installd: remove restored ce_data if de_data rollback failed

I think it's clearer (and safer) if failed rollback leaves app devoid of
any data rather that with only ce_data.
LMK if you disagree, I will just abandon this change then. :)

I tried adding a test to make de_rollback fail (while keeping
ce_rollback successful), but failed to.
Only idea I have in mind is to intercept calls to /system/bin/cp, which
doesn't look like a unit test anymore (and also I'm not sure how
feasible it is).

Test: existing tests in installd_service_test pass
Bug: 112431924

Change-Id: I3c6214d70bac682874ea846a01294b5361470f93

1 files changed, 7 insertions, 3 deletions

diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index 9e252ee05c..0b7e5b7315 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -891,9 +891,13 @@ binder::Status InstalldNativeService::restoreAppDataSnapshot(
         auto to_de = create_data_user_de_path(volume_uuid, user);
         int rc = copy_directory_recursive(from_de.c_str(), to_de.c_str());
         if (rc != 0) {
-            // TODO(narayan): Should we clear clear the rolled back CE data if
-            // something goes wrong here ? We're choosing between leaving the
-            // app devoid of all its data or with just its ce data installed.
+            if (needs_ce_rollback) {
+                auto ce_data = create_data_user_ce_package_path(volume_uuid, user, package_name);
+                LOG(WARNING) << "de_data rollback failed. Erasing rolled back ce_data " << ce_data;
+                if (delete_dir_contents(ce_data.c_str(), 1, nullptr) != 0) {
+                    LOG(WARNING) << "Failed to delete rolled back ce_data " << ce_data;
+                }
+            }
             res = error(rc, "Failed copying " + from_de + " to " + to_de);
             return res;
         }