diff options
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 20 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/SharedUserSetting.java | 5 |
2 files changed, 25 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 6e9452388c09..711ea13a7c15 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -10764,6 +10764,26 @@ Slog.e("TODD", } } } + + // Verify that packages sharing a user with a privileged app are marked as privileged. + if (!pkg.isPrivileged() && (pkg.mSharedUserId != null)) { + SharedUserSetting sharedUserSetting = null; + try { + sharedUserSetting = mSettings.getSharedUserLPw(pkg.mSharedUserId, 0, 0, false); + } catch (PackageManagerException ignore) {} + if (sharedUserSetting != null && sharedUserSetting.isPrivileged()) { + // Exempt SharedUsers signed with the platform key. + PackageSetting platformPkgSetting = mSettings.mPackages.get("android"); + if ((platformPkgSetting.signatures.mSignatures != null) && + (compareSignatures(platformPkgSetting.signatures.mSignatures, + pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH)) { + throw new PackageManagerException("Apps that share a user with a " + + "privileged app must themselves be marked as privileged. " + + pkg.packageName + " shares privileged user " + + pkg.mSharedUserId + "."); + } + } + } } } diff --git a/services/core/java/com/android/server/pm/SharedUserSetting.java b/services/core/java/com/android/server/pm/SharedUserSetting.java index 877da144730f..244613180d00 100644 --- a/services/core/java/com/android/server/pm/SharedUserSetting.java +++ b/services/core/java/com/android/server/pm/SharedUserSetting.java @@ -17,6 +17,7 @@ package com.android.server.pm; import android.annotation.Nullable; +import android.content.pm.ApplicationInfo; import android.content.pm.PackageParser; import android.service.pm.PackageServiceDumpProto; import android.util.ArraySet; @@ -102,4 +103,8 @@ public final class SharedUserSetting extends SettingBase { } return pkgList; } + + public boolean isPrivileged() { + return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; + } } |