Merge "Expose hidden API to check whether a given package is state protected" into pi-dev

author: Benjamin Franz <bfranz@google.com> 2018-03-26 09:15:41 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2018-03-26 09:15:41 +0000
commit: 3ff20e2257c3d7158289ff3252e53cd5dfef85f4 (patch)
tree: 25d38cfbab73d8d9cd3c4e6e35dcda53ecf22c28
parent: e711ebc4faea3e5e8cbc8de412f2a6c935a0bbb0 (diff)
parent: 7cc9a817d4a0e2d0dc10f982b54f855351432a82 (diff)
4 files changed, 42 insertions, 0 deletions
diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index fb8ded1e7a43..f38c80cb89cd 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -2855,4 +2855,13 @@ public class ApplicationPackageManager extends PackageManager {
             throw e.rethrowAsRuntimeException();
         }
     }
+
+    @Override
+    public boolean isPackageStateProtected(String packageName, int userId) {
+        try {
+            return mPM.isPackageStateProtected(packageName, userId);
+        } catch (RemoteException e) {
+            throw e.rethrowAsRuntimeException();
+        }
+    }
 }
diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl
index 9a19133e7703..d43d80f0f678 100644
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -674,4 +674,6 @@ interface IPackageManager {
     boolean hasUidSigningCertificate(int uid, in byte[] signingCertificate, int flags);
 
     String getSystemTextClassifierPackageName();
+
+    boolean isPackageStateProtected(String packageName, int userId);
 }
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 4d8773c27d93..114c485e08cd 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -6140,4 +6140,16 @@ public abstract class PackageManager {
         throw new UnsupportedOperationException(
                 "getSystemTextClassifierPackageName not implemented in subclass");
     }
+
+    /**
+     * @return whether a given package's state is protected, e.g. package cannot be disabled,
+     *         suspended, hidden or force stopped.
+     *
+     * @hide
+     */
+    public boolean isPackageStateProtected(String packageName, int userId) {
+        throw new UnsupportedOperationException(
+            "isPackageStateProtected not implemented in subclass");
+    }
+
 }
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index c965aec1360d..950d8dfc28fb 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -17,6 +17,7 @@
 package com.android.server.pm;
 
 import static android.Manifest.permission.DELETE_PACKAGES;
+import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;
 import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;
 import static android.Manifest.permission.INSTALL_PACKAGES;
 import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
@@ -115,6 +116,7 @@ import android.Manifest;
 import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.annotation.UserIdInt;
 import android.app.ActivityManager;
 import android.app.ActivityManagerInternal;
 import android.app.AppOpsManager;
@@ -24315,6 +24317,23 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
             return mSettings.getHarmfulAppWarningLPr(packageName, userId);
         }
     }
+
+    @Override
+    public boolean isPackageStateProtected(@NonNull String packageName, @UserIdInt int userId) {
+        final int callingUid = Binder.getCallingUid();
+        final int callingAppId = UserHandle.getAppId(callingUid);
+
+        mPermissionManager.enforceCrossUserPermission(callingUid, userId,
+                false /*requireFullPermission*/, true /*checkShell*/, "isPackageStateProtected");
+
+        if (callingAppId != Process.SYSTEM_UID && callingAppId != Process.ROOT_UID
+                && checkUidPermission(MANAGE_DEVICE_ADMINS, callingUid) != PERMISSION_GRANTED) {
+            throw new SecurityException("Caller must have the "
+                    + MANAGE_DEVICE_ADMINS + " permission.");
+        }
+
+        return mProtectedPackages.isPackageStateProtected(userId, packageName);
+    }
 }
 
 interface PackageSender {
author	Benjamin Franz <bfranz@google.com>	2018-03-26 09:15:41 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2018-03-26 09:15:41 +0000
commit	3ff20e2257c3d7158289ff3252e53cd5dfef85f4 (patch)
tree	25d38cfbab73d8d9cd3c4e6e35dcda53ecf22c28
parent	e711ebc4faea3e5e8cbc8de412f2a6c935a0bbb0 (diff)
parent	7cc9a817d4a0e2d0dc10f982b54f855351432a82 (diff)