From a8670dfd570a295f99d45ad45a175a48defbbc86 Mon Sep 17 00:00:00 2001 From: Rhed Jao Date: Fri, 24 Jun 2022 17:10:23 +0800 Subject: Only allow the system or shell to delete oat artifacts This also fixes the side channel information disclosure of the package existence caused by the `pm delete-dexopt` command. Bug: 232415364 Test: atest PackageManagerTest Change-Id: Ifed5d73234276fcb47d79ecb22fb6e7101d6b077 --- services/core/java/com/android/server/pm/PackageManagerService.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 109e7071469c..a909977583b4 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -6760,6 +6760,9 @@ public class PackageManagerService implements PackageSender, TestUtilityService } long deleteOatArtifactsOfPackage(@NonNull Computer snapshot, String packageName) { + PackageManagerServiceUtils.enforceSystemOrRootOrShell( + "Only the system or shell can delete oat artifacts"); + PackageStateInternal packageState = snapshot.getPackageStateInternal(packageName); if (packageState == null || packageState.getPkg() == null) { return -1; // error code of deleteOptimizedFiles -- cgit v1.2.3-59-g8ed1b