int PARSE_DEFAULT_INSTALL_LOCATION =
PackageInfo.INSTALL_LOCATION_UNSPECIFIED;
public static final int PARSE_DEFAULT_TARGET_SANDBOX = 1;
- public static final boolean PARSE_DEFAULT_ALLOW_UPDATE_OWNERSHIP = true;
/**
* If set to true, we will only allow package files that exactly match the DTD. Otherwise, we
@@ -887,9 +886,7 @@ public class ParsingPackageUtils {
.setTargetSandboxVersion(anInteger(PARSE_DEFAULT_TARGET_SANDBOX,
R.styleable.AndroidManifest_targetSandboxVersion, sa))
/* Set the global "on SD card" flag */
- .setExternalStorage((flags & PARSE_EXTERNAL_STORAGE) != 0)
- .setAllowUpdateOwnership(bool(PARSE_DEFAULT_ALLOW_UPDATE_OWNERSHIP,
- R.styleable.AndroidManifest_allowUpdateOwnership, sa));
+ .setExternalStorage((flags & PARSE_EXTERNAL_STORAGE) != 0);
boolean foundApp = false;
final int depth = parser.getDepth();
diff --git a/services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/parsing/parcelling/AndroidPackageTest.kt b/services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/parsing/parcelling/AndroidPackageTest.kt
index 6d3cdffda837..320087111c50 100644
--- a/services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/parsing/parcelling/AndroidPackageTest.kt
+++ b/services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/parsing/parcelling/AndroidPackageTest.kt
@@ -218,7 +218,6 @@ class AndroidPackageTest : ParcelableComponentTest(AndroidPackage::class, Packag
AndroidPackage::isClearUserDataOnFailedRestoreAllowed,
AndroidPackage::isAllowNativeHeapPointerTagging,
AndroidPackage::isTaskReparentingAllowed,
- AndroidPackage::isAllowUpdateOwnership,
AndroidPackage::isBackupInForeground,
AndroidPackage::isHardwareAccelerated,
AndroidPackage::isSaveStateDisallowed,
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-08 17:39:55 +0000