diff options
| author | 2016-04-04 09:29:14 -0700 | |
|---|---|---|
| committer | 2016-04-04 19:46:47 -0700 | |
| commit | 40ccfdd831ce76e2f1df84a9d4b865f5cf8b65aa (patch) | |
| tree | 34745084114c76d88a6975eeece223cce9fed0b7 | |
| parent | e8c5480ba660232097bcc928fd7a82138e1af188 (diff) | |
Permit package downgrades on debuggable platforms.
This is to make it easier to test on debuggable builds. Debuggable
platform builds trade off being as close as possible in behavior to
non-debuggable builds and being more testable/debuggable. Thus,
debuggable platform builds make no security guarantees and it is thus
acceptable to disable this security mechanism on debuggable platform
builds to help with development/testing/QA.
Bug: 27327503
Change-Id: I19340b95f08c57ff2aba59a08babb6a941c93c3a
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 4ce730ff90a0..f85dce7af748 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -12134,8 +12134,23 @@ public class PackageManagerService extends IPackageManager.Stub { // predecessor. As a security measure, this is permited only if this is not a // version downgrade or if the predecessor package is marked as debuggable and // a downgrade is explicitly requested. - if (((dataOwnerPkg.applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) - || ((installFlags & PackageManager.INSTALL_ALLOW_DOWNGRADE) == 0)) { + // + // On debuggable platform builds, downgrades are permitted even for + // non-debuggable packages to make testing easier. Debuggable platform builds do + // not offer security guarantees and thus it's OK to disable some security + // mechanisms to make debugging/testing easier on those builds. However, even on + // debuggable builds downgrades of packages are permitted only if requested via + // installFlags. This is because we aim to keep the behavior of debuggable + // platform builds as close as possible to the behavior of non-debuggable + // platform builds. + final boolean downgradeRequested = + (installFlags & PackageManager.INSTALL_ALLOW_DOWNGRADE) != 0; + final boolean packageDebuggable = + (dataOwnerPkg.applicationInfo.flags + & ApplicationInfo.FLAG_DEBUGGABLE) != 0; + final boolean downgradePermitted = + (downgradeRequested) && ((Build.IS_DEBUGGABLE) || (packageDebuggable)); + if (!downgradePermitted) { try { checkDowngrade(dataOwnerPkg, pkgLite); } catch (PackageManagerException e) { |