Merge "Revert "pm: Scan as privileged apps that share a privileged user""

author: Jeffrey Vander Stoep <jeffv@google.com> 2018-01-24 00:46:27 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2018-01-24 00:46:27 +0000
commit: 262cdf0f2724aaeade73a6c9e7b7466e0adf1007 (patch)
tree: 2efb747f979fb79af70800da97130cee85f8407e
parent: b62afd21699890d6229a02305f6ee9520bd29748 (diff)
parent: 2a31ecf04023660b62a97e7331b6d68fd68bf9f9 (diff)
1 files changed, 3 insertions, 28 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 8c0506492ec1..da1bdc7bb15a 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -9762,9 +9762,8 @@ Slog.e("TODD",
      * <li>{@link #SCAN_AS_VIRTUAL_PRELOAD}</li>
      * </ul>
      */
-    private @ScanFlags int adjustScanFlags(@ScanFlags int scanFlags,
-            PackageSetting pkgSetting, PackageSetting disabledPkgSetting, UserHandle user,
-            PackageParser.Package pkg) {
+    private static @ScanFlags int adjustScanFlags(@ScanFlags int scanFlags,
+            PackageSetting pkgSetting, PackageSetting disabledPkgSetting, UserHandle user) {
         if (disabledPkgSetting != null) {
             // updated system application, must at least have SCAN_AS_SYSTEM
             scanFlags |= SCAN_AS_SYSTEM;
@@ -9790,30 +9789,6 @@ Slog.e("TODD",
                 scanFlags |= SCAN_AS_VIRTUAL_PRELOAD;
             }
         }
-
-        // Scan as privileged apps that share a user with a priv-app.
-        if (((scanFlags & SCAN_AS_PRIVILEGED) == 0) && !pkg.isPrivileged()
-                && (pkg.mSharedUserId != null)) {
-            SharedUserSetting sharedUserSetting = null;
-            try {
-                sharedUserSetting = mSettings.getSharedUserLPw(pkg.mSharedUserId, 0, 0, false);
-            } catch (PackageManagerException ignore) {}
-            if (sharedUserSetting != null && sharedUserSetting.isPrivileged()) {
-                // Exempt SharedUsers signed with the platform key.
-                // TODO(b/72378145) Fix this exemption. Force signature apps
-                // to whitelist their privileged permissions just like other
-                // priv-apps.
-                synchronized (mPackages) {
-                    PackageSetting platformPkgSetting = mSettings.mPackages.get("android");
-                    if (!pkg.packageName.equals("android")
-                            && (compareSignatures(platformPkgSetting.signatures.mSignatures,
-                                pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH)) {
-                        scanFlags |= SCAN_AS_PRIVILEGED;
-                    }
-                }
-            }
-        }
-
         return scanFlags;
     }
 
@@ -9837,7 +9812,7 @@ Slog.e("TODD",
                     + " was transferred to another, but its .apk remains");
         }
 
-        scanFlags = adjustScanFlags(scanFlags, pkgSetting, disabledPkgSetting, user, pkg);
+        scanFlags = adjustScanFlags(scanFlags, pkgSetting, disabledPkgSetting, user);
         synchronized (mPackages) {
             applyPolicy(pkg, parseFlags, scanFlags);
             assertPackageIsValid(pkg, parseFlags, scanFlags);
author	Jeffrey Vander Stoep <jeffv@google.com>	2018-01-24 00:46:27 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2018-01-24 00:46:27 +0000
commit	262cdf0f2724aaeade73a6c9e7b7466e0adf1007 (patch)
tree	2efb747f979fb79af70800da97130cee85f8407e
parent	b62afd21699890d6229a02305f6ee9520bd29748 (diff)
parent	2a31ecf04023660b62a97e7331b6d68fd68bf9f9 (diff)