APK still has privileged flag after being moved from "/system/priv-app"

When an app is moved from "/system/priv-app" to another location during OTA update, the privileged flag should be removed. (cherry picked from commit 76bf60ead8132b86436ebbba40eaa8f2c8bbe812) Change-Id: I39feeac7ece89c28045d196ae69fc974b1c6510b
author: Akira Numata <akira.numata@sonymobile.com> 2014-11-25 17:50:12 +0900
committer: Jeff Sharkey <jsharkey@android.com> 2014-12-01 09:38:48 -0800
commit: 48e17629b0b6c89cb77342c0364a1cf3a0b2a0fb (patch)
tree: a336586ac34b7003bbfa07864ca78e2799504102
parent: 6ca3ba73b78be57dd50fe5813f076b3e166cc659 (diff)
1 files changed, 11 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 3e6d15afb15f..57a896797f14 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4285,6 +4285,14 @@ public class PackageManagerService extends IPackageManager.Stub {
         boolean updatedPkgBetter = false;
         // First check if this is a system package that may involve an update
         if (updatedPkg != null && (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) {
+            // If new package is not located in "/system/priv-app" (e.g. due to an OTA),
+            // it needs to drop FLAG_PRIVILEGED.
+            if (locationIsPrivileged(scanFile)) {
+                updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
+            } else {
+                updatedPkg.pkgFlags &= ~ApplicationInfo.FLAG_PRIVILEGED;
+            }
+
             if (ps != null && !ps.codePath.equals(scanFile)) {
                 // The path has changed from what was last scanned...  check the
                 // version of the new path against what we have stored to determine
@@ -4302,12 +4310,6 @@ public class PackageManagerService extends IPackageManager.Stub {
                                 + " to " + scanFile);
                         updatedPkg.codePath = scanFile;
                         updatedPkg.codePathString = scanFile.toString();
-                        // This is the point at which we know that the system-disk APK
-                        // for this package has moved during a reboot (e.g. due to an OTA),
-                        // so we need to reevaluate it for privilege policy.
-                        if (locationIsPrivileged(scanFile)) {
-                            updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
-                        }
                     }
                     updatedPkg.pkg = pkg;
                     throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, null);
@@ -7202,7 +7204,9 @@ public class PackageManagerService extends IPackageManager.Stub {
                         // If the original was granted this permission, we take
                         // that grant decision as read and propagate it to the
                         // update.
-                        allowed = true;
+                        if (sysPs.isPrivileged()) {
+                            allowed = true;
+                        }
                     } else {
                         // The system apk may have been updated with an older
                         // version of the one on the data partition, but which
author	Akira Numata <akira.numata@sonymobile.com>	2014-11-25 17:50:12 +0900
committer	Jeff Sharkey <jsharkey@android.com>	2014-12-01 09:38:48 -0800
commit	48e17629b0b6c89cb77342c0364a1cf3a0b2a0fb (patch)
tree	a336586ac34b7003bbfa07864ca78e2799504102
parent	6ca3ba73b78be57dd50fe5813f076b3e166cc659 (diff)