summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Patrick Baumann <patb@google.com> 2018-01-04 12:17:22 -0800
committer Patrick Baumann <patb@google.com> 2018-01-11 19:25:22 +0000
commit2aede854ff1c4be134dd3118a88d10b6a6576de1 (patch)
treed1870ae71d6c5b4cadcca60ad4c460cd1b8ad179
parent422a67987f2157cf709c07cb9132bdd775ebfc96 (diff)
Moves instant app install checks to install time
This is the final change needed to remove the PARSE_IS_EPHEMERAL flag and do instant app validation at install time instead of at parse time. Fixes: 68860689 Test: manual - Installed valid and invalid instant apps Change-Id: I4d2de8e09d53e2fc3397e60700e7fa4d31b7bb29
Diffstat
-rw-r--r--core/java/android/content/pm/PackageParser.java18
-rw-r--r--services/core/java/com/android/server/pm/PackageInstallerSession.java7
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java46
3 files changed, 34 insertions, 37 deletions
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 51087c353280..efda5a63ae68 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -35,7 +35,6 @@ import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_BAD_PACKAGE
import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES;
import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_MANIFEST_MALFORMED;
import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_NOT_APK;
-import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES;
import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION;
import static android.os.Build.VERSION_CODES.O;
import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER;
@@ -817,9 +816,6 @@ public class PackageParser {
public static final int PARSE_COLLECT_CERTIFICATES = 1 << 5;
public static final int PARSE_ENFORCE_CODE = 1 << 6;
public static final int PARSE_FORCE_SDK = 1 << 7;
- /** @deprecated remove when fixing b/68860689 */
- @Deprecated
- public static final int PARSE_IS_EPHEMERAL = 1 << 8;
public static final int PARSE_CHATTY = 1 << 31;
@IntDef(flag = true, prefix = { "PARSE_" }, value = {
@@ -830,7 +826,6 @@ public class PackageParser {
PARSE_FORCE_SDK,
PARSE_FORWARD_LOCK,
PARSE_IGNORE_PROCESSES,
- PARSE_IS_EPHEMERAL,
PARSE_IS_SYSTEM_DIR,
PARSE_MUST_BE_APK,
})
@@ -1522,14 +1517,6 @@ public class PackageParser {
} else {
verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);
}
- if (verified.signatureSchemeVersion
- < SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V2) {
- // TODO (b/68860689): move this logic to packagemanagerserivce
- if ((parseFlags & PARSE_IS_EPHEMERAL) != 0) {
- throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
- "No APK Signature Scheme v2 signature in ephemeral package " + apkPath);
- }
- }
// Verify that entries are signed consistently with the first pkg
// we encountered. Note that for splits, certificates may have
@@ -1980,11 +1967,6 @@ public class PackageParser {
String str = sa.getNonConfigurationString(
com.android.internal.R.styleable.AndroidManifest_sharedUserId, 0);
if (str != null && str.length() > 0) {
- if ((flags & PARSE_IS_EPHEMERAL) != 0) {
- outError[0] = "sharedUserId not allowed in ephemeral application";
- mParseError = PackageManager.INSTALL_PARSE_FAILED_BAD_SHARED_USER_ID;
- return null;
- }
String nameError = validateName(str, true, false);
if (nameError != null && !"android".equals(pkg.packageName)) {
outError[0] = "<manifest> specifies bad sharedUserId name \""
diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java
index 4e918983ddd6..a43818a27a73 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -988,11 +988,8 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
for (File addedFile : addedFiles) {
final ApkLite apk;
try {
- int flags = PackageParser.PARSE_COLLECT_CERTIFICATES;
- if ((params.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) {
- flags |= PackageParser.PARSE_IS_EPHEMERAL;
- }
- apk = PackageParser.parseApkLite(addedFile, flags);
+ apk = PackageParser.parseApkLite(
+ addedFile, PackageParser.PARSE_COLLECT_CERTIFICATES);
} catch (PackageParserException e) {
throw PackageManagerException.from(e);
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index c02ce091ce91..abcb488c9d18 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -16385,7 +16385,6 @@ public class PackageManagerService extends IPackageManager.Stub
| PackageParser.PARSE_ENFORCE_CODE
| (forwardLocked ? PackageParser.PARSE_FORWARD_LOCK : 0)
| (onExternal ? PackageParser.PARSE_EXTERNAL_STORAGE : 0)
- | (instantApp ? PackageParser.PARSE_IS_EPHEMERAL : 0)
| (forceSdk ? PackageParser.PARSE_FORCE_SDK : 0);
PackageParser pp = new PackageParser();
pp.setSeparateProcesses(mSeparateProcesses);
@@ -16413,19 +16412,29 @@ public class PackageManagerService extends IPackageManager.Stub
return;
}
- // Instant apps must have target SDK >= O and have targetSanboxVersion >= 2
- if (instantApp && pkg.applicationInfo.targetSdkVersion <= Build.VERSION_CODES.N_MR1) {
- Slog.w(TAG, "Instant app package " + pkg.packageName + " does not target O");
- res.setError(INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE,
- "Instant app package must target O");
- return;
- }
- if (instantApp && pkg.applicationInfo.targetSandboxVersion != 2) {
- Slog.w(TAG, "Instant app package " + pkg.packageName
- + " does not target targetSandboxVersion 2");
- res.setError(INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE,
- "Instant app package must use targetSanboxVersion 2");
- return;
+ // Instant apps have several additional install-time checks.
+ if (instantApp) {
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) {
+ Slog.w(TAG,
+ "Instant app package " + pkg.packageName + " does not target at least O");
+ res.setError(INSTALL_FAILED_INSTANT_APP_INVALID,
+ "Instant app package must target at least O");
+ return;
+ }
+ if (pkg.applicationInfo.targetSandboxVersion != 2) {
+ Slog.w(TAG, "Instant app package " + pkg.packageName
+ + " does not target targetSandboxVersion 2");
+ res.setError(INSTALL_FAILED_INSTANT_APP_INVALID,
+ "Instant app package must use targetSandboxVersion 2");
+ return;
+ }
+ if (pkg.mSharedUserId != null) {
+ Slog.w(TAG, "Instant app package " + pkg.packageName
+ + " may not declare sharedUserId.");
+ res.setError(INSTALL_FAILED_INSTANT_APP_INVALID,
+ "Instant app package may not declare a sharedUserId");
+ return;
+ }
}
if (pkg.applicationInfo.isStaticSharedLibrary()) {
@@ -16495,6 +16504,15 @@ public class PackageManagerService extends IPackageManager.Stub
return;
}
+ if (instantApp && pkg.mSigningDetails.signatureSchemeVersion
+ < SignatureSchemeVersion.SIGNING_BLOCK_V2) {
+ Slog.w(TAG, "Instant app package " + pkg.packageName
+ + " is not signed with at least APK Signature Scheme v2");
+ res.setError(INSTALL_FAILED_INSTANT_APP_INVALID,
+ "Instant app package must be signed with APK Signature Scheme v2 or greater");
+ return;
+ }
+
// Get rid of all references to package scan path via parser.
pp = null;
String oldCodePath = null;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-02 15:19:28 +0000