diff options
| author | 2022-06-13 18:40:05 -0700 | |
|---|---|---|
| committer | 2022-08-17 12:00:23 -0700 | |
| commit | c8993d843509563aec04500195799199971de908 (patch) | |
| tree | 43cb31e15bb9d6b553f63bb57a8dc23b8deec771 /libs/androidfw/StringPool.cpp | |
| parent | 723ce1431ba20d05134b7d28154180d78c95727a (diff) | |
[pm] reject data apps using privileged sharedUserId
Previously data apps could cross privileged boundaries by sharing the
same signature as a privileged app and its sharedUserId. This would
cause device crash loop because the newly requested privilegd requests
are not allowlisted, but the app is regarded as a privilegd app. We
should prevent such apps from being installed in the first place.
This CL rejects a data app installation if the app shares signature and
sharedUserId with a privileged app and also requests to use some
privileged permissions.
BUG: 154074394
Test: manual with test apps
Test: with this CL the test app would fail during installation:
$ adb install ~/StudioProjects/DataApplication/app/release/DataApplication.apk
Performing Streamed Install
adb: failed to install /usr/local/google/home/schfan/StudioProjects/DataApplication/app/release/DataApplication.apk: Failure [INSTALL_FAILED_INVALID_APK: Reconciliation failed...: Reconcile failed: Reconcile failed: Non-system package: com.example.dataapplication shares signature and sharedUserId with a privileged package but requests privileged permissions that are not allowed: [android.permission.SET_TIME]]
Test: atest TestablesTests
Change-Id: I0f5bc59cff80acb58cc32943915fe9301518a930
Diffstat (limited to 'libs/androidfw/StringPool.cpp')
0 files changed, 0 insertions, 0 deletions