PackageManagerService.java revision 28f2855c3dbf0c7658d7f458fabb7c01d68e6f37
1/* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import static android.Manifest.permission.DELETE_PACKAGES; 20import static android.Manifest.permission.INSTALL_PACKAGES; 21import static android.Manifest.permission.READ_EXTERNAL_STORAGE; 22import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; 23import static android.Manifest.permission.REQUEST_INSTALL_PACKAGES; 24import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; 25import static android.Manifest.permission.WRITE_MEDIA_STORAGE; 26import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; 27import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; 28import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED; 29import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER; 30import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; 31import static android.content.pm.PackageManager.DELETE_KEEP_DATA; 32import static android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 33import static android.content.pm.PackageManager.FLAG_PERMISSION_POLICY_FIXED; 34import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 35import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE; 36import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 37import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; 38import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; 39import static android.content.pm.PackageManager.INSTALL_EXTERNAL; 40import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; 41import static android.content.pm.PackageManager.INSTALL_FAILED_CONFLICTING_PROVIDER; 42import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; 43import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PERMISSION; 44import static android.content.pm.PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID; 45import static android.content.pm.PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; 46import static android.content.pm.PackageManager.INSTALL_FAILED_INTERNAL_ERROR; 47import static android.content.pm.PackageManager.INSTALL_FAILED_INVALID_APK; 48import static android.content.pm.PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; 49import static android.content.pm.PackageManager.INSTALL_FAILED_MISSING_SHARED_LIBRARY; 50import static android.content.pm.PackageManager.INSTALL_FAILED_PACKAGE_CHANGED; 51import static android.content.pm.PackageManager.INSTALL_FAILED_REPLACE_COULDNT_DELETE; 52import static android.content.pm.PackageManager.INSTALL_FAILED_SHARED_USER_INCOMPATIBLE; 53import static android.content.pm.PackageManager.INSTALL_FAILED_TEST_ONLY; 54import static android.content.pm.PackageManager.INSTALL_FAILED_UPDATE_INCOMPATIBLE; 55import static android.content.pm.PackageManager.INSTALL_FAILED_USER_RESTRICTED; 56import static android.content.pm.PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE; 57import static android.content.pm.PackageManager.INSTALL_FORWARD_LOCK; 58import static android.content.pm.PackageManager.INSTALL_INTERNAL; 59import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES; 60import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS; 61import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK; 62import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK; 63import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER; 64import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED; 65import static android.content.pm.PackageManager.MATCH_ALL; 66import static android.content.pm.PackageManager.MATCH_ANY_USER; 67import static android.content.pm.PackageManager.MATCH_DEBUG_TRIAGED_MISSING; 68import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE; 69import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE; 70import static android.content.pm.PackageManager.MATCH_DISABLED_COMPONENTS; 71import static android.content.pm.PackageManager.MATCH_FACTORY_ONLY; 72import static android.content.pm.PackageManager.MATCH_KNOWN_PACKAGES; 73import static android.content.pm.PackageManager.MATCH_SYSTEM_ONLY; 74import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES; 75import static android.content.pm.PackageManager.MOVE_FAILED_3RD_PARTY_NOT_ALLOWED_ON_INTERNAL; 76import static android.content.pm.PackageManager.MOVE_FAILED_DEVICE_ADMIN; 77import static android.content.pm.PackageManager.MOVE_FAILED_DOESNT_EXIST; 78import static android.content.pm.PackageManager.MOVE_FAILED_INTERNAL_ERROR; 79import static android.content.pm.PackageManager.MOVE_FAILED_OPERATION_PENDING; 80import static android.content.pm.PackageManager.MOVE_FAILED_SYSTEM_PACKAGE; 81import static android.content.pm.PackageManager.PERMISSION_DENIED; 82import static android.content.pm.PackageManager.PERMISSION_GRANTED; 83import static android.content.pm.PackageParser.PARSE_IS_PRIVILEGED; 84import static android.content.pm.PackageParser.isApkFile; 85import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER; 86import static android.system.OsConstants.O_CREAT; 87import static android.system.OsConstants.O_RDWR; 88import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE; 89import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_PARENT; 90import static com.android.internal.content.NativeLibraryHelper.LIB64_DIR_NAME; 91import static com.android.internal.content.NativeLibraryHelper.LIB_DIR_NAME; 92import static com.android.internal.util.ArrayUtils.appendInt; 93import static com.android.server.pm.InstructionSets.getAppDexInstructionSets; 94import static com.android.server.pm.InstructionSets.getDexCodeInstructionSet; 95import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets; 96import static com.android.server.pm.InstructionSets.getPreferredInstructionSet; 97import static com.android.server.pm.InstructionSets.getPrimaryInstructionSet; 98import static com.android.server.pm.PackageManagerServiceCompilerMapping.getCompilerFilterForReason; 99import static com.android.server.pm.PackageManagerServiceCompilerMapping.getDefaultCompilerFilter; 100import static com.android.server.pm.PackageManagerServiceCompilerMapping.getNonProfileGuidedCompilerFilter; 101import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_FAILURE; 102import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS; 103import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED; 104 105import android.Manifest; 106import android.annotation.NonNull; 107import android.annotation.Nullable; 108import android.app.ActivityManager; 109import android.app.AppOpsManager; 110import android.app.IActivityManager; 111import android.app.ResourcesManager; 112import android.app.admin.IDevicePolicyManager; 113import android.app.admin.SecurityLog; 114import android.app.backup.IBackupManager; 115import android.content.BroadcastReceiver; 116import android.content.ComponentName; 117import android.content.ContentResolver; 118import android.content.Context; 119import android.content.IIntentReceiver; 120import android.content.Intent; 121import android.content.IntentFilter; 122import android.content.IntentSender; 123import android.content.IntentSender.SendIntentException; 124import android.content.ServiceConnection; 125import android.content.pm.ActivityInfo; 126import android.content.pm.ApplicationInfo; 127import android.content.pm.AppsQueryHelper; 128import android.content.pm.ChangedPackages; 129import android.content.pm.ComponentInfo; 130import android.content.pm.InstantAppRequest; 131import android.content.pm.AuxiliaryResolveInfo; 132import android.content.pm.FallbackCategoryProvider; 133import android.content.pm.FeatureInfo; 134import android.content.pm.IOnPermissionsChangeListener; 135import android.content.pm.IPackageDataObserver; 136import android.content.pm.IPackageDeleteObserver; 137import android.content.pm.IPackageDeleteObserver2; 138import android.content.pm.IPackageInstallObserver2; 139import android.content.pm.IPackageInstaller; 140import android.content.pm.IPackageManager; 141import android.content.pm.IPackageMoveObserver; 142import android.content.pm.IPackageStatsObserver; 143import android.content.pm.InstantAppInfo; 144import android.content.pm.InstantAppResolveInfo; 145import android.content.pm.InstrumentationInfo; 146import android.content.pm.IntentFilterVerificationInfo; 147import android.content.pm.KeySet; 148import android.content.pm.PackageCleanItem; 149import android.content.pm.PackageInfo; 150import android.content.pm.PackageInfoLite; 151import android.content.pm.PackageInstaller; 152import android.content.pm.PackageManager; 153import android.content.pm.PackageManager.LegacyPackageDeleteObserver; 154import android.content.pm.PackageManagerInternal; 155import android.content.pm.PackageParser; 156import android.content.pm.PackageParser.ActivityIntentInfo; 157import android.content.pm.PackageParser.PackageLite; 158import android.content.pm.PackageParser.PackageParserException; 159import android.content.pm.PackageStats; 160import android.content.pm.PackageUserState; 161import android.content.pm.ParceledListSlice; 162import android.content.pm.PermissionGroupInfo; 163import android.content.pm.PermissionInfo; 164import android.content.pm.ProviderInfo; 165import android.content.pm.ResolveInfo; 166import android.content.pm.ServiceInfo; 167import android.content.pm.SharedLibraryInfo; 168import android.content.pm.Signature; 169import android.content.pm.UserInfo; 170import android.content.pm.VerifierDeviceIdentity; 171import android.content.pm.VerifierInfo; 172import android.content.pm.VersionedPackage; 173import android.content.res.Resources; 174import android.database.ContentObserver; 175import android.graphics.Bitmap; 176import android.hardware.display.DisplayManager; 177import android.net.Uri; 178import android.os.Binder; 179import android.os.Build; 180import android.os.Bundle; 181import android.os.Debug; 182import android.os.Environment; 183import android.os.Environment.UserEnvironment; 184import android.os.FileUtils; 185import android.os.Handler; 186import android.os.IBinder; 187import android.os.Looper; 188import android.os.Message; 189import android.os.Parcel; 190import android.os.ParcelFileDescriptor; 191import android.os.PatternMatcher; 192import android.os.Process; 193import android.os.RemoteCallbackList; 194import android.os.RemoteException; 195import android.os.ResultReceiver; 196import android.os.SELinux; 197import android.os.ServiceManager; 198import android.os.ShellCallback; 199import android.os.SystemClock; 200import android.os.SystemProperties; 201import android.os.Trace; 202import android.os.UserHandle; 203import android.os.UserManager; 204import android.os.UserManagerInternal; 205import android.os.storage.IStorageManager; 206import android.os.storage.StorageEventListener; 207import android.os.storage.StorageManager; 208import android.os.storage.StorageManagerInternal; 209import android.os.storage.VolumeInfo; 210import android.os.storage.VolumeRecord; 211import android.provider.Settings.Global; 212import android.provider.Settings.Secure; 213import android.security.KeyStore; 214import android.security.SystemKeyStore; 215import android.service.pm.PackageServiceDumpProto; 216import android.system.ErrnoException; 217import android.system.Os; 218import android.text.TextUtils; 219import android.text.format.DateUtils; 220import android.util.ArrayMap; 221import android.util.ArraySet; 222import android.util.Base64; 223import android.util.BootTimingsTraceLog; 224import android.util.DisplayMetrics; 225import android.util.EventLog; 226import android.util.ExceptionUtils; 227import android.util.Log; 228import android.util.LogPrinter; 229import android.util.MathUtils; 230import android.util.PackageUtils; 231import android.util.Pair; 232import android.util.PrintStreamPrinter; 233import android.util.Slog; 234import android.util.SparseArray; 235import android.util.SparseBooleanArray; 236import android.util.SparseIntArray; 237import android.util.Xml; 238import android.util.jar.StrictJarFile; 239import android.util.proto.ProtoOutputStream; 240import android.view.Display; 241 242import com.android.internal.R; 243import com.android.internal.annotations.GuardedBy; 244import com.android.internal.app.IMediaContainerService; 245import com.android.internal.app.ResolverActivity; 246import com.android.internal.content.NativeLibraryHelper; 247import com.android.internal.content.PackageHelper; 248import com.android.internal.logging.MetricsLogger; 249import com.android.internal.logging.nano.MetricsProto.MetricsEvent; 250import com.android.internal.os.IParcelFileDescriptorFactory; 251import com.android.internal.os.RoSystemProperties; 252import com.android.internal.os.SomeArgs; 253import com.android.internal.os.Zygote; 254import com.android.internal.telephony.CarrierAppUtils; 255import com.android.internal.util.ArrayUtils; 256import com.android.internal.util.ConcurrentUtils; 257import com.android.internal.util.DumpUtils; 258import com.android.internal.util.FastPrintWriter; 259import com.android.internal.util.FastXmlSerializer; 260import com.android.internal.util.IndentingPrintWriter; 261import com.android.internal.util.Preconditions; 262import com.android.internal.util.XmlUtils; 263import com.android.server.AttributeCache; 264import com.android.server.DeviceIdleController; 265import com.android.server.EventLogTags; 266import com.android.server.FgThread; 267import com.android.server.IntentResolver; 268import com.android.server.LocalServices; 269import com.android.server.LockGuard; 270import com.android.server.ServiceThread; 271import com.android.server.SystemConfig; 272import com.android.server.SystemServerInitThreadPool; 273import com.android.server.Watchdog; 274import com.android.server.net.NetworkPolicyManagerInternal; 275import com.android.server.pm.Installer.InstallerException; 276import com.android.server.pm.PermissionsState.PermissionState; 277import com.android.server.pm.Settings.DatabaseVersion; 278import com.android.server.pm.Settings.VersionInfo; 279import com.android.server.pm.dex.DexManager; 280import com.android.server.storage.DeviceStorageMonitorInternal; 281 282import dalvik.system.CloseGuard; 283import dalvik.system.DexFile; 284import dalvik.system.VMRuntime; 285 286import libcore.io.IoUtils; 287import libcore.util.EmptyArray; 288 289import org.xmlpull.v1.XmlPullParser; 290import org.xmlpull.v1.XmlPullParserException; 291import org.xmlpull.v1.XmlSerializer; 292 293import java.io.BufferedOutputStream; 294import java.io.BufferedReader; 295import java.io.ByteArrayInputStream; 296import java.io.ByteArrayOutputStream; 297import java.io.File; 298import java.io.FileDescriptor; 299import java.io.FileInputStream; 300import java.io.FileOutputStream; 301import java.io.FileReader; 302import java.io.FilenameFilter; 303import java.io.IOException; 304import java.io.PrintWriter; 305import java.nio.charset.StandardCharsets; 306import java.security.DigestInputStream; 307import java.security.MessageDigest; 308import java.security.NoSuchAlgorithmException; 309import java.security.PublicKey; 310import java.security.SecureRandom; 311import java.security.cert.Certificate; 312import java.security.cert.CertificateEncodingException; 313import java.security.cert.CertificateException; 314import java.text.SimpleDateFormat; 315import java.util.ArrayList; 316import java.util.Arrays; 317import java.util.Collection; 318import java.util.Collections; 319import java.util.Comparator; 320import java.util.Date; 321import java.util.HashMap; 322import java.util.HashSet; 323import java.util.Iterator; 324import java.util.List; 325import java.util.Map; 326import java.util.Objects; 327import java.util.Set; 328import java.util.concurrent.CountDownLatch; 329import java.util.concurrent.Future; 330import java.util.concurrent.TimeUnit; 331import java.util.concurrent.atomic.AtomicBoolean; 332import java.util.concurrent.atomic.AtomicInteger; 333 334/** 335 * Keep track of all those APKs everywhere. 336 * <p> 337 * Internally there are two important locks: 338 * <ul> 339 * <li>{@link #mPackages} is used to guard all in-memory parsed package details 340 * and other related state. It is a fine-grained lock that should only be held 341 * momentarily, as it's one of the most contended locks in the system. 342 * <li>{@link #mInstallLock} is used to guard all {@code installd} access, whose 343 * operations typically involve heavy lifting of application data on disk. Since 344 * {@code installd} is single-threaded, and it's operations can often be slow, 345 * this lock should never be acquired while already holding {@link #mPackages}. 346 * Conversely, it's safe to acquire {@link #mPackages} momentarily while already 347 * holding {@link #mInstallLock}. 348 * </ul> 349 * Many internal methods rely on the caller to hold the appropriate locks, and 350 * this contract is expressed through method name suffixes: 351 * <ul> 352 * <li>fooLI(): the caller must hold {@link #mInstallLock} 353 * <li>fooLIF(): the caller must hold {@link #mInstallLock} and the package 354 * being modified must be frozen 355 * <li>fooLPr(): the caller must hold {@link #mPackages} for reading 356 * <li>fooLPw(): the caller must hold {@link #mPackages} for writing 357 * </ul> 358 * <p> 359 * Because this class is very central to the platform's security; please run all 360 * CTS and unit tests whenever making modifications: 361 * 362 * <pre> 363 * $ runtest -c android.content.pm.PackageManagerTests frameworks-core 364 * $ cts-tradefed run commandAndExit cts -m CtsAppSecurityHostTestCases 365 * </pre> 366 */ 367public class PackageManagerService extends IPackageManager.Stub 368 implements PackageSender { 369 static final String TAG = "PackageManager"; 370 static final boolean DEBUG_SETTINGS = false; 371 static final boolean DEBUG_PREFERRED = false; 372 static final boolean DEBUG_UPGRADE = false; 373 static final boolean DEBUG_DOMAIN_VERIFICATION = false; 374 private static final boolean DEBUG_BACKUP = false; 375 private static final boolean DEBUG_INSTALL = false; 376 private static final boolean DEBUG_REMOVE = false; 377 private static final boolean DEBUG_BROADCASTS = false; 378 private static final boolean DEBUG_SHOW_INFO = false; 379 private static final boolean DEBUG_PACKAGE_INFO = false; 380 private static final boolean DEBUG_INTENT_MATCHING = false; 381 private static final boolean DEBUG_PACKAGE_SCANNING = false; 382 private static final boolean DEBUG_VERIFY = false; 383 private static final boolean DEBUG_FILTERS = false; 384 385 // Debug output for dexopting. This is shared between PackageManagerService, OtaDexoptService 386 // and PackageDexOptimizer. All these classes have their own flag to allow switching a single 387 // user, but by default initialize to this. 388 public static final boolean DEBUG_DEXOPT = false; 389 390 private static final boolean DEBUG_ABI_SELECTION = false; 391 private static final boolean DEBUG_EPHEMERAL = Build.IS_DEBUGGABLE; 392 private static final boolean DEBUG_TRIAGED_MISSING = false; 393 private static final boolean DEBUG_APP_DATA = false; 394 395 /** REMOVE. According to Svet, this was only used to reset permissions during development. */ 396 static final boolean CLEAR_RUNTIME_PERMISSIONS_ON_UPGRADE = false; 397 398 private static final boolean HIDE_EPHEMERAL_APIS = false; 399 400 private static final boolean ENABLE_FREE_CACHE_V2 = 401 SystemProperties.getBoolean("fw.free_cache_v2", true); 402 403 private static final int RADIO_UID = Process.PHONE_UID; 404 private static final int LOG_UID = Process.LOG_UID; 405 private static final int NFC_UID = Process.NFC_UID; 406 private static final int BLUETOOTH_UID = Process.BLUETOOTH_UID; 407 private static final int SHELL_UID = Process.SHELL_UID; 408 409 // Cap the size of permission trees that 3rd party apps can define 410 private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768; // characters of text 411 412 // Suffix used during package installation when copying/moving 413 // package apks to install directory. 414 private static final String INSTALL_PACKAGE_SUFFIX = "-"; 415 416 static final int SCAN_NO_DEX = 1<<1; 417 static final int SCAN_FORCE_DEX = 1<<2; 418 static final int SCAN_UPDATE_SIGNATURE = 1<<3; 419 static final int SCAN_NEW_INSTALL = 1<<4; 420 static final int SCAN_UPDATE_TIME = 1<<5; 421 static final int SCAN_BOOTING = 1<<6; 422 static final int SCAN_TRUSTED_OVERLAY = 1<<7; 423 static final int SCAN_DELETE_DATA_ON_FAILURES = 1<<8; 424 static final int SCAN_REPLACING = 1<<9; 425 static final int SCAN_REQUIRE_KNOWN = 1<<10; 426 static final int SCAN_MOVE = 1<<11; 427 static final int SCAN_INITIAL = 1<<12; 428 static final int SCAN_CHECK_ONLY = 1<<13; 429 static final int SCAN_DONT_KILL_APP = 1<<14; 430 static final int SCAN_IGNORE_FROZEN = 1<<15; 431 static final int SCAN_FIRST_BOOT_OR_UPGRADE = 1<<16; 432 static final int SCAN_AS_INSTANT_APP = 1<<17; 433 static final int SCAN_AS_FULL_APP = 1<<18; 434 /** Should not be with the scan flags */ 435 static final int FLAGS_REMOVE_CHATTY = 1<<31; 436 437 private static final String STATIC_SHARED_LIB_DELIMITER = "_"; 438 439 private static final int[] EMPTY_INT_ARRAY = new int[0]; 440 441 /** 442 * Timeout (in milliseconds) after which the watchdog should declare that 443 * our handler thread is wedged. The usual default for such things is one 444 * minute but we sometimes do very lengthy I/O operations on this thread, 445 * such as installing multi-gigabyte applications, so ours needs to be longer. 446 */ 447 static final long WATCHDOG_TIMEOUT = 1000*60*10; // ten minutes 448 449 /** 450 * Wall-clock timeout (in milliseconds) after which we *require* that an fstrim 451 * be run on this device. We use the value in the Settings.Global.MANDATORY_FSTRIM_INTERVAL 452 * settings entry if available, otherwise we use the hardcoded default. If it's been 453 * more than this long since the last fstrim, we force one during the boot sequence. 454 * 455 * This backstops other fstrim scheduling: if the device is alive at midnight+idle, 456 * one gets run at the next available charging+idle time. This final mandatory 457 * no-fstrim check kicks in only of the other scheduling criteria is never met. 458 */ 459 private static final long DEFAULT_MANDATORY_FSTRIM_INTERVAL = 3 * DateUtils.DAY_IN_MILLIS; 460 461 /** 462 * Whether verification is enabled by default. 463 */ 464 private static final boolean DEFAULT_VERIFY_ENABLE = true; 465 466 /** 467 * The default maximum time to wait for the verification agent to return in 468 * milliseconds. 469 */ 470 private static final long DEFAULT_VERIFICATION_TIMEOUT = 10 * 1000; 471 472 /** 473 * The default response for package verification timeout. 474 * 475 * This can be either PackageManager.VERIFICATION_ALLOW or 476 * PackageManager.VERIFICATION_REJECT. 477 */ 478 private static final int DEFAULT_VERIFICATION_RESPONSE = PackageManager.VERIFICATION_ALLOW; 479 480 static final String PLATFORM_PACKAGE_NAME = "android"; 481 482 static final String DEFAULT_CONTAINER_PACKAGE = "com.android.defcontainer"; 483 484 static final ComponentName DEFAULT_CONTAINER_COMPONENT = new ComponentName( 485 DEFAULT_CONTAINER_PACKAGE, 486 "com.android.defcontainer.DefaultContainerService"); 487 488 private static final String KILL_APP_REASON_GIDS_CHANGED = 489 "permission grant or revoke changed gids"; 490 491 private static final String KILL_APP_REASON_PERMISSIONS_REVOKED = 492 "permissions revoked"; 493 494 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 495 496 private static final String PACKAGE_SCHEME = "package"; 497 498 private static final String VENDOR_OVERLAY_DIR = "/vendor/overlay"; 499 500 /** Permission grant: not grant the permission. */ 501 private static final int GRANT_DENIED = 1; 502 503 /** Permission grant: grant the permission as an install permission. */ 504 private static final int GRANT_INSTALL = 2; 505 506 /** Permission grant: grant the permission as a runtime one. */ 507 private static final int GRANT_RUNTIME = 3; 508 509 /** Permission grant: grant as runtime a permission that was granted as an install time one. */ 510 private static final int GRANT_UPGRADE = 4; 511 512 /** Canonical intent used to identify what counts as a "web browser" app */ 513 private static final Intent sBrowserIntent; 514 static { 515 sBrowserIntent = new Intent(); 516 sBrowserIntent.setAction(Intent.ACTION_VIEW); 517 sBrowserIntent.addCategory(Intent.CATEGORY_BROWSABLE); 518 sBrowserIntent.setData(Uri.parse("http:")); 519 } 520 521 /** 522 * The set of all protected actions [i.e. those actions for which a high priority 523 * intent filter is disallowed]. 524 */ 525 private static final Set<String> PROTECTED_ACTIONS = new ArraySet<>(); 526 static { 527 PROTECTED_ACTIONS.add(Intent.ACTION_SEND); 528 PROTECTED_ACTIONS.add(Intent.ACTION_SENDTO); 529 PROTECTED_ACTIONS.add(Intent.ACTION_SEND_MULTIPLE); 530 PROTECTED_ACTIONS.add(Intent.ACTION_VIEW); 531 } 532 533 // Compilation reasons. 534 public static final int REASON_FIRST_BOOT = 0; 535 public static final int REASON_BOOT = 1; 536 public static final int REASON_INSTALL = 2; 537 public static final int REASON_BACKGROUND_DEXOPT = 3; 538 public static final int REASON_AB_OTA = 4; 539 540 public static final int REASON_LAST = REASON_AB_OTA; 541 542 /** All dangerous permission names in the same order as the events in MetricsEvent */ 543 private static final List<String> ALL_DANGEROUS_PERMISSIONS = Arrays.asList( 544 Manifest.permission.READ_CALENDAR, 545 Manifest.permission.WRITE_CALENDAR, 546 Manifest.permission.CAMERA, 547 Manifest.permission.READ_CONTACTS, 548 Manifest.permission.WRITE_CONTACTS, 549 Manifest.permission.GET_ACCOUNTS, 550 Manifest.permission.ACCESS_FINE_LOCATION, 551 Manifest.permission.ACCESS_COARSE_LOCATION, 552 Manifest.permission.RECORD_AUDIO, 553 Manifest.permission.READ_PHONE_STATE, 554 Manifest.permission.CALL_PHONE, 555 Manifest.permission.READ_CALL_LOG, 556 Manifest.permission.WRITE_CALL_LOG, 557 Manifest.permission.ADD_VOICEMAIL, 558 Manifest.permission.USE_SIP, 559 Manifest.permission.PROCESS_OUTGOING_CALLS, 560 Manifest.permission.READ_CELL_BROADCASTS, 561 Manifest.permission.BODY_SENSORS, 562 Manifest.permission.SEND_SMS, 563 Manifest.permission.RECEIVE_SMS, 564 Manifest.permission.READ_SMS, 565 Manifest.permission.RECEIVE_WAP_PUSH, 566 Manifest.permission.RECEIVE_MMS, 567 Manifest.permission.READ_EXTERNAL_STORAGE, 568 Manifest.permission.WRITE_EXTERNAL_STORAGE, 569 Manifest.permission.READ_PHONE_NUMBERS, 570 Manifest.permission.ANSWER_PHONE_CALLS); 571 572 573 /** 574 * Version number for the package parser cache. Increment this whenever the format or 575 * extent of cached data changes. See {@code PackageParser#setCacheDir}. 576 */ 577 private static final String PACKAGE_PARSER_CACHE_VERSION = "1"; 578 579 /** 580 * Whether the package parser cache is enabled. 581 */ 582 private static final boolean DEFAULT_PACKAGE_PARSER_CACHE_ENABLED = true; 583 584 final ServiceThread mHandlerThread; 585 586 final PackageHandler mHandler; 587 588 private final ProcessLoggingHandler mProcessLoggingHandler; 589 590 /** 591 * Messages for {@link #mHandler} that need to wait for system ready before 592 * being dispatched. 593 */ 594 private ArrayList<Message> mPostSystemReadyMessages; 595 596 final int mSdkVersion = Build.VERSION.SDK_INT; 597 598 final Context mContext; 599 final boolean mFactoryTest; 600 final boolean mOnlyCore; 601 final DisplayMetrics mMetrics; 602 final int mDefParseFlags; 603 final String[] mSeparateProcesses; 604 final boolean mIsUpgrade; 605 final boolean mIsPreNUpgrade; 606 final boolean mIsPreNMR1Upgrade; 607 608 // Have we told the Activity Manager to whitelist the default container service by uid yet? 609 @GuardedBy("mPackages") 610 boolean mDefaultContainerWhitelisted = false; 611 612 @GuardedBy("mPackages") 613 private boolean mDexOptDialogShown; 614 615 /** The location for ASEC container files on internal storage. */ 616 final String mAsecInternalPath; 617 618 // Used for privilege escalation. MUST NOT BE CALLED WITH mPackages 619 // LOCK HELD. Can be called with mInstallLock held. 620 @GuardedBy("mInstallLock") 621 final Installer mInstaller; 622 623 /** Directory where installed third-party apps stored */ 624 final File mAppInstallDir; 625 626 /** 627 * Directory to which applications installed internally have their 628 * 32 bit native libraries copied. 629 */ 630 private File mAppLib32InstallDir; 631 632 // Directory containing the private parts (e.g. code and non-resource assets) of forward-locked 633 // apps. 634 final File mDrmAppPrivateInstallDir; 635 636 // ---------------------------------------------------------------- 637 638 // Lock for state used when installing and doing other long running 639 // operations. Methods that must be called with this lock held have 640 // the suffix "LI". 641 final Object mInstallLock = new Object(); 642 643 // ---------------------------------------------------------------- 644 645 // Keys are String (package name), values are Package. This also serves 646 // as the lock for the global state. Methods that must be called with 647 // this lock held have the prefix "LP". 648 @GuardedBy("mPackages") 649 final ArrayMap<String, PackageParser.Package> mPackages = 650 new ArrayMap<String, PackageParser.Package>(); 651 652 final ArrayMap<String, Set<String>> mKnownCodebase = 653 new ArrayMap<String, Set<String>>(); 654 655 // Keys are isolated uids and values are the uid of the application 656 // that created the isolated proccess. 657 @GuardedBy("mPackages") 658 final SparseIntArray mIsolatedOwners = new SparseIntArray(); 659 660 // List of APK paths to load for each user and package. This data is never 661 // persisted by the package manager. Instead, the overlay manager will 662 // ensure the data is up-to-date in runtime. 663 @GuardedBy("mPackages") 664 final SparseArray<ArrayMap<String, ArrayList<String>>> mEnabledOverlayPaths = 665 new SparseArray<ArrayMap<String, ArrayList<String>>>(); 666 667 /** 668 * Tracks new system packages [received in an OTA] that we expect to 669 * find updated user-installed versions. Keys are package name, values 670 * are package location. 671 */ 672 final private ArrayMap<String, File> mExpectingBetter = new ArrayMap<>(); 673 /** 674 * Tracks high priority intent filters for protected actions. During boot, certain 675 * filter actions are protected and should never be allowed to have a high priority 676 * intent filter for them. However, there is one, and only one exception -- the 677 * setup wizard. It must be able to define a high priority intent filter for these 678 * actions to ensure there are no escapes from the wizard. We need to delay processing 679 * of these during boot as we need to look at all of the system packages in order 680 * to know which component is the setup wizard. 681 */ 682 private final List<PackageParser.ActivityIntentInfo> mProtectedFilters = new ArrayList<>(); 683 /** 684 * Whether or not processing protected filters should be deferred. 685 */ 686 private boolean mDeferProtectedFilters = true; 687 688 /** 689 * Tracks existing system packages prior to receiving an OTA. Keys are package name. 690 */ 691 final private ArraySet<String> mExistingSystemPackages = new ArraySet<>(); 692 /** 693 * Whether or not system app permissions should be promoted from install to runtime. 694 */ 695 boolean mPromoteSystemApps; 696 697 @GuardedBy("mPackages") 698 final Settings mSettings; 699 700 /** 701 * Set of package names that are currently "frozen", which means active 702 * surgery is being done on the code/data for that package. The platform 703 * will refuse to launch frozen packages to avoid race conditions. 704 * 705 * @see PackageFreezer 706 */ 707 @GuardedBy("mPackages") 708 final ArraySet<String> mFrozenPackages = new ArraySet<>(); 709 710 final ProtectedPackages mProtectedPackages; 711 712 boolean mFirstBoot; 713 714 PackageManagerInternal.ExternalSourcesPolicy mExternalSourcesPolicy; 715 716 // System configuration read by SystemConfig. 717 final int[] mGlobalGids; 718 final SparseArray<ArraySet<String>> mSystemPermissions; 719 @GuardedBy("mAvailableFeatures") 720 final ArrayMap<String, FeatureInfo> mAvailableFeatures; 721 722 // If mac_permissions.xml was found for seinfo labeling. 723 boolean mFoundPolicyFile; 724 725 private final InstantAppRegistry mInstantAppRegistry; 726 727 @GuardedBy("mPackages") 728 int mChangedPackagesSequenceNumber; 729 /** 730 * List of changed [installed, removed or updated] packages. 731 * mapping from user id -> sequence number -> package name 732 */ 733 @GuardedBy("mPackages") 734 final SparseArray<SparseArray<String>> mChangedPackages = new SparseArray<>(); 735 /** 736 * The sequence number of the last change to a package. 737 * mapping from user id -> package name -> sequence number 738 */ 739 @GuardedBy("mPackages") 740 final SparseArray<Map<String, Integer>> mChangedPackagesSequenceNumbers = new SparseArray<>(); 741 742 class PackageParserCallback implements PackageParser.Callback { 743 @Override public final boolean hasFeature(String feature) { 744 return PackageManagerService.this.hasSystemFeature(feature, 0); 745 } 746 747 final List<PackageParser.Package> getStaticOverlayPackagesLocked( 748 Collection<PackageParser.Package> allPackages, String targetPackageName) { 749 List<PackageParser.Package> overlayPackages = null; 750 for (PackageParser.Package p : allPackages) { 751 if (targetPackageName.equals(p.mOverlayTarget) && p.mIsStaticOverlay) { 752 if (overlayPackages == null) { 753 overlayPackages = new ArrayList<PackageParser.Package>(); 754 } 755 overlayPackages.add(p); 756 } 757 } 758 if (overlayPackages != null) { 759 Comparator<PackageParser.Package> cmp = new Comparator<PackageParser.Package>() { 760 public int compare(PackageParser.Package p1, PackageParser.Package p2) { 761 return p1.mOverlayPriority - p2.mOverlayPriority; 762 } 763 }; 764 Collections.sort(overlayPackages, cmp); 765 } 766 return overlayPackages; 767 } 768 769 final String[] getStaticOverlayPathsLocked(Collection<PackageParser.Package> allPackages, 770 String targetPackageName, String targetPath) { 771 if ("android".equals(targetPackageName)) { 772 // Static RROs targeting to "android", ie framework-res.apk, are already applied by 773 // native AssetManager. 774 return null; 775 } 776 List<PackageParser.Package> overlayPackages = 777 getStaticOverlayPackagesLocked(allPackages, targetPackageName); 778 if (overlayPackages == null || overlayPackages.isEmpty()) { 779 return null; 780 } 781 List<String> overlayPathList = null; 782 for (PackageParser.Package overlayPackage : overlayPackages) { 783 if (targetPath == null) { 784 if (overlayPathList == null) { 785 overlayPathList = new ArrayList<String>(); 786 } 787 overlayPathList.add(overlayPackage.baseCodePath); 788 continue; 789 } 790 791 try { 792 // Creates idmaps for system to parse correctly the Android manifest of the 793 // target package. 794 // 795 // OverlayManagerService will update each of them with a correct gid from its 796 // target package app id. 797 mInstaller.idmap(targetPath, overlayPackage.baseCodePath, 798 UserHandle.getSharedAppGid( 799 UserHandle.getUserGid(UserHandle.USER_SYSTEM))); 800 if (overlayPathList == null) { 801 overlayPathList = new ArrayList<String>(); 802 } 803 overlayPathList.add(overlayPackage.baseCodePath); 804 } catch (InstallerException e) { 805 Slog.e(TAG, "Failed to generate idmap for " + targetPath + " and " + 806 overlayPackage.baseCodePath); 807 } 808 } 809 return overlayPathList == null ? null : overlayPathList.toArray(new String[0]); 810 } 811 812 String[] getStaticOverlayPaths(String targetPackageName, String targetPath) { 813 synchronized (mPackages) { 814 return getStaticOverlayPathsLocked( 815 mPackages.values(), targetPackageName, targetPath); 816 } 817 } 818 819 @Override public final String[] getOverlayApks(String targetPackageName) { 820 return getStaticOverlayPaths(targetPackageName, null); 821 } 822 823 @Override public final String[] getOverlayPaths(String targetPackageName, 824 String targetPath) { 825 return getStaticOverlayPaths(targetPackageName, targetPath); 826 } 827 }; 828 829 class ParallelPackageParserCallback extends PackageParserCallback { 830 List<PackageParser.Package> mOverlayPackages = null; 831 832 void findStaticOverlayPackages() { 833 synchronized (mPackages) { 834 for (PackageParser.Package p : mPackages.values()) { 835 if (p.mIsStaticOverlay) { 836 if (mOverlayPackages == null) { 837 mOverlayPackages = new ArrayList<PackageParser.Package>(); 838 } 839 mOverlayPackages.add(p); 840 } 841 } 842 } 843 } 844 845 @Override 846 synchronized String[] getStaticOverlayPaths(String targetPackageName, String targetPath) { 847 // We can trust mOverlayPackages without holding mPackages because package uninstall 848 // can't happen while running parallel parsing. 849 // Moreover holding mPackages on each parsing thread causes dead-lock. 850 return mOverlayPackages == null ? null : 851 getStaticOverlayPathsLocked(mOverlayPackages, targetPackageName, targetPath); 852 } 853 } 854 855 final PackageParser.Callback mPackageParserCallback = new PackageParserCallback(); 856 final ParallelPackageParserCallback mParallelPackageParserCallback = 857 new ParallelPackageParserCallback(); 858 859 public static final class SharedLibraryEntry { 860 public final String path; 861 public final String apk; 862 public final SharedLibraryInfo info; 863 864 SharedLibraryEntry(String _path, String _apk, String name, int version, int type, 865 String declaringPackageName, int declaringPackageVersionCode) { 866 path = _path; 867 apk = _apk; 868 info = new SharedLibraryInfo(name, version, type, new VersionedPackage( 869 declaringPackageName, declaringPackageVersionCode), null); 870 } 871 } 872 873 // Currently known shared libraries. 874 final ArrayMap<String, SparseArray<SharedLibraryEntry>> mSharedLibraries = new ArrayMap<>(); 875 final ArrayMap<String, SparseArray<SharedLibraryEntry>> mStaticLibsByDeclaringPackage = 876 new ArrayMap<>(); 877 878 // All available activities, for your resolving pleasure. 879 final ActivityIntentResolver mActivities = 880 new ActivityIntentResolver(); 881 882 // All available receivers, for your resolving pleasure. 883 final ActivityIntentResolver mReceivers = 884 new ActivityIntentResolver(); 885 886 // All available services, for your resolving pleasure. 887 final ServiceIntentResolver mServices = new ServiceIntentResolver(); 888 889 // All available providers, for your resolving pleasure. 890 final ProviderIntentResolver mProviders = new ProviderIntentResolver(); 891 892 // Mapping from provider base names (first directory in content URI codePath) 893 // to the provider information. 894 final ArrayMap<String, PackageParser.Provider> mProvidersByAuthority = 895 new ArrayMap<String, PackageParser.Provider>(); 896 897 // Mapping from instrumentation class names to info about them. 898 final ArrayMap<ComponentName, PackageParser.Instrumentation> mInstrumentation = 899 new ArrayMap<ComponentName, PackageParser.Instrumentation>(); 900 901 // Mapping from permission names to info about them. 902 final ArrayMap<String, PackageParser.PermissionGroup> mPermissionGroups = 903 new ArrayMap<String, PackageParser.PermissionGroup>(); 904 905 // Packages whose data we have transfered into another package, thus 906 // should no longer exist. 907 final ArraySet<String> mTransferedPackages = new ArraySet<String>(); 908 909 // Broadcast actions that are only available to the system. 910 final ArraySet<String> mProtectedBroadcasts = new ArraySet<String>(); 911 912 /** List of packages waiting for verification. */ 913 final SparseArray<PackageVerificationState> mPendingVerification 914 = new SparseArray<PackageVerificationState>(); 915 916 /** Set of packages associated with each app op permission. */ 917 final ArrayMap<String, ArraySet<String>> mAppOpPermissionPackages = new ArrayMap<>(); 918 919 final PackageInstallerService mInstallerService; 920 921 private final PackageDexOptimizer mPackageDexOptimizer; 922 // DexManager handles the usage of dex files (e.g. secondary files, whether or not a package 923 // is used by other apps). 924 private final DexManager mDexManager; 925 926 private AtomicInteger mNextMoveId = new AtomicInteger(); 927 private final MoveCallbacks mMoveCallbacks; 928 929 private final OnPermissionChangeListeners mOnPermissionChangeListeners; 930 931 // Cache of users who need badging. 932 SparseBooleanArray mUserNeedsBadging = new SparseBooleanArray(); 933 934 /** Token for keys in mPendingVerification. */ 935 private int mPendingVerificationToken = 0; 936 937 volatile boolean mSystemReady; 938 volatile boolean mSafeMode; 939 volatile boolean mHasSystemUidErrors; 940 private volatile boolean mEphemeralAppsDisabled; 941 942 ApplicationInfo mAndroidApplication; 943 final ActivityInfo mResolveActivity = new ActivityInfo(); 944 final ResolveInfo mResolveInfo = new ResolveInfo(); 945 ComponentName mResolveComponentName; 946 PackageParser.Package mPlatformPackage; 947 ComponentName mCustomResolverComponentName; 948 949 boolean mResolverReplaced = false; 950 951 private final @Nullable ComponentName mIntentFilterVerifierComponent; 952 private final @Nullable IntentFilterVerifier<ActivityIntentInfo> mIntentFilterVerifier; 953 954 private int mIntentFilterVerificationToken = 0; 955 956 /** The service connection to the ephemeral resolver */ 957 final EphemeralResolverConnection mInstantAppResolverConnection; 958 /** Component used to show resolver settings for Instant Apps */ 959 final ComponentName mInstantAppResolverSettingsComponent; 960 961 /** Activity used to install instant applications */ 962 ActivityInfo mInstantAppInstallerActivity; 963 final ResolveInfo mInstantAppInstallerInfo = new ResolveInfo(); 964 965 final SparseArray<IntentFilterVerificationState> mIntentFilterVerificationStates 966 = new SparseArray<IntentFilterVerificationState>(); 967 968 final DefaultPermissionGrantPolicy mDefaultPermissionPolicy; 969 970 // List of packages names to keep cached, even if they are uninstalled for all users 971 private List<String> mKeepUninstalledPackages; 972 973 private UserManagerInternal mUserManagerInternal; 974 975 private DeviceIdleController.LocalService mDeviceIdleController; 976 977 private File mCacheDir; 978 979 private ArraySet<String> mPrivappPermissionsViolations; 980 981 private Future<?> mPrepareAppDataFuture; 982 983 private static class IFVerificationParams { 984 PackageParser.Package pkg; 985 boolean replacing; 986 int userId; 987 int verifierUid; 988 989 public IFVerificationParams(PackageParser.Package _pkg, boolean _replacing, 990 int _userId, int _verifierUid) { 991 pkg = _pkg; 992 replacing = _replacing; 993 userId = _userId; 994 replacing = _replacing; 995 verifierUid = _verifierUid; 996 } 997 } 998 999 private interface IntentFilterVerifier<T extends IntentFilter> { 1000 boolean addOneIntentFilterVerification(int verifierId, int userId, int verificationId, 1001 T filter, String packageName); 1002 void startVerifications(int userId); 1003 void receiveVerificationResponse(int verificationId); 1004 } 1005 1006 private class IntentVerifierProxy implements IntentFilterVerifier<ActivityIntentInfo> { 1007 private Context mContext; 1008 private ComponentName mIntentFilterVerifierComponent; 1009 private ArrayList<Integer> mCurrentIntentFilterVerifications = new ArrayList<Integer>(); 1010 1011 public IntentVerifierProxy(Context context, ComponentName verifierComponent) { 1012 mContext = context; 1013 mIntentFilterVerifierComponent = verifierComponent; 1014 } 1015 1016 private String getDefaultScheme() { 1017 return IntentFilter.SCHEME_HTTPS; 1018 } 1019 1020 @Override 1021 public void startVerifications(int userId) { 1022 // Launch verifications requests 1023 int count = mCurrentIntentFilterVerifications.size(); 1024 for (int n=0; n<count; n++) { 1025 int verificationId = mCurrentIntentFilterVerifications.get(n); 1026 final IntentFilterVerificationState ivs = 1027 mIntentFilterVerificationStates.get(verificationId); 1028 1029 String packageName = ivs.getPackageName(); 1030 1031 ArrayList<PackageParser.ActivityIntentInfo> filters = ivs.getFilters(); 1032 final int filterCount = filters.size(); 1033 ArraySet<String> domainsSet = new ArraySet<>(); 1034 for (int m=0; m<filterCount; m++) { 1035 PackageParser.ActivityIntentInfo filter = filters.get(m); 1036 domainsSet.addAll(filter.getHostsList()); 1037 } 1038 synchronized (mPackages) { 1039 if (mSettings.createIntentFilterVerificationIfNeededLPw( 1040 packageName, domainsSet) != null) { 1041 scheduleWriteSettingsLocked(); 1042 } 1043 } 1044 sendVerificationRequest(userId, verificationId, ivs); 1045 } 1046 mCurrentIntentFilterVerifications.clear(); 1047 } 1048 1049 private void sendVerificationRequest(int userId, int verificationId, 1050 IntentFilterVerificationState ivs) { 1051 1052 Intent verificationIntent = new Intent(Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION); 1053 verificationIntent.putExtra( 1054 PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_ID, 1055 verificationId); 1056 verificationIntent.putExtra( 1057 PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_URI_SCHEME, 1058 getDefaultScheme()); 1059 verificationIntent.putExtra( 1060 PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_HOSTS, 1061 ivs.getHostsString()); 1062 verificationIntent.putExtra( 1063 PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_PACKAGE_NAME, 1064 ivs.getPackageName()); 1065 verificationIntent.setComponent(mIntentFilterVerifierComponent); 1066 verificationIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 1067 1068 DeviceIdleController.LocalService idleController = getDeviceIdleController(); 1069 idleController.addPowerSaveTempWhitelistApp(Process.myUid(), 1070 mIntentFilterVerifierComponent.getPackageName(), getVerificationTimeout(), 1071 userId, false, "intent filter verifier"); 1072 1073 UserHandle user = new UserHandle(userId); 1074 mContext.sendBroadcastAsUser(verificationIntent, user); 1075 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 1076 "Sending IntentFilter verification broadcast"); 1077 } 1078 1079 public void receiveVerificationResponse(int verificationId) { 1080 IntentFilterVerificationState ivs = mIntentFilterVerificationStates.get(verificationId); 1081 1082 final boolean verified = ivs.isVerified(); 1083 1084 ArrayList<PackageParser.ActivityIntentInfo> filters = ivs.getFilters(); 1085 final int count = filters.size(); 1086 if (DEBUG_DOMAIN_VERIFICATION) { 1087 Slog.i(TAG, "Received verification response " + verificationId 1088 + " for " + count + " filters, verified=" + verified); 1089 } 1090 for (int n=0; n<count; n++) { 1091 PackageParser.ActivityIntentInfo filter = filters.get(n); 1092 filter.setVerified(verified); 1093 1094 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "IntentFilter " + filter.toString() 1095 + " verified with result:" + verified + " and hosts:" 1096 + ivs.getHostsString()); 1097 } 1098 1099 mIntentFilterVerificationStates.remove(verificationId); 1100 1101 final String packageName = ivs.getPackageName(); 1102 IntentFilterVerificationInfo ivi = null; 1103 1104 synchronized (mPackages) { 1105 ivi = mSettings.getIntentFilterVerificationLPr(packageName); 1106 } 1107 if (ivi == null) { 1108 Slog.w(TAG, "IntentFilterVerificationInfo not found for verificationId:" 1109 + verificationId + " packageName:" + packageName); 1110 return; 1111 } 1112 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 1113 "Updating IntentFilterVerificationInfo for package " + packageName 1114 +" verificationId:" + verificationId); 1115 1116 synchronized (mPackages) { 1117 if (verified) { 1118 ivi.setStatus(INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS); 1119 } else { 1120 ivi.setStatus(INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK); 1121 } 1122 scheduleWriteSettingsLocked(); 1123 1124 final int userId = ivs.getUserId(); 1125 if (userId != UserHandle.USER_ALL) { 1126 final int userStatus = 1127 mSettings.getIntentFilterVerificationStatusLPr(packageName, userId); 1128 1129 int updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED; 1130 boolean needUpdate = false; 1131 1132 // We cannot override the STATUS_ALWAYS / STATUS_NEVER states if they have 1133 // already been set by the User thru the Disambiguation dialog 1134 switch (userStatus) { 1135 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED: 1136 if (verified) { 1137 updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS; 1138 } else { 1139 updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK; 1140 } 1141 needUpdate = true; 1142 break; 1143 1144 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK: 1145 if (verified) { 1146 updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS; 1147 needUpdate = true; 1148 } 1149 break; 1150 1151 default: 1152 // Nothing to do 1153 } 1154 1155 if (needUpdate) { 1156 mSettings.updateIntentFilterVerificationStatusLPw( 1157 packageName, updatedStatus, userId); 1158 scheduleWritePackageRestrictionsLocked(userId); 1159 } 1160 } 1161 } 1162 } 1163 1164 @Override 1165 public boolean addOneIntentFilterVerification(int verifierUid, int userId, int verificationId, 1166 ActivityIntentInfo filter, String packageName) { 1167 if (!hasValidDomains(filter)) { 1168 return false; 1169 } 1170 IntentFilterVerificationState ivs = mIntentFilterVerificationStates.get(verificationId); 1171 if (ivs == null) { 1172 ivs = createDomainVerificationState(verifierUid, userId, verificationId, 1173 packageName); 1174 } 1175 if (DEBUG_DOMAIN_VERIFICATION) { 1176 Slog.d(TAG, "Adding verification filter for " + packageName + ": " + filter); 1177 } 1178 ivs.addFilter(filter); 1179 return true; 1180 } 1181 1182 private IntentFilterVerificationState createDomainVerificationState(int verifierUid, 1183 int userId, int verificationId, String packageName) { 1184 IntentFilterVerificationState ivs = new IntentFilterVerificationState( 1185 verifierUid, userId, packageName); 1186 ivs.setPendingState(); 1187 synchronized (mPackages) { 1188 mIntentFilterVerificationStates.append(verificationId, ivs); 1189 mCurrentIntentFilterVerifications.add(verificationId); 1190 } 1191 return ivs; 1192 } 1193 } 1194 1195 private static boolean hasValidDomains(ActivityIntentInfo filter) { 1196 return filter.hasCategory(Intent.CATEGORY_BROWSABLE) 1197 && (filter.hasDataScheme(IntentFilter.SCHEME_HTTP) || 1198 filter.hasDataScheme(IntentFilter.SCHEME_HTTPS)); 1199 } 1200 1201 // Set of pending broadcasts for aggregating enable/disable of components. 1202 static class PendingPackageBroadcasts { 1203 // for each user id, a map of <package name -> components within that package> 1204 final SparseArray<ArrayMap<String, ArrayList<String>>> mUidMap; 1205 1206 public PendingPackageBroadcasts() { 1207 mUidMap = new SparseArray<ArrayMap<String, ArrayList<String>>>(2); 1208 } 1209 1210 public ArrayList<String> get(int userId, String packageName) { 1211 ArrayMap<String, ArrayList<String>> packages = getOrAllocate(userId); 1212 return packages.get(packageName); 1213 } 1214 1215 public void put(int userId, String packageName, ArrayList<String> components) { 1216 ArrayMap<String, ArrayList<String>> packages = getOrAllocate(userId); 1217 packages.put(packageName, components); 1218 } 1219 1220 public void remove(int userId, String packageName) { 1221 ArrayMap<String, ArrayList<String>> packages = mUidMap.get(userId); 1222 if (packages != null) { 1223 packages.remove(packageName); 1224 } 1225 } 1226 1227 public void remove(int userId) { 1228 mUidMap.remove(userId); 1229 } 1230 1231 public int userIdCount() { 1232 return mUidMap.size(); 1233 } 1234 1235 public int userIdAt(int n) { 1236 return mUidMap.keyAt(n); 1237 } 1238 1239 public ArrayMap<String, ArrayList<String>> packagesForUserId(int userId) { 1240 return mUidMap.get(userId); 1241 } 1242 1243 public int size() { 1244 // total number of pending broadcast entries across all userIds 1245 int num = 0; 1246 for (int i = 0; i< mUidMap.size(); i++) { 1247 num += mUidMap.valueAt(i).size(); 1248 } 1249 return num; 1250 } 1251 1252 public void clear() { 1253 mUidMap.clear(); 1254 } 1255 1256 private ArrayMap<String, ArrayList<String>> getOrAllocate(int userId) { 1257 ArrayMap<String, ArrayList<String>> map = mUidMap.get(userId); 1258 if (map == null) { 1259 map = new ArrayMap<String, ArrayList<String>>(); 1260 mUidMap.put(userId, map); 1261 } 1262 return map; 1263 } 1264 } 1265 final PendingPackageBroadcasts mPendingBroadcasts = new PendingPackageBroadcasts(); 1266 1267 // Service Connection to remote media container service to copy 1268 // package uri's from external media onto secure containers 1269 // or internal storage. 1270 private IMediaContainerService mContainerService = null; 1271 1272 static final int SEND_PENDING_BROADCAST = 1; 1273 static final int MCS_BOUND = 3; 1274 static final int END_COPY = 4; 1275 static final int INIT_COPY = 5; 1276 static final int MCS_UNBIND = 6; 1277 static final int START_CLEANING_PACKAGE = 7; 1278 static final int FIND_INSTALL_LOC = 8; 1279 static final int POST_INSTALL = 9; 1280 static final int MCS_RECONNECT = 10; 1281 static final int MCS_GIVE_UP = 11; 1282 static final int UPDATED_MEDIA_STATUS = 12; 1283 static final int WRITE_SETTINGS = 13; 1284 static final int WRITE_PACKAGE_RESTRICTIONS = 14; 1285 static final int PACKAGE_VERIFIED = 15; 1286 static final int CHECK_PENDING_VERIFICATION = 16; 1287 static final int START_INTENT_FILTER_VERIFICATIONS = 17; 1288 static final int INTENT_FILTER_VERIFIED = 18; 1289 static final int WRITE_PACKAGE_LIST = 19; 1290 static final int INSTANT_APP_RESOLUTION_PHASE_TWO = 20; 1291 1292 static final int WRITE_SETTINGS_DELAY = 10*1000; // 10 seconds 1293 1294 // Delay time in millisecs 1295 static final int BROADCAST_DELAY = 10 * 1000; 1296 1297 static UserManagerService sUserManager; 1298 1299 // Stores a list of users whose package restrictions file needs to be updated 1300 private ArraySet<Integer> mDirtyUsers = new ArraySet<Integer>(); 1301 1302 final private DefaultContainerConnection mDefContainerConn = 1303 new DefaultContainerConnection(); 1304 class DefaultContainerConnection implements ServiceConnection { 1305 public void onServiceConnected(ComponentName name, IBinder service) { 1306 if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceConnected"); 1307 final IMediaContainerService imcs = IMediaContainerService.Stub 1308 .asInterface(Binder.allowBlocking(service)); 1309 mHandler.sendMessage(mHandler.obtainMessage(MCS_BOUND, imcs)); 1310 } 1311 1312 public void onServiceDisconnected(ComponentName name) { 1313 if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceDisconnected"); 1314 } 1315 } 1316 1317 // Recordkeeping of restore-after-install operations that are currently in flight 1318 // between the Package Manager and the Backup Manager 1319 static class PostInstallData { 1320 public InstallArgs args; 1321 public PackageInstalledInfo res; 1322 1323 PostInstallData(InstallArgs _a, PackageInstalledInfo _r) { 1324 args = _a; 1325 res = _r; 1326 } 1327 } 1328 1329 final SparseArray<PostInstallData> mRunningInstalls = new SparseArray<PostInstallData>(); 1330 int mNextInstallToken = 1; // nonzero; will be wrapped back to 1 when ++ overflows 1331 1332 // XML tags for backup/restore of various bits of state 1333 private static final String TAG_PREFERRED_BACKUP = "pa"; 1334 private static final String TAG_DEFAULT_APPS = "da"; 1335 private static final String TAG_INTENT_FILTER_VERIFICATION = "iv"; 1336 1337 private static final String TAG_PERMISSION_BACKUP = "perm-grant-backup"; 1338 private static final String TAG_ALL_GRANTS = "rt-grants"; 1339 private static final String TAG_GRANT = "grant"; 1340 private static final String ATTR_PACKAGE_NAME = "pkg"; 1341 1342 private static final String TAG_PERMISSION = "perm"; 1343 private static final String ATTR_PERMISSION_NAME = "name"; 1344 private static final String ATTR_IS_GRANTED = "g"; 1345 private static final String ATTR_USER_SET = "set"; 1346 private static final String ATTR_USER_FIXED = "fixed"; 1347 private static final String ATTR_REVOKE_ON_UPGRADE = "rou"; 1348 1349 // System/policy permission grants are not backed up 1350 private static final int SYSTEM_RUNTIME_GRANT_MASK = 1351 FLAG_PERMISSION_POLICY_FIXED 1352 | FLAG_PERMISSION_SYSTEM_FIXED 1353 | FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1354 1355 // And we back up these user-adjusted states 1356 private static final int USER_RUNTIME_GRANT_MASK = 1357 FLAG_PERMISSION_USER_SET 1358 | FLAG_PERMISSION_USER_FIXED 1359 | FLAG_PERMISSION_REVOKE_ON_UPGRADE; 1360 1361 final @Nullable String mRequiredVerifierPackage; 1362 final @NonNull String mRequiredInstallerPackage; 1363 final @NonNull String mRequiredUninstallerPackage; 1364 final @Nullable String mSetupWizardPackage; 1365 final @Nullable String mStorageManagerPackage; 1366 final @NonNull String mServicesSystemSharedLibraryPackageName; 1367 final @NonNull String mSharedSystemSharedLibraryPackageName; 1368 1369 final boolean mPermissionReviewRequired; 1370 1371 private final PackageUsage mPackageUsage = new PackageUsage(); 1372 private final CompilerStats mCompilerStats = new CompilerStats(); 1373 1374 class PackageHandler extends Handler { 1375 private boolean mBound = false; 1376 final ArrayList<HandlerParams> mPendingInstalls = 1377 new ArrayList<HandlerParams>(); 1378 1379 private boolean connectToService() { 1380 if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to bind to" + 1381 " DefaultContainerService"); 1382 Intent service = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); 1383 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1384 if (mContext.bindServiceAsUser(service, mDefContainerConn, 1385 Context.BIND_AUTO_CREATE, UserHandle.SYSTEM)) { 1386 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1387 mBound = true; 1388 return true; 1389 } 1390 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1391 return false; 1392 } 1393 1394 private void disconnectService() { 1395 mContainerService = null; 1396 mBound = false; 1397 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1398 mContext.unbindService(mDefContainerConn); 1399 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1400 } 1401 1402 PackageHandler(Looper looper) { 1403 super(looper); 1404 } 1405 1406 public void handleMessage(Message msg) { 1407 try { 1408 doHandleMessage(msg); 1409 } finally { 1410 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1411 } 1412 } 1413 1414 void doHandleMessage(Message msg) { 1415 switch (msg.what) { 1416 case INIT_COPY: { 1417 HandlerParams params = (HandlerParams) msg.obj; 1418 int idx = mPendingInstalls.size(); 1419 if (DEBUG_INSTALL) Slog.i(TAG, "init_copy idx=" + idx + ": " + params); 1420 // If a bind was already initiated we dont really 1421 // need to do anything. The pending install 1422 // will be processed later on. 1423 if (!mBound) { 1424 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS", 1425 System.identityHashCode(mHandler)); 1426 // If this is the only one pending we might 1427 // have to bind to the service again. 1428 if (!connectToService()) { 1429 Slog.e(TAG, "Failed to bind to media container service"); 1430 params.serviceError(); 1431 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS", 1432 System.identityHashCode(mHandler)); 1433 if (params.traceMethod != null) { 1434 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, params.traceMethod, 1435 params.traceCookie); 1436 } 1437 return; 1438 } else { 1439 // Once we bind to the service, the first 1440 // pending request will be processed. 1441 mPendingInstalls.add(idx, params); 1442 } 1443 } else { 1444 mPendingInstalls.add(idx, params); 1445 // Already bound to the service. Just make 1446 // sure we trigger off processing the first request. 1447 if (idx == 0) { 1448 mHandler.sendEmptyMessage(MCS_BOUND); 1449 } 1450 } 1451 break; 1452 } 1453 case MCS_BOUND: { 1454 if (DEBUG_INSTALL) Slog.i(TAG, "mcs_bound"); 1455 if (msg.obj != null) { 1456 mContainerService = (IMediaContainerService) msg.obj; 1457 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS", 1458 System.identityHashCode(mHandler)); 1459 } 1460 if (mContainerService == null) { 1461 if (!mBound) { 1462 // Something seriously wrong since we are not bound and we are not 1463 // waiting for connection. Bail out. 1464 Slog.e(TAG, "Cannot bind to media container service"); 1465 for (HandlerParams params : mPendingInstalls) { 1466 // Indicate service bind error 1467 params.serviceError(); 1468 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 1469 System.identityHashCode(params)); 1470 if (params.traceMethod != null) { 1471 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, 1472 params.traceMethod, params.traceCookie); 1473 } 1474 return; 1475 } 1476 mPendingInstalls.clear(); 1477 } else { 1478 Slog.w(TAG, "Waiting to connect to media container service"); 1479 } 1480 } else if (mPendingInstalls.size() > 0) { 1481 HandlerParams params = mPendingInstalls.get(0); 1482 if (params != null) { 1483 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 1484 System.identityHashCode(params)); 1485 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "startCopy"); 1486 if (params.startCopy()) { 1487 // We are done... look for more work or to 1488 // go idle. 1489 if (DEBUG_SD_INSTALL) Log.i(TAG, 1490 "Checking for more work or unbind..."); 1491 // Delete pending install 1492 if (mPendingInstalls.size() > 0) { 1493 mPendingInstalls.remove(0); 1494 } 1495 if (mPendingInstalls.size() == 0) { 1496 if (mBound) { 1497 if (DEBUG_SD_INSTALL) Log.i(TAG, 1498 "Posting delayed MCS_UNBIND"); 1499 removeMessages(MCS_UNBIND); 1500 Message ubmsg = obtainMessage(MCS_UNBIND); 1501 // Unbind after a little delay, to avoid 1502 // continual thrashing. 1503 sendMessageDelayed(ubmsg, 10000); 1504 } 1505 } else { 1506 // There are more pending requests in queue. 1507 // Just post MCS_BOUND message to trigger processing 1508 // of next pending install. 1509 if (DEBUG_SD_INSTALL) Log.i(TAG, 1510 "Posting MCS_BOUND for next work"); 1511 mHandler.sendEmptyMessage(MCS_BOUND); 1512 } 1513 } 1514 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 1515 } 1516 } else { 1517 // Should never happen ideally. 1518 Slog.w(TAG, "Empty queue"); 1519 } 1520 break; 1521 } 1522 case MCS_RECONNECT: { 1523 if (DEBUG_INSTALL) Slog.i(TAG, "mcs_reconnect"); 1524 if (mPendingInstalls.size() > 0) { 1525 if (mBound) { 1526 disconnectService(); 1527 } 1528 if (!connectToService()) { 1529 Slog.e(TAG, "Failed to bind to media container service"); 1530 for (HandlerParams params : mPendingInstalls) { 1531 // Indicate service bind error 1532 params.serviceError(); 1533 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 1534 System.identityHashCode(params)); 1535 } 1536 mPendingInstalls.clear(); 1537 } 1538 } 1539 break; 1540 } 1541 case MCS_UNBIND: { 1542 // If there is no actual work left, then time to unbind. 1543 if (DEBUG_INSTALL) Slog.i(TAG, "mcs_unbind"); 1544 1545 if (mPendingInstalls.size() == 0 && mPendingVerification.size() == 0) { 1546 if (mBound) { 1547 if (DEBUG_INSTALL) Slog.i(TAG, "calling disconnectService()"); 1548 1549 disconnectService(); 1550 } 1551 } else if (mPendingInstalls.size() > 0) { 1552 // There are more pending requests in queue. 1553 // Just post MCS_BOUND message to trigger processing 1554 // of next pending install. 1555 mHandler.sendEmptyMessage(MCS_BOUND); 1556 } 1557 1558 break; 1559 } 1560 case MCS_GIVE_UP: { 1561 if (DEBUG_INSTALL) Slog.i(TAG, "mcs_giveup too many retries"); 1562 HandlerParams params = mPendingInstalls.remove(0); 1563 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 1564 System.identityHashCode(params)); 1565 break; 1566 } 1567 case SEND_PENDING_BROADCAST: { 1568 String packages[]; 1569 ArrayList<String> components[]; 1570 int size = 0; 1571 int uids[]; 1572 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1573 synchronized (mPackages) { 1574 if (mPendingBroadcasts == null) { 1575 return; 1576 } 1577 size = mPendingBroadcasts.size(); 1578 if (size <= 0) { 1579 // Nothing to be done. Just return 1580 return; 1581 } 1582 packages = new String[size]; 1583 components = new ArrayList[size]; 1584 uids = new int[size]; 1585 int i = 0; // filling out the above arrays 1586 1587 for (int n = 0; n < mPendingBroadcasts.userIdCount(); n++) { 1588 int packageUserId = mPendingBroadcasts.userIdAt(n); 1589 Iterator<Map.Entry<String, ArrayList<String>>> it 1590 = mPendingBroadcasts.packagesForUserId(packageUserId) 1591 .entrySet().iterator(); 1592 while (it.hasNext() && i < size) { 1593 Map.Entry<String, ArrayList<String>> ent = it.next(); 1594 packages[i] = ent.getKey(); 1595 components[i] = ent.getValue(); 1596 PackageSetting ps = mSettings.mPackages.get(ent.getKey()); 1597 uids[i] = (ps != null) 1598 ? UserHandle.getUid(packageUserId, ps.appId) 1599 : -1; 1600 i++; 1601 } 1602 } 1603 size = i; 1604 mPendingBroadcasts.clear(); 1605 } 1606 // Send broadcasts 1607 for (int i = 0; i < size; i++) { 1608 sendPackageChangedBroadcast(packages[i], true, components[i], uids[i]); 1609 } 1610 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1611 break; 1612 } 1613 case START_CLEANING_PACKAGE: { 1614 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1615 final String packageName = (String)msg.obj; 1616 final int userId = msg.arg1; 1617 final boolean andCode = msg.arg2 != 0; 1618 synchronized (mPackages) { 1619 if (userId == UserHandle.USER_ALL) { 1620 int[] users = sUserManager.getUserIds(); 1621 for (int user : users) { 1622 mSettings.addPackageToCleanLPw( 1623 new PackageCleanItem(user, packageName, andCode)); 1624 } 1625 } else { 1626 mSettings.addPackageToCleanLPw( 1627 new PackageCleanItem(userId, packageName, andCode)); 1628 } 1629 } 1630 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1631 startCleaningPackages(); 1632 } break; 1633 case POST_INSTALL: { 1634 if (DEBUG_INSTALL) Log.v(TAG, "Handling post-install for " + msg.arg1); 1635 1636 PostInstallData data = mRunningInstalls.get(msg.arg1); 1637 final boolean didRestore = (msg.arg2 != 0); 1638 mRunningInstalls.delete(msg.arg1); 1639 1640 if (data != null) { 1641 InstallArgs args = data.args; 1642 PackageInstalledInfo parentRes = data.res; 1643 1644 final boolean grantPermissions = (args.installFlags 1645 & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0; 1646 final boolean killApp = (args.installFlags 1647 & PackageManager.INSTALL_DONT_KILL_APP) == 0; 1648 final String[] grantedPermissions = args.installGrantPermissions; 1649 1650 // Handle the parent package 1651 handlePackagePostInstall(parentRes, grantPermissions, killApp, 1652 grantedPermissions, didRestore, args.installerPackageName, 1653 args.observer); 1654 1655 // Handle the child packages 1656 final int childCount = (parentRes.addedChildPackages != null) 1657 ? parentRes.addedChildPackages.size() : 0; 1658 for (int i = 0; i < childCount; i++) { 1659 PackageInstalledInfo childRes = parentRes.addedChildPackages.valueAt(i); 1660 handlePackagePostInstall(childRes, grantPermissions, killApp, 1661 grantedPermissions, false, args.installerPackageName, 1662 args.observer); 1663 } 1664 1665 // Log tracing if needed 1666 if (args.traceMethod != null) { 1667 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, args.traceMethod, 1668 args.traceCookie); 1669 } 1670 } else { 1671 Slog.e(TAG, "Bogus post-install token " + msg.arg1); 1672 } 1673 1674 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "postInstall", msg.arg1); 1675 } break; 1676 case UPDATED_MEDIA_STATUS: { 1677 if (DEBUG_SD_INSTALL) Log.i(TAG, "Got message UPDATED_MEDIA_STATUS"); 1678 boolean reportStatus = msg.arg1 == 1; 1679 boolean doGc = msg.arg2 == 1; 1680 if (DEBUG_SD_INSTALL) Log.i(TAG, "reportStatus=" + reportStatus + ", doGc = " + doGc); 1681 if (doGc) { 1682 // Force a gc to clear up stale containers. 1683 Runtime.getRuntime().gc(); 1684 } 1685 if (msg.obj != null) { 1686 @SuppressWarnings("unchecked") 1687 Set<AsecInstallArgs> args = (Set<AsecInstallArgs>) msg.obj; 1688 if (DEBUG_SD_INSTALL) Log.i(TAG, "Unloading all containers"); 1689 // Unload containers 1690 unloadAllContainers(args); 1691 } 1692 if (reportStatus) { 1693 try { 1694 if (DEBUG_SD_INSTALL) Log.i(TAG, 1695 "Invoking StorageManagerService call back"); 1696 PackageHelper.getStorageManager().finishMediaUpdate(); 1697 } catch (RemoteException e) { 1698 Log.e(TAG, "StorageManagerService not running?"); 1699 } 1700 } 1701 } break; 1702 case WRITE_SETTINGS: { 1703 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1704 synchronized (mPackages) { 1705 removeMessages(WRITE_SETTINGS); 1706 removeMessages(WRITE_PACKAGE_RESTRICTIONS); 1707 mSettings.writeLPr(); 1708 mDirtyUsers.clear(); 1709 } 1710 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1711 } break; 1712 case WRITE_PACKAGE_RESTRICTIONS: { 1713 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1714 synchronized (mPackages) { 1715 removeMessages(WRITE_PACKAGE_RESTRICTIONS); 1716 for (int userId : mDirtyUsers) { 1717 mSettings.writePackageRestrictionsLPr(userId); 1718 } 1719 mDirtyUsers.clear(); 1720 } 1721 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1722 } break; 1723 case WRITE_PACKAGE_LIST: { 1724 Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); 1725 synchronized (mPackages) { 1726 removeMessages(WRITE_PACKAGE_LIST); 1727 mSettings.writePackageListLPr(msg.arg1); 1728 } 1729 Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); 1730 } break; 1731 case CHECK_PENDING_VERIFICATION: { 1732 final int verificationId = msg.arg1; 1733 final PackageVerificationState state = mPendingVerification.get(verificationId); 1734 1735 if ((state != null) && !state.timeoutExtended()) { 1736 final InstallArgs args = state.getInstallArgs(); 1737 final Uri originUri = Uri.fromFile(args.origin.resolvedFile); 1738 1739 Slog.i(TAG, "Verification timed out for " + originUri); 1740 mPendingVerification.remove(verificationId); 1741 1742 int ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; 1743 1744 if (getDefaultVerificationResponse() == PackageManager.VERIFICATION_ALLOW) { 1745 Slog.i(TAG, "Continuing with installation of " + originUri); 1746 state.setVerifierResponse(Binder.getCallingUid(), 1747 PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT); 1748 broadcastPackageVerified(verificationId, originUri, 1749 PackageManager.VERIFICATION_ALLOW, 1750 state.getInstallArgs().getUser()); 1751 try { 1752 ret = args.copyApk(mContainerService, true); 1753 } catch (RemoteException e) { 1754 Slog.e(TAG, "Could not contact the ContainerService"); 1755 } 1756 } else { 1757 broadcastPackageVerified(verificationId, originUri, 1758 PackageManager.VERIFICATION_REJECT, 1759 state.getInstallArgs().getUser()); 1760 } 1761 1762 Trace.asyncTraceEnd( 1763 TRACE_TAG_PACKAGE_MANAGER, "verification", verificationId); 1764 1765 processPendingInstall(args, ret); 1766 mHandler.sendEmptyMessage(MCS_UNBIND); 1767 } 1768 break; 1769 } 1770 case PACKAGE_VERIFIED: { 1771 final int verificationId = msg.arg1; 1772 1773 final PackageVerificationState state = mPendingVerification.get(verificationId); 1774 if (state == null) { 1775 Slog.w(TAG, "Invalid verification token " + verificationId + " received"); 1776 break; 1777 } 1778 1779 final PackageVerificationResponse response = (PackageVerificationResponse) msg.obj; 1780 1781 state.setVerifierResponse(response.callerUid, response.code); 1782 1783 if (state.isVerificationComplete()) { 1784 mPendingVerification.remove(verificationId); 1785 1786 final InstallArgs args = state.getInstallArgs(); 1787 final Uri originUri = Uri.fromFile(args.origin.resolvedFile); 1788 1789 int ret; 1790 if (state.isInstallAllowed()) { 1791 ret = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; 1792 broadcastPackageVerified(verificationId, originUri, 1793 response.code, state.getInstallArgs().getUser()); 1794 try { 1795 ret = args.copyApk(mContainerService, true); 1796 } catch (RemoteException e) { 1797 Slog.e(TAG, "Could not contact the ContainerService"); 1798 } 1799 } else { 1800 ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; 1801 } 1802 1803 Trace.asyncTraceEnd( 1804 TRACE_TAG_PACKAGE_MANAGER, "verification", verificationId); 1805 1806 processPendingInstall(args, ret); 1807 mHandler.sendEmptyMessage(MCS_UNBIND); 1808 } 1809 1810 break; 1811 } 1812 case START_INTENT_FILTER_VERIFICATIONS: { 1813 IFVerificationParams params = (IFVerificationParams) msg.obj; 1814 verifyIntentFiltersIfNeeded(params.userId, params.verifierUid, 1815 params.replacing, params.pkg); 1816 break; 1817 } 1818 case INTENT_FILTER_VERIFIED: { 1819 final int verificationId = msg.arg1; 1820 1821 final IntentFilterVerificationState state = mIntentFilterVerificationStates.get( 1822 verificationId); 1823 if (state == null) { 1824 Slog.w(TAG, "Invalid IntentFilter verification token " 1825 + verificationId + " received"); 1826 break; 1827 } 1828 1829 final int userId = state.getUserId(); 1830 1831 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 1832 "Processing IntentFilter verification with token:" 1833 + verificationId + " and userId:" + userId); 1834 1835 final IntentFilterVerificationResponse response = 1836 (IntentFilterVerificationResponse) msg.obj; 1837 1838 state.setVerifierResponse(response.callerUid, response.code); 1839 1840 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 1841 "IntentFilter verification with token:" + verificationId 1842 + " and userId:" + userId 1843 + " is settings verifier response with response code:" 1844 + response.code); 1845 1846 if (response.code == PackageManager.INTENT_FILTER_VERIFICATION_FAILURE) { 1847 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Domains failing verification: " 1848 + response.getFailedDomainsString()); 1849 } 1850 1851 if (state.isVerificationComplete()) { 1852 mIntentFilterVerifier.receiveVerificationResponse(verificationId); 1853 } else { 1854 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 1855 "IntentFilter verification with token:" + verificationId 1856 + " was not said to be complete"); 1857 } 1858 1859 break; 1860 } 1861 case INSTANT_APP_RESOLUTION_PHASE_TWO: { 1862 InstantAppResolver.doInstantAppResolutionPhaseTwo(mContext, 1863 mInstantAppResolverConnection, 1864 (InstantAppRequest) msg.obj, 1865 mInstantAppInstallerActivity, 1866 mHandler); 1867 } 1868 } 1869 } 1870 } 1871 1872 private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions, 1873 boolean killApp, String[] grantedPermissions, 1874 boolean launchedForRestore, String installerPackage, 1875 IPackageInstallObserver2 installObserver) { 1876 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { 1877 // Send the removed broadcasts 1878 if (res.removedInfo != null) { 1879 res.removedInfo.sendPackageRemovedBroadcasts(killApp); 1880 } 1881 1882 // Now that we successfully installed the package, grant runtime 1883 // permissions if requested before broadcasting the install. Also 1884 // for legacy apps in permission review mode we clear the permission 1885 // review flag which is used to emulate runtime permissions for 1886 // legacy apps. 1887 if (grantPermissions) { 1888 grantRequestedRuntimePermissions(res.pkg, res.newUsers, grantedPermissions); 1889 } 1890 1891 final boolean update = res.removedInfo != null 1892 && res.removedInfo.removedPackage != null; 1893 final String origInstallerPackageName = res.removedInfo != null 1894 ? res.removedInfo.installerPackageName : null; 1895 1896 // If this is the first time we have child packages for a disabled privileged 1897 // app that had no children, we grant requested runtime permissions to the new 1898 // children if the parent on the system image had them already granted. 1899 if (res.pkg.parentPackage != null) { 1900 synchronized (mPackages) { 1901 grantRuntimePermissionsGrantedToDisabledPrivSysPackageParentLPw(res.pkg); 1902 } 1903 } 1904 1905 synchronized (mPackages) { 1906 mInstantAppRegistry.onPackageInstalledLPw(res.pkg, res.newUsers); 1907 } 1908 1909 final String packageName = res.pkg.applicationInfo.packageName; 1910 1911 // Determine the set of users who are adding this package for 1912 // the first time vs. those who are seeing an update. 1913 int[] firstUsers = EMPTY_INT_ARRAY; 1914 int[] updateUsers = EMPTY_INT_ARRAY; 1915 final boolean allNewUsers = res.origUsers == null || res.origUsers.length == 0; 1916 final PackageSetting ps = (PackageSetting) res.pkg.mExtras; 1917 for (int newUser : res.newUsers) { 1918 if (ps.getInstantApp(newUser)) { 1919 continue; 1920 } 1921 if (allNewUsers) { 1922 firstUsers = ArrayUtils.appendInt(firstUsers, newUser); 1923 continue; 1924 } 1925 boolean isNew = true; 1926 for (int origUser : res.origUsers) { 1927 if (origUser == newUser) { 1928 isNew = false; 1929 break; 1930 } 1931 } 1932 if (isNew) { 1933 firstUsers = ArrayUtils.appendInt(firstUsers, newUser); 1934 } else { 1935 updateUsers = ArrayUtils.appendInt(updateUsers, newUser); 1936 } 1937 } 1938 1939 // Send installed broadcasts if the package is not a static shared lib. 1940 if (res.pkg.staticSharedLibName == null) { 1941 mProcessLoggingHandler.invalidateProcessLoggingBaseApkHash(res.pkg.baseCodePath); 1942 1943 // Send added for users that see the package for the first time 1944 // sendPackageAddedForNewUsers also deals with system apps 1945 int appId = UserHandle.getAppId(res.uid); 1946 boolean isSystem = res.pkg.applicationInfo.isSystemApp(); 1947 sendPackageAddedForNewUsers(packageName, isSystem, appId, firstUsers); 1948 1949 // Send added for users that don't see the package for the first time 1950 Bundle extras = new Bundle(1); 1951 extras.putInt(Intent.EXTRA_UID, res.uid); 1952 if (update) { 1953 extras.putBoolean(Intent.EXTRA_REPLACING, true); 1954 } 1955 sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName, 1956 extras, 0 /*flags*/, 1957 null /*targetPackage*/, null /*finishedReceiver*/, updateUsers); 1958 if (origInstallerPackageName != null) { 1959 sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName, 1960 extras, 0 /*flags*/, 1961 origInstallerPackageName, null /*finishedReceiver*/, updateUsers); 1962 } 1963 1964 // Send replaced for users that don't see the package for the first time 1965 if (update) { 1966 sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, 1967 packageName, extras, 0 /*flags*/, 1968 null /*targetPackage*/, null /*finishedReceiver*/, 1969 updateUsers); 1970 if (origInstallerPackageName != null) { 1971 sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, packageName, 1972 extras, 0 /*flags*/, 1973 origInstallerPackageName, null /*finishedReceiver*/, updateUsers); 1974 } 1975 sendPackageBroadcast(Intent.ACTION_MY_PACKAGE_REPLACED, 1976 null /*package*/, null /*extras*/, 0 /*flags*/, 1977 packageName /*targetPackage*/, 1978 null /*finishedReceiver*/, updateUsers); 1979 } else if (launchedForRestore && !isSystemApp(res.pkg)) { 1980 // First-install and we did a restore, so we're responsible for the 1981 // first-launch broadcast. 1982 if (DEBUG_BACKUP) { 1983 Slog.i(TAG, "Post-restore of " + packageName 1984 + " sending FIRST_LAUNCH in " + Arrays.toString(firstUsers)); 1985 } 1986 sendFirstLaunchBroadcast(packageName, installerPackage, firstUsers); 1987 } 1988 1989 // Send broadcast package appeared if forward locked/external for all users 1990 // treat asec-hosted packages like removable media on upgrade 1991 if (res.pkg.isForwardLocked() || isExternal(res.pkg)) { 1992 if (DEBUG_INSTALL) { 1993 Slog.i(TAG, "upgrading pkg " + res.pkg 1994 + " is ASEC-hosted -> AVAILABLE"); 1995 } 1996 final int[] uidArray = new int[]{res.pkg.applicationInfo.uid}; 1997 ArrayList<String> pkgList = new ArrayList<>(1); 1998 pkgList.add(packageName); 1999 sendResourcesChangedBroadcast(true, true, pkgList, uidArray, null); 2000 } 2001 } 2002 2003 // Work that needs to happen on first install within each user 2004 if (firstUsers != null && firstUsers.length > 0) { 2005 synchronized (mPackages) { 2006 for (int userId : firstUsers) { 2007 // If this app is a browser and it's newly-installed for some 2008 // users, clear any default-browser state in those users. The 2009 // app's nature doesn't depend on the user, so we can just check 2010 // its browser nature in any user and generalize. 2011 if (packageIsBrowser(packageName, userId)) { 2012 mSettings.setDefaultBrowserPackageNameLPw(null, userId); 2013 } 2014 2015 // We may also need to apply pending (restored) runtime 2016 // permission grants within these users. 2017 mSettings.applyPendingPermissionGrantsLPw(packageName, userId); 2018 } 2019 } 2020 } 2021 2022 // Log current value of "unknown sources" setting 2023 EventLog.writeEvent(EventLogTags.UNKNOWN_SOURCES_ENABLED, 2024 getUnknownSourcesSettings()); 2025 2026 // Force a gc to clear up things 2027 Runtime.getRuntime().gc(); 2028 2029 // Remove the replaced package's older resources safely now 2030 // We delete after a gc for applications on sdcard. 2031 if (res.removedInfo != null && res.removedInfo.args != null) { 2032 synchronized (mInstallLock) { 2033 res.removedInfo.args.doPostDeleteLI(true); 2034 } 2035 } 2036 2037 // Notify DexManager that the package was installed for new users. 2038 // The updated users should already be indexed and the package code paths 2039 // should not change. 2040 // Don't notify the manager for ephemeral apps as they are not expected to 2041 // survive long enough to benefit of background optimizations. 2042 for (int userId : firstUsers) { 2043 PackageInfo info = getPackageInfo(packageName, /*flags*/ 0, userId); 2044 // There's a race currently where some install events may interleave with an uninstall. 2045 // This can lead to package info being null (b/36642664). 2046 if (info != null) { 2047 mDexManager.notifyPackageInstalled(info, userId); 2048 } 2049 } 2050 } 2051 2052 // If someone is watching installs - notify them 2053 if (installObserver != null) { 2054 try { 2055 Bundle extras = extrasForInstallResult(res); 2056 installObserver.onPackageInstalled(res.name, res.returnCode, 2057 res.returnMsg, extras); 2058 } catch (RemoteException e) { 2059 Slog.i(TAG, "Observer no longer exists."); 2060 } 2061 } 2062 } 2063 2064 private void grantRuntimePermissionsGrantedToDisabledPrivSysPackageParentLPw( 2065 PackageParser.Package pkg) { 2066 if (pkg.parentPackage == null) { 2067 return; 2068 } 2069 if (pkg.requestedPermissions == null) { 2070 return; 2071 } 2072 final PackageSetting disabledSysParentPs = mSettings 2073 .getDisabledSystemPkgLPr(pkg.parentPackage.packageName); 2074 if (disabledSysParentPs == null || disabledSysParentPs.pkg == null 2075 || !disabledSysParentPs.isPrivileged() 2076 || (disabledSysParentPs.childPackageNames != null 2077 && !disabledSysParentPs.childPackageNames.isEmpty())) { 2078 return; 2079 } 2080 final int[] allUserIds = sUserManager.getUserIds(); 2081 final int permCount = pkg.requestedPermissions.size(); 2082 for (int i = 0; i < permCount; i++) { 2083 String permission = pkg.requestedPermissions.get(i); 2084 BasePermission bp = mSettings.mPermissions.get(permission); 2085 if (bp == null || !(bp.isRuntime() || bp.isDevelopment())) { 2086 continue; 2087 } 2088 for (int userId : allUserIds) { 2089 if (disabledSysParentPs.getPermissionsState().hasRuntimePermission( 2090 permission, userId)) { 2091 grantRuntimePermission(pkg.packageName, permission, userId); 2092 } 2093 } 2094 } 2095 } 2096 2097 private StorageEventListener mStorageListener = new StorageEventListener() { 2098 @Override 2099 public void onVolumeStateChanged(VolumeInfo vol, int oldState, int newState) { 2100 if (vol.type == VolumeInfo.TYPE_PRIVATE) { 2101 if (vol.state == VolumeInfo.STATE_MOUNTED) { 2102 final String volumeUuid = vol.getFsUuid(); 2103 2104 // Clean up any users or apps that were removed or recreated 2105 // while this volume was missing 2106 sUserManager.reconcileUsers(volumeUuid); 2107 reconcileApps(volumeUuid); 2108 2109 // Clean up any install sessions that expired or were 2110 // cancelled while this volume was missing 2111 mInstallerService.onPrivateVolumeMounted(volumeUuid); 2112 2113 loadPrivatePackages(vol); 2114 2115 } else if (vol.state == VolumeInfo.STATE_EJECTING) { 2116 unloadPrivatePackages(vol); 2117 } 2118 } 2119 2120 if (vol.type == VolumeInfo.TYPE_PUBLIC && vol.isPrimary()) { 2121 if (vol.state == VolumeInfo.STATE_MOUNTED) { 2122 updateExternalMediaStatus(true, false); 2123 } else if (vol.state == VolumeInfo.STATE_EJECTING) { 2124 updateExternalMediaStatus(false, false); 2125 } 2126 } 2127 } 2128 2129 @Override 2130 public void onVolumeForgotten(String fsUuid) { 2131 if (TextUtils.isEmpty(fsUuid)) { 2132 Slog.e(TAG, "Forgetting internal storage is probably a mistake; ignoring"); 2133 return; 2134 } 2135 2136 // Remove any apps installed on the forgotten volume 2137 synchronized (mPackages) { 2138 final List<PackageSetting> packages = mSettings.getVolumePackagesLPr(fsUuid); 2139 for (PackageSetting ps : packages) { 2140 Slog.d(TAG, "Destroying " + ps.name + " because volume was forgotten"); 2141 deletePackageVersioned(new VersionedPackage(ps.name, 2142 PackageManager.VERSION_CODE_HIGHEST), 2143 new LegacyPackageDeleteObserver(null).getBinder(), 2144 UserHandle.USER_SYSTEM, PackageManager.DELETE_ALL_USERS); 2145 // Try very hard to release any references to this package 2146 // so we don't risk the system server being killed due to 2147 // open FDs 2148 AttributeCache.instance().removePackage(ps.name); 2149 } 2150 2151 mSettings.onVolumeForgotten(fsUuid); 2152 mSettings.writeLPr(); 2153 } 2154 } 2155 }; 2156 2157 private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds, 2158 String[] grantedPermissions) { 2159 for (int userId : userIds) { 2160 grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions); 2161 } 2162 } 2163 2164 private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, 2165 String[] grantedPermissions) { 2166 SettingBase sb = (SettingBase) pkg.mExtras; 2167 if (sb == null) { 2168 return; 2169 } 2170 2171 PermissionsState permissionsState = sb.getPermissionsState(); 2172 2173 final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 2174 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 2175 2176 final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion 2177 >= Build.VERSION_CODES.M; 2178 2179 final boolean instantApp = isInstantApp(pkg.packageName, userId); 2180 2181 for (String permission : pkg.requestedPermissions) { 2182 final BasePermission bp; 2183 synchronized (mPackages) { 2184 bp = mSettings.mPermissions.get(permission); 2185 } 2186 if (bp != null && (bp.isRuntime() || bp.isDevelopment()) 2187 && (!instantApp || bp.isInstant()) 2188 && (supportsRuntimePermissions || !bp.isRuntimeOnly()) 2189 && (grantedPermissions == null 2190 || ArrayUtils.contains(grantedPermissions, permission))) { 2191 final int flags = permissionsState.getPermissionFlags(permission, userId); 2192 if (supportsRuntimePermissions) { 2193 // Installer cannot change immutable permissions. 2194 if ((flags & immutableFlags) == 0) { 2195 grantRuntimePermission(pkg.packageName, permission, userId); 2196 } 2197 } else if (mPermissionReviewRequired) { 2198 // In permission review mode we clear the review flag when we 2199 // are asked to install the app with all permissions granted. 2200 if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { 2201 updatePermissionFlags(permission, pkg.packageName, 2202 PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, userId); 2203 } 2204 } 2205 } 2206 } 2207 } 2208 2209 Bundle extrasForInstallResult(PackageInstalledInfo res) { 2210 Bundle extras = null; 2211 switch (res.returnCode) { 2212 case PackageManager.INSTALL_FAILED_DUPLICATE_PERMISSION: { 2213 extras = new Bundle(); 2214 extras.putString(PackageManager.EXTRA_FAILURE_EXISTING_PERMISSION, 2215 res.origPermission); 2216 extras.putString(PackageManager.EXTRA_FAILURE_EXISTING_PACKAGE, 2217 res.origPackage); 2218 break; 2219 } 2220 case PackageManager.INSTALL_SUCCEEDED: { 2221 extras = new Bundle(); 2222 extras.putBoolean(Intent.EXTRA_REPLACING, 2223 res.removedInfo != null && res.removedInfo.removedPackage != null); 2224 break; 2225 } 2226 } 2227 return extras; 2228 } 2229 2230 void scheduleWriteSettingsLocked() { 2231 if (!mHandler.hasMessages(WRITE_SETTINGS)) { 2232 mHandler.sendEmptyMessageDelayed(WRITE_SETTINGS, WRITE_SETTINGS_DELAY); 2233 } 2234 } 2235 2236 void scheduleWritePackageListLocked(int userId) { 2237 if (!mHandler.hasMessages(WRITE_PACKAGE_LIST)) { 2238 Message msg = mHandler.obtainMessage(WRITE_PACKAGE_LIST); 2239 msg.arg1 = userId; 2240 mHandler.sendMessageDelayed(msg, WRITE_SETTINGS_DELAY); 2241 } 2242 } 2243 2244 void scheduleWritePackageRestrictionsLocked(UserHandle user) { 2245 final int userId = user == null ? UserHandle.USER_ALL : user.getIdentifier(); 2246 scheduleWritePackageRestrictionsLocked(userId); 2247 } 2248 2249 void scheduleWritePackageRestrictionsLocked(int userId) { 2250 final int[] userIds = (userId == UserHandle.USER_ALL) 2251 ? sUserManager.getUserIds() : new int[]{userId}; 2252 for (int nextUserId : userIds) { 2253 if (!sUserManager.exists(nextUserId)) return; 2254 mDirtyUsers.add(nextUserId); 2255 if (!mHandler.hasMessages(WRITE_PACKAGE_RESTRICTIONS)) { 2256 mHandler.sendEmptyMessageDelayed(WRITE_PACKAGE_RESTRICTIONS, WRITE_SETTINGS_DELAY); 2257 } 2258 } 2259 } 2260 2261 public static PackageManagerService main(Context context, Installer installer, 2262 boolean factoryTest, boolean onlyCore) { 2263 // Self-check for initial settings. 2264 PackageManagerServiceCompilerMapping.checkProperties(); 2265 2266 PackageManagerService m = new PackageManagerService(context, installer, 2267 factoryTest, onlyCore); 2268 m.enableSystemUserPackages(); 2269 ServiceManager.addService("package", m); 2270 return m; 2271 } 2272 2273 private void enableSystemUserPackages() { 2274 if (!UserManager.isSplitSystemUser()) { 2275 return; 2276 } 2277 // For system user, enable apps based on the following conditions: 2278 // - app is whitelisted or belong to one of these groups: 2279 // -- system app which has no launcher icons 2280 // -- system app which has INTERACT_ACROSS_USERS permission 2281 // -- system IME app 2282 // - app is not in the blacklist 2283 AppsQueryHelper queryHelper = new AppsQueryHelper(this); 2284 Set<String> enableApps = new ArraySet<>(); 2285 enableApps.addAll(queryHelper.queryApps(AppsQueryHelper.GET_NON_LAUNCHABLE_APPS 2286 | AppsQueryHelper.GET_APPS_WITH_INTERACT_ACROSS_USERS_PERM 2287 | AppsQueryHelper.GET_IMES, /* systemAppsOnly */ true, UserHandle.SYSTEM)); 2288 ArraySet<String> wlApps = SystemConfig.getInstance().getSystemUserWhitelistedApps(); 2289 enableApps.addAll(wlApps); 2290 enableApps.addAll(queryHelper.queryApps(AppsQueryHelper.GET_REQUIRED_FOR_SYSTEM_USER, 2291 /* systemAppsOnly */ false, UserHandle.SYSTEM)); 2292 ArraySet<String> blApps = SystemConfig.getInstance().getSystemUserBlacklistedApps(); 2293 enableApps.removeAll(blApps); 2294 Log.i(TAG, "Applications installed for system user: " + enableApps); 2295 List<String> allAps = queryHelper.queryApps(0, /* systemAppsOnly */ false, 2296 UserHandle.SYSTEM); 2297 final int allAppsSize = allAps.size(); 2298 synchronized (mPackages) { 2299 for (int i = 0; i < allAppsSize; i++) { 2300 String pName = allAps.get(i); 2301 PackageSetting pkgSetting = mSettings.mPackages.get(pName); 2302 // Should not happen, but we shouldn't be failing if it does 2303 if (pkgSetting == null) { 2304 continue; 2305 } 2306 boolean install = enableApps.contains(pName); 2307 if (pkgSetting.getInstalled(UserHandle.USER_SYSTEM) != install) { 2308 Log.i(TAG, (install ? "Installing " : "Uninstalling ") + pName 2309 + " for system user"); 2310 pkgSetting.setInstalled(install, UserHandle.USER_SYSTEM); 2311 } 2312 } 2313 scheduleWritePackageRestrictionsLocked(UserHandle.USER_SYSTEM); 2314 } 2315 } 2316 2317 private static void getDefaultDisplayMetrics(Context context, DisplayMetrics metrics) { 2318 DisplayManager displayManager = (DisplayManager) context.getSystemService( 2319 Context.DISPLAY_SERVICE); 2320 displayManager.getDisplay(Display.DEFAULT_DISPLAY).getMetrics(metrics); 2321 } 2322 2323 /** 2324 * Requests that files preopted on a secondary system partition be copied to the data partition 2325 * if possible. Note that the actual copying of the files is accomplished by init for security 2326 * reasons. This simply requests that the copy takes place and awaits confirmation of its 2327 * completion. See platform/system/extras/cppreopt/ for the implementation of the actual copy. 2328 */ 2329 private static void requestCopyPreoptedFiles() { 2330 final int WAIT_TIME_MS = 100; 2331 final String CP_PREOPT_PROPERTY = "sys.cppreopt"; 2332 if (SystemProperties.getInt("ro.cp_system_other_odex", 0) == 1) { 2333 SystemProperties.set(CP_PREOPT_PROPERTY, "requested"); 2334 // We will wait for up to 100 seconds. 2335 final long timeStart = SystemClock.uptimeMillis(); 2336 final long timeEnd = timeStart + 100 * 1000; 2337 long timeNow = timeStart; 2338 while (!SystemProperties.get(CP_PREOPT_PROPERTY).equals("finished")) { 2339 try { 2340 Thread.sleep(WAIT_TIME_MS); 2341 } catch (InterruptedException e) { 2342 // Do nothing 2343 } 2344 timeNow = SystemClock.uptimeMillis(); 2345 if (timeNow > timeEnd) { 2346 SystemProperties.set(CP_PREOPT_PROPERTY, "timed-out"); 2347 Slog.wtf(TAG, "cppreopt did not finish!"); 2348 break; 2349 } 2350 } 2351 2352 Slog.i(TAG, "cppreopts took " + (timeNow - timeStart) + " ms"); 2353 } 2354 } 2355 2356 public PackageManagerService(Context context, Installer installer, 2357 boolean factoryTest, boolean onlyCore) { 2358 LockGuard.installLock(mPackages, LockGuard.INDEX_PACKAGES); 2359 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "create package manager"); 2360 EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_START, 2361 SystemClock.uptimeMillis()); 2362 2363 if (mSdkVersion <= 0) { 2364 Slog.w(TAG, "**** ro.build.version.sdk not set!"); 2365 } 2366 2367 mContext = context; 2368 2369 mPermissionReviewRequired = context.getResources().getBoolean( 2370 R.bool.config_permissionReviewRequired); 2371 2372 mFactoryTest = factoryTest; 2373 mOnlyCore = onlyCore; 2374 mMetrics = new DisplayMetrics(); 2375 mSettings = new Settings(mPackages); 2376 mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID, 2377 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2378 mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID, 2379 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2380 mSettings.addSharedUserLPw("android.uid.log", LOG_UID, 2381 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2382 mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID, 2383 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2384 mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID, 2385 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2386 mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID, 2387 ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); 2388 2389 String separateProcesses = SystemProperties.get("debug.separate_processes"); 2390 if (separateProcesses != null && separateProcesses.length() > 0) { 2391 if ("*".equals(separateProcesses)) { 2392 mDefParseFlags = PackageParser.PARSE_IGNORE_PROCESSES; 2393 mSeparateProcesses = null; 2394 Slog.w(TAG, "Running with debug.separate_processes: * (ALL)"); 2395 } else { 2396 mDefParseFlags = 0; 2397 mSeparateProcesses = separateProcesses.split(","); 2398 Slog.w(TAG, "Running with debug.separate_processes: " 2399 + separateProcesses); 2400 } 2401 } else { 2402 mDefParseFlags = 0; 2403 mSeparateProcesses = null; 2404 } 2405 2406 mInstaller = installer; 2407 mPackageDexOptimizer = new PackageDexOptimizer(installer, mInstallLock, context, 2408 "*dexopt*"); 2409 mDexManager = new DexManager(this, mPackageDexOptimizer, installer, mInstallLock); 2410 mMoveCallbacks = new MoveCallbacks(FgThread.get().getLooper()); 2411 2412 mOnPermissionChangeListeners = new OnPermissionChangeListeners( 2413 FgThread.get().getLooper()); 2414 2415 getDefaultDisplayMetrics(context, mMetrics); 2416 2417 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "get system config"); 2418 SystemConfig systemConfig = SystemConfig.getInstance(); 2419 mGlobalGids = systemConfig.getGlobalGids(); 2420 mSystemPermissions = systemConfig.getSystemPermissions(); 2421 mAvailableFeatures = systemConfig.getAvailableFeatures(); 2422 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 2423 2424 mProtectedPackages = new ProtectedPackages(mContext); 2425 2426 synchronized (mInstallLock) { 2427 // writer 2428 synchronized (mPackages) { 2429 mHandlerThread = new ServiceThread(TAG, 2430 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/); 2431 mHandlerThread.start(); 2432 mHandler = new PackageHandler(mHandlerThread.getLooper()); 2433 mProcessLoggingHandler = new ProcessLoggingHandler(); 2434 Watchdog.getInstance().addThread(mHandler, WATCHDOG_TIMEOUT); 2435 2436 mDefaultPermissionPolicy = new DefaultPermissionGrantPolicy(this); 2437 mInstantAppRegistry = new InstantAppRegistry(this); 2438 2439 File dataDir = Environment.getDataDirectory(); 2440 mAppInstallDir = new File(dataDir, "app"); 2441 mAppLib32InstallDir = new File(dataDir, "app-lib"); 2442 mAsecInternalPath = new File(dataDir, "app-asec").getPath(); 2443 mDrmAppPrivateInstallDir = new File(dataDir, "app-private"); 2444 sUserManager = new UserManagerService(context, this, 2445 new UserDataPreparer(mInstaller, mInstallLock, mContext, mOnlyCore), mPackages); 2446 2447 // Propagate permission configuration in to package manager. 2448 ArrayMap<String, SystemConfig.PermissionEntry> permConfig 2449 = systemConfig.getPermissions(); 2450 for (int i=0; i<permConfig.size(); i++) { 2451 SystemConfig.PermissionEntry perm = permConfig.valueAt(i); 2452 BasePermission bp = mSettings.mPermissions.get(perm.name); 2453 if (bp == null) { 2454 bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN); 2455 mSettings.mPermissions.put(perm.name, bp); 2456 } 2457 if (perm.gids != null) { 2458 bp.setGids(perm.gids, perm.perUser); 2459 } 2460 } 2461 2462 ArrayMap<String, String> libConfig = systemConfig.getSharedLibraries(); 2463 final int builtInLibCount = libConfig.size(); 2464 for (int i = 0; i < builtInLibCount; i++) { 2465 String name = libConfig.keyAt(i); 2466 String path = libConfig.valueAt(i); 2467 addSharedLibraryLPw(path, null, name, SharedLibraryInfo.VERSION_UNDEFINED, 2468 SharedLibraryInfo.TYPE_BUILTIN, PLATFORM_PACKAGE_NAME, 0); 2469 } 2470 2471 mFoundPolicyFile = SELinuxMMAC.readInstallPolicy(); 2472 2473 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "read user settings"); 2474 mFirstBoot = !mSettings.readLPw(sUserManager.getUsers(false)); 2475 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 2476 2477 // Clean up orphaned packages for which the code path doesn't exist 2478 // and they are an update to a system app - caused by bug/32321269 2479 final int packageSettingCount = mSettings.mPackages.size(); 2480 for (int i = packageSettingCount - 1; i >= 0; i--) { 2481 PackageSetting ps = mSettings.mPackages.valueAt(i); 2482 if (!isExternal(ps) && (ps.codePath == null || !ps.codePath.exists()) 2483 && mSettings.getDisabledSystemPkgLPr(ps.name) != null) { 2484 mSettings.mPackages.removeAt(i); 2485 mSettings.enableSystemPackageLPw(ps.name); 2486 } 2487 } 2488 2489 if (mFirstBoot) { 2490 requestCopyPreoptedFiles(); 2491 } 2492 2493 String customResolverActivity = Resources.getSystem().getString( 2494 R.string.config_customResolverActivity); 2495 if (TextUtils.isEmpty(customResolverActivity)) { 2496 customResolverActivity = null; 2497 } else { 2498 mCustomResolverComponentName = ComponentName.unflattenFromString( 2499 customResolverActivity); 2500 } 2501 2502 long startTime = SystemClock.uptimeMillis(); 2503 2504 EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SYSTEM_SCAN_START, 2505 startTime); 2506 2507 final String bootClassPath = System.getenv("BOOTCLASSPATH"); 2508 final String systemServerClassPath = System.getenv("SYSTEMSERVERCLASSPATH"); 2509 2510 if (bootClassPath == null) { 2511 Slog.w(TAG, "No BOOTCLASSPATH found!"); 2512 } 2513 2514 if (systemServerClassPath == null) { 2515 Slog.w(TAG, "No SYSTEMSERVERCLASSPATH found!"); 2516 } 2517 2518 File frameworkDir = new File(Environment.getRootDirectory(), "framework"); 2519 2520 final VersionInfo ver = mSettings.getInternalVersion(); 2521 mIsUpgrade = !Build.FINGERPRINT.equals(ver.fingerprint); 2522 if (mIsUpgrade) { 2523 logCriticalInfo(Log.INFO, 2524 "Upgrading from " + ver.fingerprint + " to " + Build.FINGERPRINT); 2525 } 2526 2527 // when upgrading from pre-M, promote system app permissions from install to runtime 2528 mPromoteSystemApps = 2529 mIsUpgrade && ver.sdkVersion <= Build.VERSION_CODES.LOLLIPOP_MR1; 2530 2531 // When upgrading from pre-N, we need to handle package extraction like first boot, 2532 // as there is no profiling data available. 2533 mIsPreNUpgrade = mIsUpgrade && ver.sdkVersion < Build.VERSION_CODES.N; 2534 2535 mIsPreNMR1Upgrade = mIsUpgrade && ver.sdkVersion < Build.VERSION_CODES.N_MR1; 2536 2537 // save off the names of pre-existing system packages prior to scanning; we don't 2538 // want to automatically grant runtime permissions for new system apps 2539 if (mPromoteSystemApps) { 2540 Iterator<PackageSetting> pkgSettingIter = mSettings.mPackages.values().iterator(); 2541 while (pkgSettingIter.hasNext()) { 2542 PackageSetting ps = pkgSettingIter.next(); 2543 if (isSystemApp(ps)) { 2544 mExistingSystemPackages.add(ps.name); 2545 } 2546 } 2547 } 2548 2549 mCacheDir = preparePackageParserCache(mIsUpgrade); 2550 2551 // Set flag to monitor and not change apk file paths when 2552 // scanning install directories. 2553 int scanFlags = SCAN_BOOTING | SCAN_INITIAL; 2554 2555 if (mIsUpgrade || mFirstBoot) { 2556 scanFlags = scanFlags | SCAN_FIRST_BOOT_OR_UPGRADE; 2557 } 2558 2559 // Collect vendor overlay packages. (Do this before scanning any apps.) 2560 // For security and version matching reason, only consider 2561 // overlay packages if they reside in the right directory. 2562 scanDirTracedLI(new File(VENDOR_OVERLAY_DIR), mDefParseFlags 2563 | PackageParser.PARSE_IS_SYSTEM 2564 | PackageParser.PARSE_IS_SYSTEM_DIR 2565 | PackageParser.PARSE_TRUSTED_OVERLAY, scanFlags | SCAN_TRUSTED_OVERLAY, 0); 2566 2567 mParallelPackageParserCallback.findStaticOverlayPackages(); 2568 2569 // Find base frameworks (resource packages without code). 2570 scanDirTracedLI(frameworkDir, mDefParseFlags 2571 | PackageParser.PARSE_IS_SYSTEM 2572 | PackageParser.PARSE_IS_SYSTEM_DIR 2573 | PackageParser.PARSE_IS_PRIVILEGED, 2574 scanFlags | SCAN_NO_DEX, 0); 2575 2576 // Collected privileged system packages. 2577 final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app"); 2578 scanDirTracedLI(privilegedAppDir, mDefParseFlags 2579 | PackageParser.PARSE_IS_SYSTEM 2580 | PackageParser.PARSE_IS_SYSTEM_DIR 2581 | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0); 2582 2583 // Collect ordinary system packages. 2584 final File systemAppDir = new File(Environment.getRootDirectory(), "app"); 2585 scanDirTracedLI(systemAppDir, mDefParseFlags 2586 | PackageParser.PARSE_IS_SYSTEM 2587 | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); 2588 2589 // Collect all vendor packages. 2590 File vendorAppDir = new File("/vendor/app"); 2591 try { 2592 vendorAppDir = vendorAppDir.getCanonicalFile(); 2593 } catch (IOException e) { 2594 // failed to look up canonical path, continue with original one 2595 } 2596 scanDirTracedLI(vendorAppDir, mDefParseFlags 2597 | PackageParser.PARSE_IS_SYSTEM 2598 | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); 2599 2600 // Collect all OEM packages. 2601 final File oemAppDir = new File(Environment.getOemDirectory(), "app"); 2602 scanDirTracedLI(oemAppDir, mDefParseFlags 2603 | PackageParser.PARSE_IS_SYSTEM 2604 | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); 2605 2606 // Prune any system packages that no longer exist. 2607 final List<String> possiblyDeletedUpdatedSystemApps = new ArrayList<String>(); 2608 if (!mOnlyCore) { 2609 Iterator<PackageSetting> psit = mSettings.mPackages.values().iterator(); 2610 while (psit.hasNext()) { 2611 PackageSetting ps = psit.next(); 2612 2613 /* 2614 * If this is not a system app, it can't be a 2615 * disable system app. 2616 */ 2617 if ((ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { 2618 continue; 2619 } 2620 2621 /* 2622 * If the package is scanned, it's not erased. 2623 */ 2624 final PackageParser.Package scannedPkg = mPackages.get(ps.name); 2625 if (scannedPkg != null) { 2626 /* 2627 * If the system app is both scanned and in the 2628 * disabled packages list, then it must have been 2629 * added via OTA. Remove it from the currently 2630 * scanned package so the previously user-installed 2631 * application can be scanned. 2632 */ 2633 if (mSettings.isDisabledSystemPackageLPr(ps.name)) { 2634 logCriticalInfo(Log.WARN, "Expecting better updated system app for " 2635 + ps.name + "; removing system app. Last known codePath=" 2636 + ps.codePathString + ", installStatus=" + ps.installStatus 2637 + ", versionCode=" + ps.versionCode + "; scanned versionCode=" 2638 + scannedPkg.mVersionCode); 2639 removePackageLI(scannedPkg, true); 2640 mExpectingBetter.put(ps.name, ps.codePath); 2641 } 2642 2643 continue; 2644 } 2645 2646 if (!mSettings.isDisabledSystemPackageLPr(ps.name)) { 2647 psit.remove(); 2648 logCriticalInfo(Log.WARN, "System package " + ps.name 2649 + " no longer exists; it's data will be wiped"); 2650 // Actual deletion of code and data will be handled by later 2651 // reconciliation step 2652 } else { 2653 final PackageSetting disabledPs = mSettings.getDisabledSystemPkgLPr(ps.name); 2654 if (disabledPs.codePath == null || !disabledPs.codePath.exists()) { 2655 possiblyDeletedUpdatedSystemApps.add(ps.name); 2656 } 2657 } 2658 } 2659 } 2660 2661 //look for any incomplete package installations 2662 ArrayList<PackageSetting> deletePkgsList = mSettings.getListOfIncompleteInstallPackagesLPr(); 2663 for (int i = 0; i < deletePkgsList.size(); i++) { 2664 // Actual deletion of code and data will be handled by later 2665 // reconciliation step 2666 final String packageName = deletePkgsList.get(i).name; 2667 logCriticalInfo(Log.WARN, "Cleaning up incompletely installed app: " + packageName); 2668 synchronized (mPackages) { 2669 mSettings.removePackageLPw(packageName); 2670 } 2671 } 2672 2673 //delete tmp files 2674 deleteTempPackageFiles(); 2675 2676 // Remove any shared userIDs that have no associated packages 2677 mSettings.pruneSharedUsersLPw(); 2678 2679 if (!mOnlyCore) { 2680 EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_DATA_SCAN_START, 2681 SystemClock.uptimeMillis()); 2682 scanDirTracedLI(mAppInstallDir, 0, scanFlags | SCAN_REQUIRE_KNOWN, 0); 2683 2684 scanDirTracedLI(mDrmAppPrivateInstallDir, mDefParseFlags 2685 | PackageParser.PARSE_FORWARD_LOCK, 2686 scanFlags | SCAN_REQUIRE_KNOWN, 0); 2687 2688 /** 2689 * Remove disable package settings for any updated system 2690 * apps that were removed via an OTA. If they're not a 2691 * previously-updated app, remove them completely. 2692 * Otherwise, just revoke their system-level permissions. 2693 */ 2694 for (String deletedAppName : possiblyDeletedUpdatedSystemApps) { 2695 PackageParser.Package deletedPkg = mPackages.get(deletedAppName); 2696 mSettings.removeDisabledSystemPackageLPw(deletedAppName); 2697 2698 String msg; 2699 if (deletedPkg == null) { 2700 msg = "Updated system package " + deletedAppName 2701 + " no longer exists; it's data will be wiped"; 2702 // Actual deletion of code and data will be handled by later 2703 // reconciliation step 2704 } else { 2705 msg = "Updated system app + " + deletedAppName 2706 + " no longer present; removing system privileges for " 2707 + deletedAppName; 2708 2709 deletedPkg.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM; 2710 2711 PackageSetting deletedPs = mSettings.mPackages.get(deletedAppName); 2712 deletedPs.pkgFlags &= ~ApplicationInfo.FLAG_SYSTEM; 2713 } 2714 logCriticalInfo(Log.WARN, msg); 2715 } 2716 2717 /** 2718 * Make sure all system apps that we expected to appear on 2719 * the userdata partition actually showed up. If they never 2720 * appeared, crawl back and revive the system version. 2721 */ 2722 for (int i = 0; i < mExpectingBetter.size(); i++) { 2723 final String packageName = mExpectingBetter.keyAt(i); 2724 if (!mPackages.containsKey(packageName)) { 2725 final File scanFile = mExpectingBetter.valueAt(i); 2726 2727 logCriticalInfo(Log.WARN, "Expected better " + packageName 2728 + " but never showed up; reverting to system"); 2729 2730 int reparseFlags = mDefParseFlags; 2731 if (FileUtils.contains(privilegedAppDir, scanFile)) { 2732 reparseFlags = PackageParser.PARSE_IS_SYSTEM 2733 | PackageParser.PARSE_IS_SYSTEM_DIR 2734 | PackageParser.PARSE_IS_PRIVILEGED; 2735 } else if (FileUtils.contains(systemAppDir, scanFile)) { 2736 reparseFlags = PackageParser.PARSE_IS_SYSTEM 2737 | PackageParser.PARSE_IS_SYSTEM_DIR; 2738 } else if (FileUtils.contains(vendorAppDir, scanFile)) { 2739 reparseFlags = PackageParser.PARSE_IS_SYSTEM 2740 | PackageParser.PARSE_IS_SYSTEM_DIR; 2741 } else if (FileUtils.contains(oemAppDir, scanFile)) { 2742 reparseFlags = PackageParser.PARSE_IS_SYSTEM 2743 | PackageParser.PARSE_IS_SYSTEM_DIR; 2744 } else { 2745 Slog.e(TAG, "Ignoring unexpected fallback path " + scanFile); 2746 continue; 2747 } 2748 2749 mSettings.enableSystemPackageLPw(packageName); 2750 2751 try { 2752 scanPackageTracedLI(scanFile, reparseFlags, scanFlags, 0, null); 2753 } catch (PackageManagerException e) { 2754 Slog.e(TAG, "Failed to parse original system package: " 2755 + e.getMessage()); 2756 } 2757 } 2758 } 2759 } 2760 mExpectingBetter.clear(); 2761 2762 // Resolve the storage manager. 2763 mStorageManagerPackage = getStorageManagerPackageName(); 2764 2765 // Resolve protected action filters. Only the setup wizard is allowed to 2766 // have a high priority filter for these actions. 2767 mSetupWizardPackage = getSetupWizardPackageName(); 2768 if (mProtectedFilters.size() > 0) { 2769 if (DEBUG_FILTERS && mSetupWizardPackage == null) { 2770 Slog.i(TAG, "No setup wizard;" 2771 + " All protected intents capped to priority 0"); 2772 } 2773 for (ActivityIntentInfo filter : mProtectedFilters) { 2774 if (filter.activity.info.packageName.equals(mSetupWizardPackage)) { 2775 if (DEBUG_FILTERS) { 2776 Slog.i(TAG, "Found setup wizard;" 2777 + " allow priority " + filter.getPriority() + ";" 2778 + " package: " + filter.activity.info.packageName 2779 + " activity: " + filter.activity.className 2780 + " priority: " + filter.getPriority()); 2781 } 2782 // skip setup wizard; allow it to keep the high priority filter 2783 continue; 2784 } 2785 Slog.w(TAG, "Protected action; cap priority to 0;" 2786 + " package: " + filter.activity.info.packageName 2787 + " activity: " + filter.activity.className 2788 + " origPrio: " + filter.getPriority()); 2789 filter.setPriority(0); 2790 } 2791 } 2792 mDeferProtectedFilters = false; 2793 mProtectedFilters.clear(); 2794 2795 // Now that we know all of the shared libraries, update all clients to have 2796 // the correct library paths. 2797 updateAllSharedLibrariesLPw(null); 2798 2799 for (SharedUserSetting setting : mSettings.getAllSharedUsersLPw()) { 2800 // NOTE: We ignore potential failures here during a system scan (like 2801 // the rest of the commands above) because there's precious little we 2802 // can do about it. A settings error is reported, though. 2803 adjustCpuAbisForSharedUserLPw(setting.packages, null /*scannedPackage*/); 2804 } 2805 2806 // Now that we know all the packages we are keeping, 2807 // read and update their last usage times. 2808 mPackageUsage.read(mPackages); 2809 mCompilerStats.read(); 2810 2811 EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SCAN_END, 2812 SystemClock.uptimeMillis()); 2813 Slog.i(TAG, "Time to scan packages: " 2814 + ((SystemClock.uptimeMillis()-startTime)/1000f) 2815 + " seconds"); 2816 2817 // If the platform SDK has changed since the last time we booted, 2818 // we need to re-grant app permission to catch any new ones that 2819 // appear. This is really a hack, and means that apps can in some 2820 // cases get permissions that the user didn't initially explicitly 2821 // allow... it would be nice to have some better way to handle 2822 // this situation. 2823 int updateFlags = UPDATE_PERMISSIONS_ALL; 2824 if (ver.sdkVersion != mSdkVersion) { 2825 Slog.i(TAG, "Platform changed from " + ver.sdkVersion + " to " 2826 + mSdkVersion + "; regranting permissions for internal storage"); 2827 updateFlags |= UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL; 2828 } 2829 updatePermissionsLPw(null, null, StorageManager.UUID_PRIVATE_INTERNAL, updateFlags); 2830 ver.sdkVersion = mSdkVersion; 2831 2832 // If this is the first boot or an update from pre-M, and it is a normal 2833 // boot, then we need to initialize the default preferred apps across 2834 // all defined users. 2835 if (!onlyCore && (mPromoteSystemApps || mFirstBoot)) { 2836 for (UserInfo user : sUserManager.getUsers(true)) { 2837 mSettings.applyDefaultPreferredAppsLPw(this, user.id); 2838 applyFactoryDefaultBrowserLPw(user.id); 2839 primeDomainVerificationsLPw(user.id); 2840 } 2841 } 2842 2843 // Prepare storage for system user really early during boot, 2844 // since core system apps like SettingsProvider and SystemUI 2845 // can't wait for user to start 2846 final int storageFlags; 2847 if (StorageManager.isFileEncryptedNativeOrEmulated()) { 2848 storageFlags = StorageManager.FLAG_STORAGE_DE; 2849 } else { 2850 storageFlags = StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE; 2851 } 2852 List<String> deferPackages = reconcileAppsDataLI(StorageManager.UUID_PRIVATE_INTERNAL, 2853 UserHandle.USER_SYSTEM, storageFlags, true /* migrateAppData */, 2854 true /* onlyCoreApps */); 2855 mPrepareAppDataFuture = SystemServerInitThreadPool.get().submit(() -> { 2856 BootTimingsTraceLog traceLog = new BootTimingsTraceLog("SystemServerTimingAsync", 2857 Trace.TRACE_TAG_PACKAGE_MANAGER); 2858 traceLog.traceBegin("AppDataFixup"); 2859 try { 2860 mInstaller.fixupAppData(StorageManager.UUID_PRIVATE_INTERNAL, 2861 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE); 2862 } catch (InstallerException e) { 2863 Slog.w(TAG, "Trouble fixing GIDs", e); 2864 } 2865 traceLog.traceEnd(); 2866 2867 traceLog.traceBegin("AppDataPrepare"); 2868 if (deferPackages == null || deferPackages.isEmpty()) { 2869 return; 2870 } 2871 int count = 0; 2872 for (String pkgName : deferPackages) { 2873 PackageParser.Package pkg = null; 2874 synchronized (mPackages) { 2875 PackageSetting ps = mSettings.getPackageLPr(pkgName); 2876 if (ps != null && ps.getInstalled(UserHandle.USER_SYSTEM)) { 2877 pkg = ps.pkg; 2878 } 2879 } 2880 if (pkg != null) { 2881 synchronized (mInstallLock) { 2882 prepareAppDataAndMigrateLIF(pkg, UserHandle.USER_SYSTEM, storageFlags, 2883 true /* maybeMigrateAppData */); 2884 } 2885 count++; 2886 } 2887 } 2888 traceLog.traceEnd(); 2889 Slog.i(TAG, "Deferred reconcileAppsData finished " + count + " packages"); 2890 }, "prepareAppData"); 2891 2892 // If this is first boot after an OTA, and a normal boot, then 2893 // we need to clear code cache directories. 2894 // Note that we do *not* clear the application profiles. These remain valid 2895 // across OTAs and are used to drive profile verification (post OTA) and 2896 // profile compilation (without waiting to collect a fresh set of profiles). 2897 if (mIsUpgrade && !onlyCore) { 2898 Slog.i(TAG, "Build fingerprint changed; clearing code caches"); 2899 for (int i = 0; i < mSettings.mPackages.size(); i++) { 2900 final PackageSetting ps = mSettings.mPackages.valueAt(i); 2901 if (Objects.equals(StorageManager.UUID_PRIVATE_INTERNAL, ps.volumeUuid)) { 2902 // No apps are running this early, so no need to freeze 2903 clearAppDataLIF(ps.pkg, UserHandle.USER_ALL, 2904 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE 2905 | Installer.FLAG_CLEAR_CODE_CACHE_ONLY); 2906 } 2907 } 2908 ver.fingerprint = Build.FINGERPRINT; 2909 } 2910 2911 checkDefaultBrowser(); 2912 2913 // clear only after permissions and other defaults have been updated 2914 mExistingSystemPackages.clear(); 2915 mPromoteSystemApps = false; 2916 2917 // All the changes are done during package scanning. 2918 ver.databaseVersion = Settings.CURRENT_DATABASE_VERSION; 2919 2920 // can downgrade to reader 2921 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "write settings"); 2922 mSettings.writeLPr(); 2923 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 2924 2925 EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, 2926 SystemClock.uptimeMillis()); 2927 2928 if (!mOnlyCore) { 2929 mRequiredVerifierPackage = getRequiredButNotReallyRequiredVerifierLPr(); 2930 mRequiredInstallerPackage = getRequiredInstallerLPr(); 2931 mRequiredUninstallerPackage = getRequiredUninstallerLPr(); 2932 mIntentFilterVerifierComponent = getIntentFilterVerifierComponentNameLPr(); 2933 if (mIntentFilterVerifierComponent != null) { 2934 mIntentFilterVerifier = new IntentVerifierProxy(mContext, 2935 mIntentFilterVerifierComponent); 2936 } else { 2937 mIntentFilterVerifier = null; 2938 } 2939 mServicesSystemSharedLibraryPackageName = getRequiredSharedLibraryLPr( 2940 PackageManager.SYSTEM_SHARED_LIBRARY_SERVICES, 2941 SharedLibraryInfo.VERSION_UNDEFINED); 2942 mSharedSystemSharedLibraryPackageName = getRequiredSharedLibraryLPr( 2943 PackageManager.SYSTEM_SHARED_LIBRARY_SHARED, 2944 SharedLibraryInfo.VERSION_UNDEFINED); 2945 } else { 2946 mRequiredVerifierPackage = null; 2947 mRequiredInstallerPackage = null; 2948 mRequiredUninstallerPackage = null; 2949 mIntentFilterVerifierComponent = null; 2950 mIntentFilterVerifier = null; 2951 mServicesSystemSharedLibraryPackageName = null; 2952 mSharedSystemSharedLibraryPackageName = null; 2953 } 2954 2955 mInstallerService = new PackageInstallerService(context, this); 2956 final Pair<ComponentName, String> instantAppResolverComponent = 2957 getInstantAppResolverLPr(); 2958 if (instantAppResolverComponent != null) { 2959 if (DEBUG_EPHEMERAL) { 2960 Slog.d(TAG, "Set ephemeral resolver: " + instantAppResolverComponent); 2961 } 2962 mInstantAppResolverConnection = new EphemeralResolverConnection( 2963 mContext, instantAppResolverComponent.first, 2964 instantAppResolverComponent.second); 2965 mInstantAppResolverSettingsComponent = 2966 getInstantAppResolverSettingsLPr(instantAppResolverComponent.first); 2967 } else { 2968 mInstantAppResolverConnection = null; 2969 mInstantAppResolverSettingsComponent = null; 2970 } 2971 updateInstantAppInstallerLocked(null); 2972 2973 // Read and update the usage of dex files. 2974 // Do this at the end of PM init so that all the packages have their 2975 // data directory reconciled. 2976 // At this point we know the code paths of the packages, so we can validate 2977 // the disk file and build the internal cache. 2978 // The usage file is expected to be small so loading and verifying it 2979 // should take a fairly small time compare to the other activities (e.g. package 2980 // scanning). 2981 final Map<Integer, List<PackageInfo>> userPackages = new HashMap<>(); 2982 final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); 2983 for (int userId : currentUserIds) { 2984 userPackages.put(userId, getInstalledPackages(/*flags*/ 0, userId).getList()); 2985 } 2986 mDexManager.load(userPackages); 2987 } // synchronized (mPackages) 2988 } // synchronized (mInstallLock) 2989 2990 // Now after opening every single application zip, make sure they 2991 // are all flushed. Not really needed, but keeps things nice and 2992 // tidy. 2993 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "GC"); 2994 Runtime.getRuntime().gc(); 2995 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 2996 2997 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "loadFallbacks"); 2998 FallbackCategoryProvider.loadFallbacks(); 2999 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 3000 3001 // The initial scanning above does many calls into installd while 3002 // holding the mPackages lock, but we're mostly interested in yelling 3003 // once we have a booted system. 3004 mInstaller.setWarnIfHeld(mPackages); 3005 3006 // Expose private service for system components to use. 3007 LocalServices.addService(PackageManagerInternal.class, new PackageManagerInternalImpl()); 3008 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 3009 } 3010 3011 private void updateInstantAppInstallerLocked(String modifiedPackage) { 3012 // we're only interested in updating the installer appliction when 1) it's not 3013 // already set or 2) the modified package is the installer 3014 if (mInstantAppInstallerActivity != null 3015 && !mInstantAppInstallerActivity.getComponentName().getPackageName() 3016 .equals(modifiedPackage)) { 3017 return; 3018 } 3019 setUpInstantAppInstallerActivityLP(getInstantAppInstallerLPr()); 3020 } 3021 3022 private static File preparePackageParserCache(boolean isUpgrade) { 3023 if (!DEFAULT_PACKAGE_PARSER_CACHE_ENABLED) { 3024 return null; 3025 } 3026 3027 // Disable package parsing on eng builds to allow for faster incremental development. 3028 if ("eng".equals(Build.TYPE)) { 3029 return null; 3030 } 3031 3032 if (SystemProperties.getBoolean("pm.boot.disable_package_cache", false)) { 3033 Slog.i(TAG, "Disabling package parser cache due to system property."); 3034 return null; 3035 } 3036 3037 // The base directory for the package parser cache lives under /data/system/. 3038 final File cacheBaseDir = FileUtils.createDir(Environment.getDataSystemDirectory(), 3039 "package_cache"); 3040 if (cacheBaseDir == null) { 3041 return null; 3042 } 3043 3044 // If this is a system upgrade scenario, delete the contents of the package cache dir. 3045 // This also serves to "GC" unused entries when the package cache version changes (which 3046 // can only happen during upgrades). 3047 if (isUpgrade) { 3048 FileUtils.deleteContents(cacheBaseDir); 3049 } 3050 3051 3052 // Return the versioned package cache directory. This is something like 3053 // "/data/system/package_cache/1" 3054 File cacheDir = FileUtils.createDir(cacheBaseDir, PACKAGE_PARSER_CACHE_VERSION); 3055 3056 // The following is a workaround to aid development on non-numbered userdebug 3057 // builds or cases where "adb sync" is used on userdebug builds. If we detect that 3058 // the system partition is newer. 3059 // 3060 // NOTE: When no BUILD_NUMBER is set by the build system, it defaults to a build 3061 // that starts with "eng." to signify that this is an engineering build and not 3062 // destined for release. 3063 if ("userdebug".equals(Build.TYPE) && Build.VERSION.INCREMENTAL.startsWith("eng.")) { 3064 Slog.w(TAG, "Wiping cache directory because the system partition changed."); 3065 3066 // Heuristic: If the /system directory has been modified recently due to an "adb sync" 3067 // or a regular make, then blow away the cache. Note that mtimes are *NOT* reliable 3068 // in general and should not be used for production changes. In this specific case, 3069 // we know that they will work. 3070 File frameworkDir = new File(Environment.getRootDirectory(), "framework"); 3071 if (cacheDir.lastModified() < frameworkDir.lastModified()) { 3072 FileUtils.deleteContents(cacheBaseDir); 3073 cacheDir = FileUtils.createDir(cacheBaseDir, PACKAGE_PARSER_CACHE_VERSION); 3074 } 3075 } 3076 3077 return cacheDir; 3078 } 3079 3080 @Override 3081 public boolean isFirstBoot() { 3082 return mFirstBoot; 3083 } 3084 3085 @Override 3086 public boolean isOnlyCoreApps() { 3087 return mOnlyCore; 3088 } 3089 3090 @Override 3091 public boolean isUpgrade() { 3092 return mIsUpgrade; 3093 } 3094 3095 private @Nullable String getRequiredButNotReallyRequiredVerifierLPr() { 3096 final Intent intent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 3097 3098 final List<ResolveInfo> matches = queryIntentReceiversInternal(intent, PACKAGE_MIME_TYPE, 3099 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, 3100 UserHandle.USER_SYSTEM); 3101 if (matches.size() == 1) { 3102 return matches.get(0).getComponentInfo().packageName; 3103 } else if (matches.size() == 0) { 3104 Log.e(TAG, "There should probably be a verifier, but, none were found"); 3105 return null; 3106 } 3107 throw new RuntimeException("There must be exactly one verifier; found " + matches); 3108 } 3109 3110 private @NonNull String getRequiredSharedLibraryLPr(String name, int version) { 3111 synchronized (mPackages) { 3112 SharedLibraryEntry libraryEntry = getSharedLibraryEntryLPr(name, version); 3113 if (libraryEntry == null) { 3114 throw new IllegalStateException("Missing required shared library:" + name); 3115 } 3116 return libraryEntry.apk; 3117 } 3118 } 3119 3120 private @NonNull String getRequiredInstallerLPr() { 3121 final Intent intent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 3122 intent.addCategory(Intent.CATEGORY_DEFAULT); 3123 intent.setDataAndType(Uri.fromFile(new File("foo.apk")), PACKAGE_MIME_TYPE); 3124 3125 final List<ResolveInfo> matches = queryIntentActivitiesInternal(intent, PACKAGE_MIME_TYPE, 3126 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, 3127 UserHandle.USER_SYSTEM); 3128 if (matches.size() == 1) { 3129 ResolveInfo resolveInfo = matches.get(0); 3130 if (!resolveInfo.activityInfo.applicationInfo.isPrivilegedApp()) { 3131 throw new RuntimeException("The installer must be a privileged app"); 3132 } 3133 return matches.get(0).getComponentInfo().packageName; 3134 } else { 3135 throw new RuntimeException("There must be exactly one installer; found " + matches); 3136 } 3137 } 3138 3139 private @NonNull String getRequiredUninstallerLPr() { 3140 final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE); 3141 intent.addCategory(Intent.CATEGORY_DEFAULT); 3142 intent.setData(Uri.fromParts(PACKAGE_SCHEME, "foo.bar", null)); 3143 3144 final ResolveInfo resolveInfo = resolveIntent(intent, null, 3145 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, 3146 UserHandle.USER_SYSTEM); 3147 if (resolveInfo == null || 3148 mResolveActivity.name.equals(resolveInfo.getComponentInfo().name)) { 3149 throw new RuntimeException("There must be exactly one uninstaller; found " 3150 + resolveInfo); 3151 } 3152 return resolveInfo.getComponentInfo().packageName; 3153 } 3154 3155 private @NonNull ComponentName getIntentFilterVerifierComponentNameLPr() { 3156 final Intent intent = new Intent(Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION); 3157 3158 final List<ResolveInfo> matches = queryIntentReceiversInternal(intent, PACKAGE_MIME_TYPE, 3159 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, 3160 UserHandle.USER_SYSTEM); 3161 ResolveInfo best = null; 3162 final int N = matches.size(); 3163 for (int i = 0; i < N; i++) { 3164 final ResolveInfo cur = matches.get(i); 3165 final String packageName = cur.getComponentInfo().packageName; 3166 if (checkPermission(android.Manifest.permission.INTENT_FILTER_VERIFICATION_AGENT, 3167 packageName, UserHandle.USER_SYSTEM) != PackageManager.PERMISSION_GRANTED) { 3168 continue; 3169 } 3170 3171 if (best == null || cur.priority > best.priority) { 3172 best = cur; 3173 } 3174 } 3175 3176 if (best != null) { 3177 return best.getComponentInfo().getComponentName(); 3178 } 3179 Slog.w(TAG, "Intent filter verifier not found"); 3180 return null; 3181 } 3182 3183 private @Nullable Pair<ComponentName, String> getInstantAppResolverLPr() { 3184 final String[] packageArray = 3185 mContext.getResources().getStringArray(R.array.config_ephemeralResolverPackage); 3186 if (packageArray.length == 0 && !Build.IS_DEBUGGABLE) { 3187 if (DEBUG_EPHEMERAL) { 3188 Slog.d(TAG, "Ephemeral resolver NOT found; empty package list"); 3189 } 3190 return null; 3191 } 3192 3193 final int callingUid = Binder.getCallingUid(); 3194 final int resolveFlags = 3195 MATCH_DIRECT_BOOT_AWARE 3196 | MATCH_DIRECT_BOOT_UNAWARE 3197 | (!Build.IS_DEBUGGABLE ? MATCH_SYSTEM_ONLY : 0); 3198 String actionName = Intent.ACTION_RESOLVE_INSTANT_APP_PACKAGE; 3199 final Intent resolverIntent = new Intent(actionName); 3200 List<ResolveInfo> resolvers = queryIntentServicesInternal(resolverIntent, null, 3201 resolveFlags, UserHandle.USER_SYSTEM, callingUid, false /*includeInstantApps*/); 3202 // temporarily look for the old action 3203 if (resolvers.size() == 0) { 3204 if (DEBUG_EPHEMERAL) { 3205 Slog.d(TAG, "Ephemeral resolver not found with new action; try old one"); 3206 } 3207 actionName = Intent.ACTION_RESOLVE_EPHEMERAL_PACKAGE; 3208 resolverIntent.setAction(actionName); 3209 resolvers = queryIntentServicesInternal(resolverIntent, null, 3210 resolveFlags, UserHandle.USER_SYSTEM, callingUid, false /*includeInstantApps*/); 3211 } 3212 final int N = resolvers.size(); 3213 if (N == 0) { 3214 if (DEBUG_EPHEMERAL) { 3215 Slog.d(TAG, "Ephemeral resolver NOT found; no matching intent filters"); 3216 } 3217 return null; 3218 } 3219 3220 final Set<String> possiblePackages = new ArraySet<>(Arrays.asList(packageArray)); 3221 for (int i = 0; i < N; i++) { 3222 final ResolveInfo info = resolvers.get(i); 3223 3224 if (info.serviceInfo == null) { 3225 continue; 3226 } 3227 3228 final String packageName = info.serviceInfo.packageName; 3229 if (!possiblePackages.contains(packageName) && !Build.IS_DEBUGGABLE) { 3230 if (DEBUG_EPHEMERAL) { 3231 Slog.d(TAG, "Ephemeral resolver not in allowed package list;" 3232 + " pkg: " + packageName + ", info:" + info); 3233 } 3234 continue; 3235 } 3236 3237 if (DEBUG_EPHEMERAL) { 3238 Slog.v(TAG, "Ephemeral resolver found;" 3239 + " pkg: " + packageName + ", info:" + info); 3240 } 3241 return new Pair<>(new ComponentName(packageName, info.serviceInfo.name), actionName); 3242 } 3243 if (DEBUG_EPHEMERAL) { 3244 Slog.v(TAG, "Ephemeral resolver NOT found"); 3245 } 3246 return null; 3247 } 3248 3249 private @Nullable ActivityInfo getInstantAppInstallerLPr() { 3250 final Intent intent = new Intent(Intent.ACTION_INSTALL_INSTANT_APP_PACKAGE); 3251 intent.addCategory(Intent.CATEGORY_DEFAULT); 3252 intent.setDataAndType(Uri.fromFile(new File("foo.apk")), PACKAGE_MIME_TYPE); 3253 3254 final int resolveFlags = 3255 MATCH_DIRECT_BOOT_AWARE 3256 | MATCH_DIRECT_BOOT_UNAWARE 3257 | (!Build.IS_DEBUGGABLE ? MATCH_SYSTEM_ONLY : 0); 3258 List<ResolveInfo> matches = queryIntentActivitiesInternal(intent, PACKAGE_MIME_TYPE, 3259 resolveFlags, UserHandle.USER_SYSTEM); 3260 // temporarily look for the old action 3261 if (matches.isEmpty()) { 3262 if (DEBUG_EPHEMERAL) { 3263 Slog.d(TAG, "Ephemeral installer not found with new action; try old one"); 3264 } 3265 intent.setAction(Intent.ACTION_INSTALL_EPHEMERAL_PACKAGE); 3266 matches = queryIntentActivitiesInternal(intent, PACKAGE_MIME_TYPE, 3267 resolveFlags, UserHandle.USER_SYSTEM); 3268 } 3269 Iterator<ResolveInfo> iter = matches.iterator(); 3270 while (iter.hasNext()) { 3271 final ResolveInfo rInfo = iter.next(); 3272 final PackageSetting ps = mSettings.mPackages.get(rInfo.activityInfo.packageName); 3273 if (ps != null) { 3274 final PermissionsState permissionsState = ps.getPermissionsState(); 3275 if (permissionsState.hasPermission(Manifest.permission.INSTALL_PACKAGES, 0)) { 3276 continue; 3277 } 3278 } 3279 iter.remove(); 3280 } 3281 if (matches.size() == 0) { 3282 return null; 3283 } else if (matches.size() == 1) { 3284 return (ActivityInfo) matches.get(0).getComponentInfo(); 3285 } else { 3286 throw new RuntimeException( 3287 "There must be at most one ephemeral installer; found " + matches); 3288 } 3289 } 3290 3291 private @Nullable ComponentName getInstantAppResolverSettingsLPr( 3292 @NonNull ComponentName resolver) { 3293 final Intent intent = new Intent(Intent.ACTION_INSTANT_APP_RESOLVER_SETTINGS) 3294 .addCategory(Intent.CATEGORY_DEFAULT) 3295 .setPackage(resolver.getPackageName()); 3296 final int resolveFlags = MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE; 3297 List<ResolveInfo> matches = queryIntentActivitiesInternal(intent, null, resolveFlags, 3298 UserHandle.USER_SYSTEM); 3299 // temporarily look for the old action 3300 if (matches.isEmpty()) { 3301 if (DEBUG_EPHEMERAL) { 3302 Slog.d(TAG, "Ephemeral resolver settings not found with new action; try old one"); 3303 } 3304 intent.setAction(Intent.ACTION_EPHEMERAL_RESOLVER_SETTINGS); 3305 matches = queryIntentActivitiesInternal(intent, null, resolveFlags, 3306 UserHandle.USER_SYSTEM); 3307 } 3308 if (matches.isEmpty()) { 3309 return null; 3310 } 3311 return matches.get(0).getComponentInfo().getComponentName(); 3312 } 3313 3314 private void primeDomainVerificationsLPw(int userId) { 3315 if (DEBUG_DOMAIN_VERIFICATION) { 3316 Slog.d(TAG, "Priming domain verifications in user " + userId); 3317 } 3318 3319 SystemConfig systemConfig = SystemConfig.getInstance(); 3320 ArraySet<String> packages = systemConfig.getLinkedApps(); 3321 3322 for (String packageName : packages) { 3323 PackageParser.Package pkg = mPackages.get(packageName); 3324 if (pkg != null) { 3325 if (!pkg.isSystemApp()) { 3326 Slog.w(TAG, "Non-system app '" + packageName + "' in sysconfig <app-link>"); 3327 continue; 3328 } 3329 3330 ArraySet<String> domains = null; 3331 for (PackageParser.Activity a : pkg.activities) { 3332 for (ActivityIntentInfo filter : a.intents) { 3333 if (hasValidDomains(filter)) { 3334 if (domains == null) { 3335 domains = new ArraySet<String>(); 3336 } 3337 domains.addAll(filter.getHostsList()); 3338 } 3339 } 3340 } 3341 3342 if (domains != null && domains.size() > 0) { 3343 if (DEBUG_DOMAIN_VERIFICATION) { 3344 Slog.v(TAG, " + " + packageName); 3345 } 3346 // 'Undefined' in the global IntentFilterVerificationInfo, i.e. the usual 3347 // state w.r.t. the formal app-linkage "no verification attempted" state; 3348 // and then 'always' in the per-user state actually used for intent resolution. 3349 final IntentFilterVerificationInfo ivi; 3350 ivi = mSettings.createIntentFilterVerificationIfNeededLPw(packageName, domains); 3351 ivi.setStatus(INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED); 3352 mSettings.updateIntentFilterVerificationStatusLPw(packageName, 3353 INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS, userId); 3354 } else { 3355 Slog.w(TAG, "Sysconfig <app-link> package '" + packageName 3356 + "' does not handle web links"); 3357 } 3358 } else { 3359 Slog.w(TAG, "Unknown package " + packageName + " in sysconfig <app-link>"); 3360 } 3361 } 3362 3363 scheduleWritePackageRestrictionsLocked(userId); 3364 scheduleWriteSettingsLocked(); 3365 } 3366 3367 private void applyFactoryDefaultBrowserLPw(int userId) { 3368 // The default browser app's package name is stored in a string resource, 3369 // with a product-specific overlay used for vendor customization. 3370 String browserPkg = mContext.getResources().getString( 3371 com.android.internal.R.string.default_browser); 3372 if (!TextUtils.isEmpty(browserPkg)) { 3373 // non-empty string => required to be a known package 3374 PackageSetting ps = mSettings.mPackages.get(browserPkg); 3375 if (ps == null) { 3376 Slog.e(TAG, "Product default browser app does not exist: " + browserPkg); 3377 browserPkg = null; 3378 } else { 3379 mSettings.setDefaultBrowserPackageNameLPw(browserPkg, userId); 3380 } 3381 } 3382 3383 // Nothing valid explicitly set? Make the factory-installed browser the explicit 3384 // default. If there's more than one, just leave everything alone. 3385 if (browserPkg == null) { 3386 calculateDefaultBrowserLPw(userId); 3387 } 3388 } 3389 3390 private void calculateDefaultBrowserLPw(int userId) { 3391 List<String> allBrowsers = resolveAllBrowserApps(userId); 3392 final String browserPkg = (allBrowsers.size() == 1) ? allBrowsers.get(0) : null; 3393 mSettings.setDefaultBrowserPackageNameLPw(browserPkg, userId); 3394 } 3395 3396 private List<String> resolveAllBrowserApps(int userId) { 3397 // Resolve the canonical browser intent and check that the handleAllWebDataURI boolean is set 3398 List<ResolveInfo> list = queryIntentActivitiesInternal(sBrowserIntent, null, 3399 PackageManager.MATCH_ALL, userId); 3400 3401 final int count = list.size(); 3402 List<String> result = new ArrayList<String>(count); 3403 for (int i=0; i<count; i++) { 3404 ResolveInfo info = list.get(i); 3405 if (info.activityInfo == null 3406 || !info.handleAllWebDataURI 3407 || (info.activityInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0 3408 || result.contains(info.activityInfo.packageName)) { 3409 continue; 3410 } 3411 result.add(info.activityInfo.packageName); 3412 } 3413 3414 return result; 3415 } 3416 3417 private boolean packageIsBrowser(String packageName, int userId) { 3418 List<ResolveInfo> list = queryIntentActivitiesInternal(sBrowserIntent, null, 3419 PackageManager.MATCH_ALL, userId); 3420 final int N = list.size(); 3421 for (int i = 0; i < N; i++) { 3422 ResolveInfo info = list.get(i); 3423 if (packageName.equals(info.activityInfo.packageName)) { 3424 return true; 3425 } 3426 } 3427 return false; 3428 } 3429 3430 private void checkDefaultBrowser() { 3431 final int myUserId = UserHandle.myUserId(); 3432 final String packageName = getDefaultBrowserPackageName(myUserId); 3433 if (packageName != null) { 3434 PackageInfo info = getPackageInfo(packageName, 0, myUserId); 3435 if (info == null) { 3436 Slog.w(TAG, "Default browser no longer installed: " + packageName); 3437 synchronized (mPackages) { 3438 applyFactoryDefaultBrowserLPw(myUserId); // leaves ambiguous when > 1 3439 } 3440 } 3441 } 3442 } 3443 3444 @Override 3445 public boolean onTransact(int code, Parcel data, Parcel reply, int flags) 3446 throws RemoteException { 3447 try { 3448 return super.onTransact(code, data, reply, flags); 3449 } catch (RuntimeException e) { 3450 if (!(e instanceof SecurityException) && !(e instanceof IllegalArgumentException)) { 3451 Slog.wtf(TAG, "Package Manager Crash", e); 3452 } 3453 throw e; 3454 } 3455 } 3456 3457 static int[] appendInts(int[] cur, int[] add) { 3458 if (add == null) return cur; 3459 if (cur == null) return add; 3460 final int N = add.length; 3461 for (int i=0; i<N; i++) { 3462 cur = appendInt(cur, add[i]); 3463 } 3464 return cur; 3465 } 3466 3467 private PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId) { 3468 if (!sUserManager.exists(userId)) return null; 3469 if (ps == null) { 3470 return null; 3471 } 3472 final PackageParser.Package p = ps.pkg; 3473 if (p == null) { 3474 return null; 3475 } 3476 // Filter out ephemeral app metadata: 3477 // * The system/shell/root can see metadata for any app 3478 // * An installed app can see metadata for 1) other installed apps 3479 // and 2) ephemeral apps that have explicitly interacted with it 3480 // * Ephemeral apps can only see their own data and exposed installed apps 3481 // * Holding a signature permission allows seeing instant apps 3482 final int callingAppId = UserHandle.getAppId(Binder.getCallingUid()); 3483 if (callingAppId != Process.SYSTEM_UID 3484 && callingAppId != Process.SHELL_UID 3485 && callingAppId != Process.ROOT_UID 3486 && checkUidPermission(Manifest.permission.ACCESS_INSTANT_APPS, 3487 Binder.getCallingUid()) != PackageManager.PERMISSION_GRANTED) { 3488 final String instantAppPackageName = getInstantAppPackageName(Binder.getCallingUid()); 3489 if (instantAppPackageName != null) { 3490 // ephemeral apps can only get information on themselves or 3491 // installed apps that are exposed. 3492 if (!instantAppPackageName.equals(p.packageName) 3493 && (ps.getInstantApp(userId) || !p.visibleToInstantApps)) { 3494 return null; 3495 } 3496 } else { 3497 if (ps.getInstantApp(userId)) { 3498 // only get access to the ephemeral app if we've been granted access 3499 if (!mInstantAppRegistry.isInstantAccessGranted( 3500 userId, callingAppId, ps.appId)) { 3501 return null; 3502 } 3503 } 3504 } 3505 } 3506 3507 final PermissionsState permissionsState = ps.getPermissionsState(); 3508 3509 // Compute GIDs only if requested 3510 final int[] gids = (flags & PackageManager.GET_GIDS) == 0 3511 ? EMPTY_INT_ARRAY : permissionsState.computeGids(userId); 3512 // Compute granted permissions only if package has requested permissions 3513 final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions) 3514 ? Collections.<String>emptySet() : permissionsState.getPermissions(userId); 3515 final PackageUserState state = ps.readUserState(userId); 3516 3517 if ((flags & MATCH_UNINSTALLED_PACKAGES) != 0 3518 && ps.isSystem()) { 3519 flags |= MATCH_ANY_USER; 3520 } 3521 3522 PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, 3523 ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); 3524 3525 if (packageInfo == null) { 3526 return null; 3527 } 3528 3529 rebaseEnabledOverlays(packageInfo.applicationInfo, userId); 3530 3531 packageInfo.packageName = packageInfo.applicationInfo.packageName = 3532 resolveExternalPackageNameLPr(p); 3533 3534 return packageInfo; 3535 } 3536 3537 @Override 3538 public void checkPackageStartable(String packageName, int userId) { 3539 final boolean userKeyUnlocked = StorageManager.isUserKeyUnlocked(userId); 3540 3541 synchronized (mPackages) { 3542 final PackageSetting ps = mSettings.mPackages.get(packageName); 3543 if (ps == null) { 3544 throw new SecurityException("Package " + packageName + " was not found!"); 3545 } 3546 3547 if (!ps.getInstalled(userId)) { 3548 throw new SecurityException( 3549 "Package " + packageName + " was not installed for user " + userId + "!"); 3550 } 3551 3552 if (mSafeMode && !ps.isSystem()) { 3553 throw new SecurityException("Package " + packageName + " not a system app!"); 3554 } 3555 3556 if (mFrozenPackages.contains(packageName)) { 3557 throw new SecurityException("Package " + packageName + " is currently frozen!"); 3558 } 3559 3560 if (!userKeyUnlocked && !(ps.pkg.applicationInfo.isDirectBootAware() 3561 || ps.pkg.applicationInfo.isPartiallyDirectBootAware())) { 3562 throw new SecurityException("Package " + packageName + " is not encryption aware!"); 3563 } 3564 } 3565 } 3566 3567 @Override 3568 public boolean isPackageAvailable(String packageName, int userId) { 3569 if (!sUserManager.exists(userId)) return false; 3570 enforceCrossUserPermission(Binder.getCallingUid(), userId, 3571 false /* requireFullPermission */, false /* checkShell */, "is package available"); 3572 synchronized (mPackages) { 3573 PackageParser.Package p = mPackages.get(packageName); 3574 if (p != null) { 3575 final PackageSetting ps = (PackageSetting) p.mExtras; 3576 if (ps != null) { 3577 final PackageUserState state = ps.readUserState(userId); 3578 if (state != null) { 3579 return PackageParser.isAvailable(state); 3580 } 3581 } 3582 } 3583 } 3584 return false; 3585 } 3586 3587 @Override 3588 public PackageInfo getPackageInfo(String packageName, int flags, int userId) { 3589 return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST, 3590 flags, userId); 3591 } 3592 3593 @Override 3594 public PackageInfo getPackageInfoVersioned(VersionedPackage versionedPackage, 3595 int flags, int userId) { 3596 return getPackageInfoInternal(versionedPackage.getPackageName(), 3597 // TODO: We will change version code to long, so in the new API it is long 3598 (int) versionedPackage.getVersionCode(), flags, userId); 3599 } 3600 3601 private PackageInfo getPackageInfoInternal(String packageName, int versionCode, 3602 int flags, int userId) { 3603 if (!sUserManager.exists(userId)) return null; 3604 flags = updateFlagsForPackage(flags, userId, packageName); 3605 enforceCrossUserPermission(Binder.getCallingUid(), userId, 3606 false /* requireFullPermission */, false /* checkShell */, "get package info"); 3607 3608 // reader 3609 synchronized (mPackages) { 3610 // Normalize package name to handle renamed packages and static libs 3611 packageName = resolveInternalPackageNameLPr(packageName, versionCode); 3612 3613 final boolean matchFactoryOnly = (flags & MATCH_FACTORY_ONLY) != 0; 3614 if (matchFactoryOnly) { 3615 final PackageSetting ps = mSettings.getDisabledSystemPkgLPr(packageName); 3616 if (ps != null) { 3617 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 3618 return null; 3619 } 3620 return generatePackageInfo(ps, flags, userId); 3621 } 3622 } 3623 3624 PackageParser.Package p = mPackages.get(packageName); 3625 if (matchFactoryOnly && p != null && !isSystemApp(p)) { 3626 return null; 3627 } 3628 if (DEBUG_PACKAGE_INFO) 3629 Log.v(TAG, "getPackageInfo " + packageName + ": " + p); 3630 if (p != null) { 3631 if (filterSharedLibPackageLPr((PackageSetting) p.mExtras, 3632 Binder.getCallingUid(), userId)) { 3633 return null; 3634 } 3635 return generatePackageInfo((PackageSetting)p.mExtras, flags, userId); 3636 } 3637 if (!matchFactoryOnly && (flags & MATCH_KNOWN_PACKAGES) != 0) { 3638 final PackageSetting ps = mSettings.mPackages.get(packageName); 3639 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 3640 return null; 3641 } 3642 return generatePackageInfo(ps, flags, userId); 3643 } 3644 } 3645 return null; 3646 } 3647 3648 3649 private boolean filterSharedLibPackageLPr(@Nullable PackageSetting ps, int uid, int userId) { 3650 // System/shell/root get to see all static libs 3651 final int appId = UserHandle.getAppId(uid); 3652 if (appId == Process.SYSTEM_UID || appId == Process.SHELL_UID 3653 || appId == Process.ROOT_UID) { 3654 return false; 3655 } 3656 3657 // No package means no static lib as it is always on internal storage 3658 if (ps == null || ps.pkg == null || !ps.pkg.applicationInfo.isStaticSharedLibrary()) { 3659 return false; 3660 } 3661 3662 final SharedLibraryEntry libEntry = getSharedLibraryEntryLPr(ps.pkg.staticSharedLibName, 3663 ps.pkg.staticSharedLibVersion); 3664 if (libEntry == null) { 3665 return false; 3666 } 3667 3668 final int resolvedUid = UserHandle.getUid(userId, UserHandle.getAppId(uid)); 3669 final String[] uidPackageNames = getPackagesForUid(resolvedUid); 3670 if (uidPackageNames == null) { 3671 return true; 3672 } 3673 3674 for (String uidPackageName : uidPackageNames) { 3675 if (ps.name.equals(uidPackageName)) { 3676 return false; 3677 } 3678 PackageSetting uidPs = mSettings.getPackageLPr(uidPackageName); 3679 if (uidPs != null) { 3680 final int index = ArrayUtils.indexOf(uidPs.usesStaticLibraries, 3681 libEntry.info.getName()); 3682 if (index < 0) { 3683 continue; 3684 } 3685 if (uidPs.pkg.usesStaticLibrariesVersions[index] == libEntry.info.getVersion()) { 3686 return false; 3687 } 3688 } 3689 } 3690 return true; 3691 } 3692 3693 @Override 3694 public String[] currentToCanonicalPackageNames(String[] names) { 3695 String[] out = new String[names.length]; 3696 // reader 3697 synchronized (mPackages) { 3698 for (int i=names.length-1; i>=0; i--) { 3699 PackageSetting ps = mSettings.mPackages.get(names[i]); 3700 out[i] = ps != null && ps.realName != null ? ps.realName : names[i]; 3701 } 3702 } 3703 return out; 3704 } 3705 3706 @Override 3707 public String[] canonicalToCurrentPackageNames(String[] names) { 3708 String[] out = new String[names.length]; 3709 // reader 3710 synchronized (mPackages) { 3711 for (int i=names.length-1; i>=0; i--) { 3712 String cur = mSettings.getRenamedPackageLPr(names[i]); 3713 out[i] = cur != null ? cur : names[i]; 3714 } 3715 } 3716 return out; 3717 } 3718 3719 @Override 3720 public int getPackageUid(String packageName, int flags, int userId) { 3721 if (!sUserManager.exists(userId)) return -1; 3722 flags = updateFlagsForPackage(flags, userId, packageName); 3723 enforceCrossUserPermission(Binder.getCallingUid(), userId, 3724 false /* requireFullPermission */, false /* checkShell */, "get package uid"); 3725 3726 // reader 3727 synchronized (mPackages) { 3728 final PackageParser.Package p = mPackages.get(packageName); 3729 if (p != null && p.isMatch(flags)) { 3730 return UserHandle.getUid(userId, p.applicationInfo.uid); 3731 } 3732 if ((flags & MATCH_KNOWN_PACKAGES) != 0) { 3733 final PackageSetting ps = mSettings.mPackages.get(packageName); 3734 if (ps != null && ps.isMatch(flags)) { 3735 return UserHandle.getUid(userId, ps.appId); 3736 } 3737 } 3738 } 3739 3740 return -1; 3741 } 3742 3743 @Override 3744 public int[] getPackageGids(String packageName, int flags, int userId) { 3745 if (!sUserManager.exists(userId)) return null; 3746 flags = updateFlagsForPackage(flags, userId, packageName); 3747 enforceCrossUserPermission(Binder.getCallingUid(), userId, 3748 false /* requireFullPermission */, false /* checkShell */, 3749 "getPackageGids"); 3750 3751 // reader 3752 synchronized (mPackages) { 3753 final PackageParser.Package p = mPackages.get(packageName); 3754 if (p != null && p.isMatch(flags)) { 3755 PackageSetting ps = (PackageSetting) p.mExtras; 3756 // TODO: Shouldn't this be checking for package installed state for userId and 3757 // return null? 3758 return ps.getPermissionsState().computeGids(userId); 3759 } 3760 if ((flags & MATCH_KNOWN_PACKAGES) != 0) { 3761 final PackageSetting ps = mSettings.mPackages.get(packageName); 3762 if (ps != null && ps.isMatch(flags)) { 3763 return ps.getPermissionsState().computeGids(userId); 3764 } 3765 } 3766 } 3767 3768 return null; 3769 } 3770 3771 static PermissionInfo generatePermissionInfo(BasePermission bp, int flags) { 3772 if (bp.perm != null) { 3773 return PackageParser.generatePermissionInfo(bp.perm, flags); 3774 } 3775 PermissionInfo pi = new PermissionInfo(); 3776 pi.name = bp.name; 3777 pi.packageName = bp.sourcePackage; 3778 pi.nonLocalizedLabel = bp.name; 3779 pi.protectionLevel = bp.protectionLevel; 3780 return pi; 3781 } 3782 3783 @Override 3784 public PermissionInfo getPermissionInfo(String name, int flags) { 3785 // reader 3786 synchronized (mPackages) { 3787 final BasePermission p = mSettings.mPermissions.get(name); 3788 if (p != null) { 3789 return generatePermissionInfo(p, flags); 3790 } 3791 return null; 3792 } 3793 } 3794 3795 @Override 3796 public @Nullable ParceledListSlice<PermissionInfo> queryPermissionsByGroup(String group, 3797 int flags) { 3798 // reader 3799 synchronized (mPackages) { 3800 if (group != null && !mPermissionGroups.containsKey(group)) { 3801 // This is thrown as NameNotFoundException 3802 return null; 3803 } 3804 3805 ArrayList<PermissionInfo> out = new ArrayList<PermissionInfo>(10); 3806 for (BasePermission p : mSettings.mPermissions.values()) { 3807 if (group == null) { 3808 if (p.perm == null || p.perm.info.group == null) { 3809 out.add(generatePermissionInfo(p, flags)); 3810 } 3811 } else { 3812 if (p.perm != null && group.equals(p.perm.info.group)) { 3813 out.add(PackageParser.generatePermissionInfo(p.perm, flags)); 3814 } 3815 } 3816 } 3817 return new ParceledListSlice<>(out); 3818 } 3819 } 3820 3821 @Override 3822 public PermissionGroupInfo getPermissionGroupInfo(String name, int flags) { 3823 // reader 3824 synchronized (mPackages) { 3825 return PackageParser.generatePermissionGroupInfo( 3826 mPermissionGroups.get(name), flags); 3827 } 3828 } 3829 3830 @Override 3831 public @NonNull ParceledListSlice<PermissionGroupInfo> getAllPermissionGroups(int flags) { 3832 // reader 3833 synchronized (mPackages) { 3834 final int N = mPermissionGroups.size(); 3835 ArrayList<PermissionGroupInfo> out 3836 = new ArrayList<PermissionGroupInfo>(N); 3837 for (PackageParser.PermissionGroup pg : mPermissionGroups.values()) { 3838 out.add(PackageParser.generatePermissionGroupInfo(pg, flags)); 3839 } 3840 return new ParceledListSlice<>(out); 3841 } 3842 } 3843 3844 private ApplicationInfo generateApplicationInfoFromSettingsLPw(String packageName, int flags, 3845 int uid, int userId) { 3846 if (!sUserManager.exists(userId)) return null; 3847 PackageSetting ps = mSettings.mPackages.get(packageName); 3848 if (ps != null) { 3849 if (filterSharedLibPackageLPr(ps, uid, userId)) { 3850 return null; 3851 } 3852 if (ps.pkg == null) { 3853 final PackageInfo pInfo = generatePackageInfo(ps, flags, userId); 3854 if (pInfo != null) { 3855 return pInfo.applicationInfo; 3856 } 3857 return null; 3858 } 3859 ApplicationInfo ai = PackageParser.generateApplicationInfo(ps.pkg, flags, 3860 ps.readUserState(userId), userId); 3861 if (ai != null) { 3862 rebaseEnabledOverlays(ai, userId); 3863 ai.packageName = resolveExternalPackageNameLPr(ps.pkg); 3864 } 3865 return ai; 3866 } 3867 return null; 3868 } 3869 3870 @Override 3871 public ApplicationInfo getApplicationInfo(String packageName, int flags, int userId) { 3872 if (!sUserManager.exists(userId)) return null; 3873 flags = updateFlagsForApplication(flags, userId, packageName); 3874 enforceCrossUserPermission(Binder.getCallingUid(), userId, 3875 false /* requireFullPermission */, false /* checkShell */, "get application info"); 3876 3877 // writer 3878 synchronized (mPackages) { 3879 // Normalize package name to handle renamed packages and static libs 3880 packageName = resolveInternalPackageNameLPr(packageName, 3881 PackageManager.VERSION_CODE_HIGHEST); 3882 3883 PackageParser.Package p = mPackages.get(packageName); 3884 if (DEBUG_PACKAGE_INFO) Log.v( 3885 TAG, "getApplicationInfo " + packageName 3886 + ": " + p); 3887 if (p != null) { 3888 PackageSetting ps = mSettings.mPackages.get(packageName); 3889 if (ps == null) return null; 3890 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 3891 return null; 3892 } 3893 // Note: isEnabledLP() does not apply here - always return info 3894 ApplicationInfo ai = PackageParser.generateApplicationInfo( 3895 p, flags, ps.readUserState(userId), userId); 3896 if (ai != null) { 3897 rebaseEnabledOverlays(ai, userId); 3898 ai.packageName = resolveExternalPackageNameLPr(p); 3899 } 3900 return ai; 3901 } 3902 if ("android".equals(packageName)||"system".equals(packageName)) { 3903 return mAndroidApplication; 3904 } 3905 if ((flags & MATCH_KNOWN_PACKAGES) != 0) { 3906 // Already generates the external package name 3907 return generateApplicationInfoFromSettingsLPw(packageName, 3908 Binder.getCallingUid(), flags, userId); 3909 } 3910 } 3911 return null; 3912 } 3913 3914 private void rebaseEnabledOverlays(@NonNull ApplicationInfo ai, int userId) { 3915 List<String> paths = new ArrayList<>(); 3916 ArrayMap<String, ArrayList<String>> userSpecificOverlays = 3917 mEnabledOverlayPaths.get(userId); 3918 if (userSpecificOverlays != null) { 3919 if (!"android".equals(ai.packageName)) { 3920 ArrayList<String> frameworkOverlays = userSpecificOverlays.get("android"); 3921 if (frameworkOverlays != null) { 3922 paths.addAll(frameworkOverlays); 3923 } 3924 } 3925 3926 ArrayList<String> appOverlays = userSpecificOverlays.get(ai.packageName); 3927 if (appOverlays != null) { 3928 paths.addAll(appOverlays); 3929 } 3930 } 3931 ai.resourceDirs = paths.size() > 0 ? paths.toArray(new String[paths.size()]) : null; 3932 } 3933 3934 private String normalizePackageNameLPr(String packageName) { 3935 String normalizedPackageName = mSettings.getRenamedPackageLPr(packageName); 3936 return normalizedPackageName != null ? normalizedPackageName : packageName; 3937 } 3938 3939 @Override 3940 public void deletePreloadsFileCache() { 3941 if (!UserHandle.isSameApp(Binder.getCallingUid(), Process.SYSTEM_UID)) { 3942 throw new SecurityException("Only system or settings may call deletePreloadsFileCache"); 3943 } 3944 File dir = Environment.getDataPreloadsFileCacheDirectory(); 3945 Slog.i(TAG, "Deleting preloaded file cache " + dir); 3946 FileUtils.deleteContents(dir); 3947 } 3948 3949 @Override 3950 public void freeStorageAndNotify(final String volumeUuid, final long freeStorageSize, 3951 final IPackageDataObserver observer) { 3952 mContext.enforceCallingOrSelfPermission( 3953 android.Manifest.permission.CLEAR_APP_CACHE, null); 3954 mHandler.post(() -> { 3955 boolean success = false; 3956 try { 3957 freeStorage(volumeUuid, freeStorageSize, 0); 3958 success = true; 3959 } catch (IOException e) { 3960 Slog.w(TAG, e); 3961 } 3962 if (observer != null) { 3963 try { 3964 observer.onRemoveCompleted(null, success); 3965 } catch (RemoteException e) { 3966 Slog.w(TAG, e); 3967 } 3968 } 3969 }); 3970 } 3971 3972 @Override 3973 public void freeStorage(final String volumeUuid, final long freeStorageSize, 3974 final IntentSender pi) { 3975 mContext.enforceCallingOrSelfPermission( 3976 android.Manifest.permission.CLEAR_APP_CACHE, TAG); 3977 mHandler.post(() -> { 3978 boolean success = false; 3979 try { 3980 freeStorage(volumeUuid, freeStorageSize, 0); 3981 success = true; 3982 } catch (IOException e) { 3983 Slog.w(TAG, e); 3984 } 3985 if (pi != null) { 3986 try { 3987 pi.sendIntent(null, success ? 1 : 0, null, null, null); 3988 } catch (SendIntentException e) { 3989 Slog.w(TAG, e); 3990 } 3991 } 3992 }); 3993 } 3994 3995 /** 3996 * Blocking call to clear various types of cached data across the system 3997 * until the requested bytes are available. 3998 */ 3999 public void freeStorage(String volumeUuid, long bytes, int storageFlags) throws IOException { 4000 final StorageManager storage = mContext.getSystemService(StorageManager.class); 4001 final File file = storage.findPathForUuid(volumeUuid); 4002 if (file.getUsableSpace() >= bytes) return; 4003 4004 if (ENABLE_FREE_CACHE_V2) { 4005 final boolean aggressive = (storageFlags 4006 & StorageManager.FLAG_ALLOCATE_AGGRESSIVE) != 0; 4007 final boolean internalVolume = Objects.equals(StorageManager.UUID_PRIVATE_INTERNAL, 4008 volumeUuid); 4009 4010 // 1. Pre-flight to determine if we have any chance to succeed 4011 // 2. Consider preloaded data (after 1w honeymoon, unless aggressive) 4012 if (internalVolume && (aggressive || SystemProperties 4013 .getBoolean("persist.sys.preloads.file_cache_expired", false))) { 4014 deletePreloadsFileCache(); 4015 if (file.getUsableSpace() >= bytes) return; 4016 } 4017 4018 // 3. Consider parsed APK data (aggressive only) 4019 if (internalVolume && aggressive) { 4020 FileUtils.deleteContents(mCacheDir); 4021 if (file.getUsableSpace() >= bytes) return; 4022 } 4023 4024 // 4. Consider cached app data (above quotas) 4025 try { 4026 mInstaller.freeCache(volumeUuid, bytes, Installer.FLAG_FREE_CACHE_V2); 4027 } catch (InstallerException ignored) { 4028 } 4029 if (file.getUsableSpace() >= bytes) return; 4030 4031 // 5. Consider shared libraries with refcount=0 and age>2h 4032 // 6. Consider dexopt output (aggressive only) 4033 // 7. Consider ephemeral apps not used in last week 4034 4035 // 8. Consider cached app data (below quotas) 4036 try { 4037 mInstaller.freeCache(volumeUuid, bytes, Installer.FLAG_FREE_CACHE_V2 4038 | Installer.FLAG_FREE_CACHE_V2_DEFY_QUOTA); 4039 } catch (InstallerException ignored) { 4040 } 4041 if (file.getUsableSpace() >= bytes) return; 4042 4043 // 9. Consider DropBox entries 4044 // 10. Consider ephemeral cookies 4045 4046 } else { 4047 try { 4048 mInstaller.freeCache(volumeUuid, bytes, 0); 4049 } catch (InstallerException ignored) { 4050 } 4051 if (file.getUsableSpace() >= bytes) return; 4052 } 4053 4054 throw new IOException("Failed to free " + bytes + " on storage device at " + file); 4055 } 4056 4057 /** 4058 * Update given flags based on encryption status of current user. 4059 */ 4060 private int updateFlags(int flags, int userId) { 4061 if ((flags & (PackageManager.MATCH_DIRECT_BOOT_UNAWARE 4062 | PackageManager.MATCH_DIRECT_BOOT_AWARE)) != 0) { 4063 // Caller expressed an explicit opinion about what encryption 4064 // aware/unaware components they want to see, so fall through and 4065 // give them what they want 4066 } else { 4067 // Caller expressed no opinion, so match based on user state 4068 if (getUserManagerInternal().isUserUnlockingOrUnlocked(userId)) { 4069 flags |= PackageManager.MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE; 4070 } else { 4071 flags |= PackageManager.MATCH_DIRECT_BOOT_AWARE; 4072 } 4073 } 4074 return flags; 4075 } 4076 4077 private UserManagerInternal getUserManagerInternal() { 4078 if (mUserManagerInternal == null) { 4079 mUserManagerInternal = LocalServices.getService(UserManagerInternal.class); 4080 } 4081 return mUserManagerInternal; 4082 } 4083 4084 private DeviceIdleController.LocalService getDeviceIdleController() { 4085 if (mDeviceIdleController == null) { 4086 mDeviceIdleController = 4087 LocalServices.getService(DeviceIdleController.LocalService.class); 4088 } 4089 return mDeviceIdleController; 4090 } 4091 4092 /** 4093 * Update given flags when being used to request {@link PackageInfo}. 4094 */ 4095 private int updateFlagsForPackage(int flags, int userId, Object cookie) { 4096 final boolean isCallerSystemUser = UserHandle.getCallingUserId() == UserHandle.USER_SYSTEM; 4097 boolean triaged = true; 4098 if ((flags & (PackageManager.GET_ACTIVITIES | PackageManager.GET_RECEIVERS 4099 | PackageManager.GET_SERVICES | PackageManager.GET_PROVIDERS)) != 0) { 4100 // Caller is asking for component details, so they'd better be 4101 // asking for specific encryption matching behavior, or be triaged 4102 if ((flags & (PackageManager.MATCH_DIRECT_BOOT_UNAWARE 4103 | PackageManager.MATCH_DIRECT_BOOT_AWARE 4104 | PackageManager.MATCH_DEBUG_TRIAGED_MISSING)) == 0) { 4105 triaged = false; 4106 } 4107 } 4108 if ((flags & (PackageManager.MATCH_UNINSTALLED_PACKAGES 4109 | PackageManager.MATCH_SYSTEM_ONLY 4110 | PackageManager.MATCH_DEBUG_TRIAGED_MISSING)) == 0) { 4111 triaged = false; 4112 } 4113 if ((flags & PackageManager.MATCH_ANY_USER) != 0) { 4114 enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, 4115 "MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission at " 4116 + Debug.getCallers(5)); 4117 } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0 && isCallerSystemUser 4118 && sUserManager.hasManagedProfile(UserHandle.USER_SYSTEM)) { 4119 // If the caller wants all packages and has a restricted profile associated with it, 4120 // then match all users. This is to make sure that launchers that need to access work 4121 // profile apps don't start breaking. TODO: Remove this hack when launchers stop using 4122 // MATCH_UNINSTALLED_PACKAGES to query apps in other profiles. b/31000380 4123 flags |= PackageManager.MATCH_ANY_USER; 4124 } 4125 if (DEBUG_TRIAGED_MISSING && (Binder.getCallingUid() == Process.SYSTEM_UID) && !triaged) { 4126 Log.w(TAG, "Caller hasn't been triaged for missing apps; they asked about " + cookie 4127 + " with flags 0x" + Integer.toHexString(flags), new Throwable()); 4128 } 4129 return updateFlags(flags, userId); 4130 } 4131 4132 /** 4133 * Update given flags when being used to request {@link ApplicationInfo}. 4134 */ 4135 private int updateFlagsForApplication(int flags, int userId, Object cookie) { 4136 return updateFlagsForPackage(flags, userId, cookie); 4137 } 4138 4139 /** 4140 * Update given flags when being used to request {@link ComponentInfo}. 4141 */ 4142 private int updateFlagsForComponent(int flags, int userId, Object cookie) { 4143 if (cookie instanceof Intent) { 4144 if ((((Intent) cookie).getFlags() & Intent.FLAG_DEBUG_TRIAGED_MISSING) != 0) { 4145 flags |= PackageManager.MATCH_DEBUG_TRIAGED_MISSING; 4146 } 4147 } 4148 4149 boolean triaged = true; 4150 // Caller is asking for component details, so they'd better be 4151 // asking for specific encryption matching behavior, or be triaged 4152 if ((flags & (PackageManager.MATCH_DIRECT_BOOT_UNAWARE 4153 | PackageManager.MATCH_DIRECT_BOOT_AWARE 4154 | PackageManager.MATCH_DEBUG_TRIAGED_MISSING)) == 0) { 4155 triaged = false; 4156 } 4157 if (DEBUG_TRIAGED_MISSING && (Binder.getCallingUid() == Process.SYSTEM_UID) && !triaged) { 4158 Log.w(TAG, "Caller hasn't been triaged for missing apps; they asked about " + cookie 4159 + " with flags 0x" + Integer.toHexString(flags), new Throwable()); 4160 } 4161 4162 return updateFlags(flags, userId); 4163 } 4164 4165 /** 4166 * Update given intent when being used to request {@link ResolveInfo}. 4167 */ 4168 private Intent updateIntentForResolve(Intent intent) { 4169 if (intent.getSelector() != null) { 4170 intent = intent.getSelector(); 4171 } 4172 if (DEBUG_PREFERRED) { 4173 intent.addFlags(Intent.FLAG_DEBUG_LOG_RESOLUTION); 4174 } 4175 return intent; 4176 } 4177 4178 /** 4179 * Update given flags when being used to request {@link ResolveInfo}. 4180 * <p>Instant apps are resolved specially, depending upon context. Minimally, 4181 * {@code}flags{@code} must have the {@link PackageManager#MATCH_INSTANT} 4182 * flag set. However, this flag is only honoured in three circumstances: 4183 * <ul> 4184 * <li>when called from a system process</li> 4185 * <li>when the caller holds the permission {@code android.permission.ACCESS_INSTANT_APPS}</li> 4186 * <li>when resolution occurs to start an activity with a {@code android.intent.action.VIEW} 4187 * action and a {@code android.intent.category.BROWSABLE} category</li> 4188 * </ul> 4189 */ 4190 int updateFlagsForResolve(int flags, int userId, Intent intent, int callingUid) { 4191 return updateFlagsForResolve(flags, userId, intent, callingUid, 4192 false /*includeInstantApps*/, false /*onlyExposedExplicitly*/); 4193 } 4194 int updateFlagsForResolve(int flags, int userId, Intent intent, int callingUid, 4195 boolean includeInstantApps) { 4196 return updateFlagsForResolve(flags, userId, intent, callingUid, 4197 includeInstantApps, false /*onlyExposedExplicitly*/); 4198 } 4199 int updateFlagsForResolve(int flags, int userId, Intent intent, int callingUid, 4200 boolean includeInstantApps, boolean onlyExposedExplicitly) { 4201 // Safe mode means we shouldn't match any third-party components 4202 if (mSafeMode) { 4203 flags |= PackageManager.MATCH_SYSTEM_ONLY; 4204 } 4205 if (getInstantAppPackageName(callingUid) != null) { 4206 // But, ephemeral apps see both ephemeral and exposed, non-ephemeral components 4207 if (onlyExposedExplicitly) { 4208 flags |= PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY; 4209 } 4210 flags |= PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY; 4211 flags |= PackageManager.MATCH_INSTANT; 4212 } else { 4213 // Otherwise, prevent leaking ephemeral components 4214 final boolean isSpecialProcess = 4215 callingUid == Process.SYSTEM_UID 4216 || callingUid == Process.SHELL_UID 4217 || callingUid == 0; 4218 final boolean allowMatchInstant = 4219 (includeInstantApps 4220 && Intent.ACTION_VIEW.equals(intent.getAction()) 4221 && intent.hasCategory(Intent.CATEGORY_BROWSABLE) 4222 && hasWebURI(intent)) 4223 || isSpecialProcess 4224 || mContext.checkCallingOrSelfPermission( 4225 android.Manifest.permission.ACCESS_INSTANT_APPS) == PERMISSION_GRANTED; 4226 flags &= ~(PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY 4227 | PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY); 4228 if (!allowMatchInstant) { 4229 flags &= ~PackageManager.MATCH_INSTANT; 4230 } 4231 } 4232 return updateFlagsForComponent(flags, userId, intent /*cookie*/); 4233 } 4234 4235 private ActivityInfo generateActivityInfo(ActivityInfo ai, int flags, PackageUserState state, 4236 int userId) { 4237 ActivityInfo ret = PackageParser.generateActivityInfo(ai, flags, state, userId); 4238 if (ret != null) { 4239 rebaseEnabledOverlays(ret.applicationInfo, userId); 4240 } 4241 return ret; 4242 } 4243 4244 private ActivityInfo generateActivityInfo(PackageParser.Activity a, int flags, 4245 PackageUserState state, int userId) { 4246 ActivityInfo ai = PackageParser.generateActivityInfo(a, flags, state, userId); 4247 if (ai != null) { 4248 rebaseEnabledOverlays(ai.applicationInfo, userId); 4249 } 4250 return ai; 4251 } 4252 4253 @Override 4254 public ActivityInfo getActivityInfo(ComponentName component, int flags, int userId) { 4255 if (!sUserManager.exists(userId)) return null; 4256 flags = updateFlagsForComponent(flags, userId, component); 4257 enforceCrossUserPermission(Binder.getCallingUid(), userId, 4258 false /* requireFullPermission */, false /* checkShell */, "get activity info"); 4259 synchronized (mPackages) { 4260 PackageParser.Activity a = mActivities.mActivities.get(component); 4261 4262 if (DEBUG_PACKAGE_INFO) Log.v(TAG, "getActivityInfo " + component + ": " + a); 4263 if (a != null && mSettings.isEnabledAndMatchLPr(a.info, flags, userId)) { 4264 PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); 4265 if (ps == null) return null; 4266 return generateActivityInfo(a, flags, ps.readUserState(userId), userId); 4267 } 4268 if (mResolveComponentName.equals(component)) { 4269 return generateActivityInfo(mResolveActivity, flags, new PackageUserState(), 4270 userId); 4271 } 4272 } 4273 return null; 4274 } 4275 4276 @Override 4277 public boolean activitySupportsIntent(ComponentName component, Intent intent, 4278 String resolvedType) { 4279 synchronized (mPackages) { 4280 if (component.equals(mResolveComponentName)) { 4281 // The resolver supports EVERYTHING! 4282 return true; 4283 } 4284 PackageParser.Activity a = mActivities.mActivities.get(component); 4285 if (a == null) { 4286 return false; 4287 } 4288 for (int i=0; i<a.intents.size(); i++) { 4289 if (a.intents.get(i).match(intent.getAction(), resolvedType, intent.getScheme(), 4290 intent.getData(), intent.getCategories(), TAG) >= 0) { 4291 return true; 4292 } 4293 } 4294 return false; 4295 } 4296 } 4297 4298 @Override 4299 public ActivityInfo getReceiverInfo(ComponentName component, int flags, int userId) { 4300 if (!sUserManager.exists(userId)) return null; 4301 flags = updateFlagsForComponent(flags, userId, component); 4302 enforceCrossUserPermission(Binder.getCallingUid(), userId, 4303 false /* requireFullPermission */, false /* checkShell */, "get receiver info"); 4304 synchronized (mPackages) { 4305 PackageParser.Activity a = mReceivers.mActivities.get(component); 4306 if (DEBUG_PACKAGE_INFO) Log.v( 4307 TAG, "getReceiverInfo " + component + ": " + a); 4308 if (a != null && mSettings.isEnabledAndMatchLPr(a.info, flags, userId)) { 4309 PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); 4310 if (ps == null) return null; 4311 return generateActivityInfo(a, flags, ps.readUserState(userId), userId); 4312 } 4313 } 4314 return null; 4315 } 4316 4317 @Override 4318 public ParceledListSlice<SharedLibraryInfo> getSharedLibraries(int flags, int userId) { 4319 if (!sUserManager.exists(userId)) return null; 4320 Preconditions.checkArgumentNonnegative(userId, "userId must be >= 0"); 4321 4322 flags = updateFlagsForPackage(flags, userId, null); 4323 4324 final boolean canSeeStaticLibraries = 4325 mContext.checkCallingOrSelfPermission(INSTALL_PACKAGES) 4326 == PERMISSION_GRANTED 4327 || mContext.checkCallingOrSelfPermission(DELETE_PACKAGES) 4328 == PERMISSION_GRANTED 4329 || mContext.checkCallingOrSelfPermission(REQUEST_INSTALL_PACKAGES) 4330 == PERMISSION_GRANTED 4331 || mContext.checkCallingOrSelfPermission(REQUEST_DELETE_PACKAGES) 4332 == PERMISSION_GRANTED; 4333 4334 synchronized (mPackages) { 4335 List<SharedLibraryInfo> result = null; 4336 4337 final int libCount = mSharedLibraries.size(); 4338 for (int i = 0; i < libCount; i++) { 4339 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.valueAt(i); 4340 if (versionedLib == null) { 4341 continue; 4342 } 4343 4344 final int versionCount = versionedLib.size(); 4345 for (int j = 0; j < versionCount; j++) { 4346 SharedLibraryInfo libInfo = versionedLib.valueAt(j).info; 4347 if (!canSeeStaticLibraries && libInfo.isStatic()) { 4348 break; 4349 } 4350 final long identity = Binder.clearCallingIdentity(); 4351 try { 4352 // TODO: We will change version code to long, so in the new API it is long 4353 PackageInfo packageInfo = getPackageInfoVersioned( 4354 libInfo.getDeclaringPackage(), flags, userId); 4355 if (packageInfo == null) { 4356 continue; 4357 } 4358 } finally { 4359 Binder.restoreCallingIdentity(identity); 4360 } 4361 4362 SharedLibraryInfo resLibInfo = new SharedLibraryInfo(libInfo.getName(), 4363 libInfo.getVersion(), libInfo.getType(), 4364 libInfo.getDeclaringPackage(), getPackagesUsingSharedLibraryLPr(libInfo, 4365 flags, userId)); 4366 4367 if (result == null) { 4368 result = new ArrayList<>(); 4369 } 4370 result.add(resLibInfo); 4371 } 4372 } 4373 4374 return result != null ? new ParceledListSlice<>(result) : null; 4375 } 4376 } 4377 4378 private List<VersionedPackage> getPackagesUsingSharedLibraryLPr( 4379 SharedLibraryInfo libInfo, int flags, int userId) { 4380 List<VersionedPackage> versionedPackages = null; 4381 final int packageCount = mSettings.mPackages.size(); 4382 for (int i = 0; i < packageCount; i++) { 4383 PackageSetting ps = mSettings.mPackages.valueAt(i); 4384 4385 if (ps == null) { 4386 continue; 4387 } 4388 4389 if (!ps.getUserState().get(userId).isAvailable(flags)) { 4390 continue; 4391 } 4392 4393 final String libName = libInfo.getName(); 4394 if (libInfo.isStatic()) { 4395 final int libIdx = ArrayUtils.indexOf(ps.usesStaticLibraries, libName); 4396 if (libIdx < 0) { 4397 continue; 4398 } 4399 if (ps.usesStaticLibrariesVersions[libIdx] != libInfo.getVersion()) { 4400 continue; 4401 } 4402 if (versionedPackages == null) { 4403 versionedPackages = new ArrayList<>(); 4404 } 4405 // If the dependent is a static shared lib, use the public package name 4406 String dependentPackageName = ps.name; 4407 if (ps.pkg != null && ps.pkg.applicationInfo.isStaticSharedLibrary()) { 4408 dependentPackageName = ps.pkg.manifestPackageName; 4409 } 4410 versionedPackages.add(new VersionedPackage(dependentPackageName, ps.versionCode)); 4411 } else if (ps.pkg != null) { 4412 if (ArrayUtils.contains(ps.pkg.usesLibraries, libName) 4413 || ArrayUtils.contains(ps.pkg.usesOptionalLibraries, libName)) { 4414 if (versionedPackages == null) { 4415 versionedPackages = new ArrayList<>(); 4416 } 4417 versionedPackages.add(new VersionedPackage(ps.name, ps.versionCode)); 4418 } 4419 } 4420 } 4421 4422 return versionedPackages; 4423 } 4424 4425 @Override 4426 public ServiceInfo getServiceInfo(ComponentName component, int flags, int userId) { 4427 if (!sUserManager.exists(userId)) return null; 4428 flags = updateFlagsForComponent(flags, userId, component); 4429 enforceCrossUserPermission(Binder.getCallingUid(), userId, 4430 false /* requireFullPermission */, false /* checkShell */, "get service info"); 4431 synchronized (mPackages) { 4432 PackageParser.Service s = mServices.mServices.get(component); 4433 if (DEBUG_PACKAGE_INFO) Log.v( 4434 TAG, "getServiceInfo " + component + ": " + s); 4435 if (s != null && mSettings.isEnabledAndMatchLPr(s.info, flags, userId)) { 4436 PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); 4437 if (ps == null) return null; 4438 ServiceInfo si = PackageParser.generateServiceInfo(s, flags, 4439 ps.readUserState(userId), userId); 4440 if (si != null) { 4441 rebaseEnabledOverlays(si.applicationInfo, userId); 4442 } 4443 return si; 4444 } 4445 } 4446 return null; 4447 } 4448 4449 @Override 4450 public ProviderInfo getProviderInfo(ComponentName component, int flags, int userId) { 4451 if (!sUserManager.exists(userId)) return null; 4452 flags = updateFlagsForComponent(flags, userId, component); 4453 enforceCrossUserPermission(Binder.getCallingUid(), userId, 4454 false /* requireFullPermission */, false /* checkShell */, "get provider info"); 4455 synchronized (mPackages) { 4456 PackageParser.Provider p = mProviders.mProviders.get(component); 4457 if (DEBUG_PACKAGE_INFO) Log.v( 4458 TAG, "getProviderInfo " + component + ": " + p); 4459 if (p != null && mSettings.isEnabledAndMatchLPr(p.info, flags, userId)) { 4460 PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); 4461 if (ps == null) return null; 4462 ProviderInfo pi = PackageParser.generateProviderInfo(p, flags, 4463 ps.readUserState(userId), userId); 4464 if (pi != null) { 4465 rebaseEnabledOverlays(pi.applicationInfo, userId); 4466 } 4467 return pi; 4468 } 4469 } 4470 return null; 4471 } 4472 4473 @Override 4474 public String[] getSystemSharedLibraryNames() { 4475 synchronized (mPackages) { 4476 Set<String> libs = null; 4477 final int libCount = mSharedLibraries.size(); 4478 for (int i = 0; i < libCount; i++) { 4479 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.valueAt(i); 4480 if (versionedLib == null) { 4481 continue; 4482 } 4483 final int versionCount = versionedLib.size(); 4484 for (int j = 0; j < versionCount; j++) { 4485 SharedLibraryEntry libEntry = versionedLib.valueAt(j); 4486 if (!libEntry.info.isStatic()) { 4487 if (libs == null) { 4488 libs = new ArraySet<>(); 4489 } 4490 libs.add(libEntry.info.getName()); 4491 break; 4492 } 4493 PackageSetting ps = mSettings.getPackageLPr(libEntry.apk); 4494 if (ps != null && !filterSharedLibPackageLPr(ps, Binder.getCallingUid(), 4495 UserHandle.getUserId(Binder.getCallingUid()))) { 4496 if (libs == null) { 4497 libs = new ArraySet<>(); 4498 } 4499 libs.add(libEntry.info.getName()); 4500 break; 4501 } 4502 } 4503 } 4504 4505 if (libs != null) { 4506 String[] libsArray = new String[libs.size()]; 4507 libs.toArray(libsArray); 4508 return libsArray; 4509 } 4510 4511 return null; 4512 } 4513 } 4514 4515 @Override 4516 public @NonNull String getServicesSystemSharedLibraryPackageName() { 4517 synchronized (mPackages) { 4518 return mServicesSystemSharedLibraryPackageName; 4519 } 4520 } 4521 4522 @Override 4523 public @NonNull String getSharedSystemSharedLibraryPackageName() { 4524 synchronized (mPackages) { 4525 return mSharedSystemSharedLibraryPackageName; 4526 } 4527 } 4528 4529 private void updateSequenceNumberLP(String packageName, int[] userList) { 4530 for (int i = userList.length - 1; i >= 0; --i) { 4531 final int userId = userList[i]; 4532 SparseArray<String> changedPackages = mChangedPackages.get(userId); 4533 if (changedPackages == null) { 4534 changedPackages = new SparseArray<>(); 4535 mChangedPackages.put(userId, changedPackages); 4536 } 4537 Map<String, Integer> sequenceNumbers = mChangedPackagesSequenceNumbers.get(userId); 4538 if (sequenceNumbers == null) { 4539 sequenceNumbers = new HashMap<>(); 4540 mChangedPackagesSequenceNumbers.put(userId, sequenceNumbers); 4541 } 4542 final Integer sequenceNumber = sequenceNumbers.get(packageName); 4543 if (sequenceNumber != null) { 4544 changedPackages.remove(sequenceNumber); 4545 } 4546 changedPackages.put(mChangedPackagesSequenceNumber, packageName); 4547 sequenceNumbers.put(packageName, mChangedPackagesSequenceNumber); 4548 } 4549 mChangedPackagesSequenceNumber++; 4550 } 4551 4552 @Override 4553 public ChangedPackages getChangedPackages(int sequenceNumber, int userId) { 4554 synchronized (mPackages) { 4555 if (sequenceNumber >= mChangedPackagesSequenceNumber) { 4556 return null; 4557 } 4558 final SparseArray<String> changedPackages = mChangedPackages.get(userId); 4559 if (changedPackages == null) { 4560 return null; 4561 } 4562 final List<String> packageNames = 4563 new ArrayList<>(mChangedPackagesSequenceNumber - sequenceNumber); 4564 for (int i = sequenceNumber; i < mChangedPackagesSequenceNumber; i++) { 4565 final String packageName = changedPackages.get(i); 4566 if (packageName != null) { 4567 packageNames.add(packageName); 4568 } 4569 } 4570 return packageNames.isEmpty() 4571 ? null : new ChangedPackages(mChangedPackagesSequenceNumber, packageNames); 4572 } 4573 } 4574 4575 @Override 4576 public @NonNull ParceledListSlice<FeatureInfo> getSystemAvailableFeatures() { 4577 ArrayList<FeatureInfo> res; 4578 synchronized (mAvailableFeatures) { 4579 res = new ArrayList<>(mAvailableFeatures.size() + 1); 4580 res.addAll(mAvailableFeatures.values()); 4581 } 4582 final FeatureInfo fi = new FeatureInfo(); 4583 fi.reqGlEsVersion = SystemProperties.getInt("ro.opengles.version", 4584 FeatureInfo.GL_ES_VERSION_UNDEFINED); 4585 res.add(fi); 4586 4587 return new ParceledListSlice<>(res); 4588 } 4589 4590 @Override 4591 public boolean hasSystemFeature(String name, int version) { 4592 synchronized (mAvailableFeatures) { 4593 final FeatureInfo feat = mAvailableFeatures.get(name); 4594 if (feat == null) { 4595 return false; 4596 } else { 4597 return feat.version >= version; 4598 } 4599 } 4600 } 4601 4602 @Override 4603 public int checkPermission(String permName, String pkgName, int userId) { 4604 if (!sUserManager.exists(userId)) { 4605 return PackageManager.PERMISSION_DENIED; 4606 } 4607 4608 synchronized (mPackages) { 4609 final PackageParser.Package p = mPackages.get(pkgName); 4610 if (p != null && p.mExtras != null) { 4611 final PackageSetting ps = (PackageSetting) p.mExtras; 4612 final PermissionsState permissionsState = ps.getPermissionsState(); 4613 if (permissionsState.hasPermission(permName, userId)) { 4614 return PackageManager.PERMISSION_GRANTED; 4615 } 4616 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION 4617 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState 4618 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { 4619 return PackageManager.PERMISSION_GRANTED; 4620 } 4621 } 4622 } 4623 4624 return PackageManager.PERMISSION_DENIED; 4625 } 4626 4627 @Override 4628 public int checkUidPermission(String permName, int uid) { 4629 final int userId = UserHandle.getUserId(uid); 4630 4631 if (!sUserManager.exists(userId)) { 4632 return PackageManager.PERMISSION_DENIED; 4633 } 4634 4635 synchronized (mPackages) { 4636 Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); 4637 if (obj != null) { 4638 final SettingBase ps = (SettingBase) obj; 4639 final PermissionsState permissionsState = ps.getPermissionsState(); 4640 if (permissionsState.hasPermission(permName, userId)) { 4641 return PackageManager.PERMISSION_GRANTED; 4642 } 4643 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION 4644 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState 4645 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { 4646 return PackageManager.PERMISSION_GRANTED; 4647 } 4648 } else { 4649 ArraySet<String> perms = mSystemPermissions.get(uid); 4650 if (perms != null) { 4651 if (perms.contains(permName)) { 4652 return PackageManager.PERMISSION_GRANTED; 4653 } 4654 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms 4655 .contains(Manifest.permission.ACCESS_FINE_LOCATION)) { 4656 return PackageManager.PERMISSION_GRANTED; 4657 } 4658 } 4659 } 4660 } 4661 4662 return PackageManager.PERMISSION_DENIED; 4663 } 4664 4665 @Override 4666 public boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId) { 4667 if (UserHandle.getCallingUserId() != userId) { 4668 mContext.enforceCallingPermission( 4669 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, 4670 "isPermissionRevokedByPolicy for user " + userId); 4671 } 4672 4673 if (checkPermission(permission, packageName, userId) 4674 == PackageManager.PERMISSION_GRANTED) { 4675 return false; 4676 } 4677 4678 final long identity = Binder.clearCallingIdentity(); 4679 try { 4680 final int flags = getPermissionFlags(permission, packageName, userId); 4681 return (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0; 4682 } finally { 4683 Binder.restoreCallingIdentity(identity); 4684 } 4685 } 4686 4687 @Override 4688 public String getPermissionControllerPackageName() { 4689 synchronized (mPackages) { 4690 return mRequiredInstallerPackage; 4691 } 4692 } 4693 4694 /** 4695 * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS 4696 * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller. 4697 * @param checkShell whether to prevent shell from access if there's a debugging restriction 4698 * @param message the message to log on security exception 4699 */ 4700 void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, 4701 boolean checkShell, String message) { 4702 if (userId < 0) { 4703 throw new IllegalArgumentException("Invalid userId " + userId); 4704 } 4705 if (checkShell) { 4706 enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId); 4707 } 4708 if (userId == UserHandle.getUserId(callingUid)) return; 4709 if (callingUid != Process.SYSTEM_UID && callingUid != 0) { 4710 if (requireFullPermission) { 4711 mContext.enforceCallingOrSelfPermission( 4712 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); 4713 } else { 4714 try { 4715 mContext.enforceCallingOrSelfPermission( 4716 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); 4717 } catch (SecurityException se) { 4718 mContext.enforceCallingOrSelfPermission( 4719 android.Manifest.permission.INTERACT_ACROSS_USERS, message); 4720 } 4721 } 4722 } 4723 } 4724 4725 void enforceShellRestriction(String restriction, int callingUid, int userHandle) { 4726 if (callingUid == Process.SHELL_UID) { 4727 if (userHandle >= 0 4728 && sUserManager.hasUserRestriction(restriction, userHandle)) { 4729 throw new SecurityException("Shell does not have permission to access user " 4730 + userHandle); 4731 } else if (userHandle < 0) { 4732 Slog.e(TAG, "Unable to check shell permission for user " + userHandle + "\n\t" 4733 + Debug.getCallers(3)); 4734 } 4735 } 4736 } 4737 4738 private BasePermission findPermissionTreeLP(String permName) { 4739 for(BasePermission bp : mSettings.mPermissionTrees.values()) { 4740 if (permName.startsWith(bp.name) && 4741 permName.length() > bp.name.length() && 4742 permName.charAt(bp.name.length()) == '.') { 4743 return bp; 4744 } 4745 } 4746 return null; 4747 } 4748 4749 private BasePermission checkPermissionTreeLP(String permName) { 4750 if (permName != null) { 4751 BasePermission bp = findPermissionTreeLP(permName); 4752 if (bp != null) { 4753 if (bp.uid == UserHandle.getAppId(Binder.getCallingUid())) { 4754 return bp; 4755 } 4756 throw new SecurityException("Calling uid " 4757 + Binder.getCallingUid() 4758 + " is not allowed to add to permission tree " 4759 + bp.name + " owned by uid " + bp.uid); 4760 } 4761 } 4762 throw new SecurityException("No permission tree found for " + permName); 4763 } 4764 4765 static boolean compareStrings(CharSequence s1, CharSequence s2) { 4766 if (s1 == null) { 4767 return s2 == null; 4768 } 4769 if (s2 == null) { 4770 return false; 4771 } 4772 if (s1.getClass() != s2.getClass()) { 4773 return false; 4774 } 4775 return s1.equals(s2); 4776 } 4777 4778 static boolean comparePermissionInfos(PermissionInfo pi1, PermissionInfo pi2) { 4779 if (pi1.icon != pi2.icon) return false; 4780 if (pi1.logo != pi2.logo) return false; 4781 if (pi1.protectionLevel != pi2.protectionLevel) return false; 4782 if (!compareStrings(pi1.name, pi2.name)) return false; 4783 if (!compareStrings(pi1.nonLocalizedLabel, pi2.nonLocalizedLabel)) return false; 4784 // We'll take care of setting this one. 4785 if (!compareStrings(pi1.packageName, pi2.packageName)) return false; 4786 // These are not currently stored in settings. 4787 //if (!compareStrings(pi1.group, pi2.group)) return false; 4788 //if (!compareStrings(pi1.nonLocalizedDescription, pi2.nonLocalizedDescription)) return false; 4789 //if (pi1.labelRes != pi2.labelRes) return false; 4790 //if (pi1.descriptionRes != pi2.descriptionRes) return false; 4791 return true; 4792 } 4793 4794 int permissionInfoFootprint(PermissionInfo info) { 4795 int size = info.name.length(); 4796 if (info.nonLocalizedLabel != null) size += info.nonLocalizedLabel.length(); 4797 if (info.nonLocalizedDescription != null) size += info.nonLocalizedDescription.length(); 4798 return size; 4799 } 4800 4801 int calculateCurrentPermissionFootprintLocked(BasePermission tree) { 4802 int size = 0; 4803 for (BasePermission perm : mSettings.mPermissions.values()) { 4804 if (perm.uid == tree.uid) { 4805 size += perm.name.length() + permissionInfoFootprint(perm.perm.info); 4806 } 4807 } 4808 return size; 4809 } 4810 4811 void enforcePermissionCapLocked(PermissionInfo info, BasePermission tree) { 4812 // We calculate the max size of permissions defined by this uid and throw 4813 // if that plus the size of 'info' would exceed our stated maximum. 4814 if (tree.uid != Process.SYSTEM_UID) { 4815 final int curTreeSize = calculateCurrentPermissionFootprintLocked(tree); 4816 if (curTreeSize + permissionInfoFootprint(info) > MAX_PERMISSION_TREE_FOOTPRINT) { 4817 throw new SecurityException("Permission tree size cap exceeded"); 4818 } 4819 } 4820 } 4821 4822 boolean addPermissionLocked(PermissionInfo info, boolean async) { 4823 if (info.labelRes == 0 && info.nonLocalizedLabel == null) { 4824 throw new SecurityException("Label must be specified in permission"); 4825 } 4826 BasePermission tree = checkPermissionTreeLP(info.name); 4827 BasePermission bp = mSettings.mPermissions.get(info.name); 4828 boolean added = bp == null; 4829 boolean changed = true; 4830 int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel); 4831 if (added) { 4832 enforcePermissionCapLocked(info, tree); 4833 bp = new BasePermission(info.name, tree.sourcePackage, 4834 BasePermission.TYPE_DYNAMIC); 4835 } else if (bp.type != BasePermission.TYPE_DYNAMIC) { 4836 throw new SecurityException( 4837 "Not allowed to modify non-dynamic permission " 4838 + info.name); 4839 } else { 4840 if (bp.protectionLevel == fixedLevel 4841 && bp.perm.owner.equals(tree.perm.owner) 4842 && bp.uid == tree.uid 4843 && comparePermissionInfos(bp.perm.info, info)) { 4844 changed = false; 4845 } 4846 } 4847 bp.protectionLevel = fixedLevel; 4848 info = new PermissionInfo(info); 4849 info.protectionLevel = fixedLevel; 4850 bp.perm = new PackageParser.Permission(tree.perm.owner, info); 4851 bp.perm.info.packageName = tree.perm.info.packageName; 4852 bp.uid = tree.uid; 4853 if (added) { 4854 mSettings.mPermissions.put(info.name, bp); 4855 } 4856 if (changed) { 4857 if (!async) { 4858 mSettings.writeLPr(); 4859 } else { 4860 scheduleWriteSettingsLocked(); 4861 } 4862 } 4863 return added; 4864 } 4865 4866 @Override 4867 public boolean addPermission(PermissionInfo info) { 4868 synchronized (mPackages) { 4869 return addPermissionLocked(info, false); 4870 } 4871 } 4872 4873 @Override 4874 public boolean addPermissionAsync(PermissionInfo info) { 4875 synchronized (mPackages) { 4876 return addPermissionLocked(info, true); 4877 } 4878 } 4879 4880 @Override 4881 public void removePermission(String name) { 4882 synchronized (mPackages) { 4883 checkPermissionTreeLP(name); 4884 BasePermission bp = mSettings.mPermissions.get(name); 4885 if (bp != null) { 4886 if (bp.type != BasePermission.TYPE_DYNAMIC) { 4887 throw new SecurityException( 4888 "Not allowed to modify non-dynamic permission " 4889 + name); 4890 } 4891 mSettings.mPermissions.remove(name); 4892 mSettings.writeLPr(); 4893 } 4894 } 4895 } 4896 4897 private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(PackageParser.Package pkg, 4898 BasePermission bp) { 4899 int index = pkg.requestedPermissions.indexOf(bp.name); 4900 if (index == -1) { 4901 throw new SecurityException("Package " + pkg.packageName 4902 + " has not requested permission " + bp.name); 4903 } 4904 if (!bp.isRuntime() && !bp.isDevelopment()) { 4905 throw new SecurityException("Permission " + bp.name 4906 + " is not a changeable permission type"); 4907 } 4908 } 4909 4910 @Override 4911 public void grantRuntimePermission(String packageName, String name, final int userId) { 4912 grantRuntimePermission(packageName, name, userId, false /* Only if not fixed by policy */); 4913 } 4914 4915 private void grantRuntimePermission(String packageName, String name, final int userId, 4916 boolean overridePolicy) { 4917 if (!sUserManager.exists(userId)) { 4918 Log.e(TAG, "No such user:" + userId); 4919 return; 4920 } 4921 4922 mContext.enforceCallingOrSelfPermission( 4923 android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, 4924 "grantRuntimePermission"); 4925 4926 enforceCrossUserPermission(Binder.getCallingUid(), userId, 4927 true /* requireFullPermission */, true /* checkShell */, 4928 "grantRuntimePermission"); 4929 4930 final int uid; 4931 final SettingBase sb; 4932 4933 synchronized (mPackages) { 4934 final PackageParser.Package pkg = mPackages.get(packageName); 4935 if (pkg == null) { 4936 throw new IllegalArgumentException("Unknown package: " + packageName); 4937 } 4938 4939 final BasePermission bp = mSettings.mPermissions.get(name); 4940 if (bp == null) { 4941 throw new IllegalArgumentException("Unknown permission: " + name); 4942 } 4943 4944 enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(pkg, bp); 4945 4946 // If a permission review is required for legacy apps we represent 4947 // their permissions as always granted runtime ones since we need 4948 // to keep the review required permission flag per user while an 4949 // install permission's state is shared across all users. 4950 if (mPermissionReviewRequired 4951 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M 4952 && bp.isRuntime()) { 4953 return; 4954 } 4955 4956 uid = UserHandle.getUid(userId, pkg.applicationInfo.uid); 4957 sb = (SettingBase) pkg.mExtras; 4958 if (sb == null) { 4959 throw new IllegalArgumentException("Unknown package: " + packageName); 4960 } 4961 4962 final PermissionsState permissionsState = sb.getPermissionsState(); 4963 4964 final int flags = permissionsState.getPermissionFlags(name, userId); 4965 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { 4966 throw new SecurityException("Cannot grant system fixed permission " 4967 + name + " for package " + packageName); 4968 } 4969 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 4970 throw new SecurityException("Cannot grant policy fixed permission " 4971 + name + " for package " + packageName); 4972 } 4973 4974 if (bp.isDevelopment()) { 4975 // Development permissions must be handled specially, since they are not 4976 // normal runtime permissions. For now they apply to all users. 4977 if (permissionsState.grantInstallPermission(bp) != 4978 PermissionsState.PERMISSION_OPERATION_FAILURE) { 4979 scheduleWriteSettingsLocked(); 4980 } 4981 return; 4982 } 4983 4984 final PackageSetting ps = mSettings.mPackages.get(packageName); 4985 if (ps.getInstantApp(userId) && !bp.isInstant()) { 4986 throw new SecurityException("Cannot grant non-ephemeral permission" 4987 + name + " for package " + packageName); 4988 } 4989 4990 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) { 4991 Slog.w(TAG, "Cannot grant runtime permission to a legacy app"); 4992 return; 4993 } 4994 4995 final int result = permissionsState.grantRuntimePermission(bp, userId); 4996 switch (result) { 4997 case PermissionsState.PERMISSION_OPERATION_FAILURE: { 4998 return; 4999 } 5000 5001 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { 5002 final int appId = UserHandle.getAppId(pkg.applicationInfo.uid); 5003 mHandler.post(new Runnable() { 5004 @Override 5005 public void run() { 5006 killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED); 5007 } 5008 }); 5009 } 5010 break; 5011 } 5012 5013 if (bp.isRuntime()) { 5014 logPermissionGranted(mContext, name, packageName); 5015 } 5016 5017 mOnPermissionChangeListeners.onPermissionsChanged(uid); 5018 5019 // Not critical if that is lost - app has to request again. 5020 mSettings.writeRuntimePermissionsForUserLPr(userId, false); 5021 } 5022 5023 // Only need to do this if user is initialized. Otherwise it's a new user 5024 // and there are no processes running as the user yet and there's no need 5025 // to make an expensive call to remount processes for the changed permissions. 5026 if (READ_EXTERNAL_STORAGE.equals(name) 5027 || WRITE_EXTERNAL_STORAGE.equals(name)) { 5028 final long token = Binder.clearCallingIdentity(); 5029 try { 5030 if (sUserManager.isInitialized(userId)) { 5031 StorageManagerInternal storageManagerInternal = LocalServices.getService( 5032 StorageManagerInternal.class); 5033 storageManagerInternal.onExternalStoragePolicyChanged(uid, packageName); 5034 } 5035 } finally { 5036 Binder.restoreCallingIdentity(token); 5037 } 5038 } 5039 } 5040 5041 @Override 5042 public void revokeRuntimePermission(String packageName, String name, int userId) { 5043 revokeRuntimePermission(packageName, name, userId, false /* Only if not fixed by policy */); 5044 } 5045 5046 private void revokeRuntimePermission(String packageName, String name, int userId, 5047 boolean overridePolicy) { 5048 if (!sUserManager.exists(userId)) { 5049 Log.e(TAG, "No such user:" + userId); 5050 return; 5051 } 5052 5053 mContext.enforceCallingOrSelfPermission( 5054 android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, 5055 "revokeRuntimePermission"); 5056 5057 enforceCrossUserPermission(Binder.getCallingUid(), userId, 5058 true /* requireFullPermission */, true /* checkShell */, 5059 "revokeRuntimePermission"); 5060 5061 final int appId; 5062 5063 synchronized (mPackages) { 5064 final PackageParser.Package pkg = mPackages.get(packageName); 5065 if (pkg == null) { 5066 throw new IllegalArgumentException("Unknown package: " + packageName); 5067 } 5068 5069 final BasePermission bp = mSettings.mPermissions.get(name); 5070 if (bp == null) { 5071 throw new IllegalArgumentException("Unknown permission: " + name); 5072 } 5073 5074 enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(pkg, bp); 5075 5076 // If a permission review is required for legacy apps we represent 5077 // their permissions as always granted runtime ones since we need 5078 // to keep the review required permission flag per user while an 5079 // install permission's state is shared across all users. 5080 if (mPermissionReviewRequired 5081 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M 5082 && bp.isRuntime()) { 5083 return; 5084 } 5085 5086 SettingBase sb = (SettingBase) pkg.mExtras; 5087 if (sb == null) { 5088 throw new IllegalArgumentException("Unknown package: " + packageName); 5089 } 5090 5091 final PermissionsState permissionsState = sb.getPermissionsState(); 5092 5093 final int flags = permissionsState.getPermissionFlags(name, userId); 5094 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { 5095 throw new SecurityException("Cannot revoke system fixed permission " 5096 + name + " for package " + packageName); 5097 } 5098 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 5099 throw new SecurityException("Cannot revoke policy fixed permission " 5100 + name + " for package " + packageName); 5101 } 5102 5103 if (bp.isDevelopment()) { 5104 // Development permissions must be handled specially, since they are not 5105 // normal runtime permissions. For now they apply to all users. 5106 if (permissionsState.revokeInstallPermission(bp) != 5107 PermissionsState.PERMISSION_OPERATION_FAILURE) { 5108 scheduleWriteSettingsLocked(); 5109 } 5110 return; 5111 } 5112 5113 if (permissionsState.revokeRuntimePermission(bp, userId) == 5114 PermissionsState.PERMISSION_OPERATION_FAILURE) { 5115 return; 5116 } 5117 5118 if (bp.isRuntime()) { 5119 logPermissionRevoked(mContext, name, packageName); 5120 } 5121 5122 mOnPermissionChangeListeners.onPermissionsChanged(pkg.applicationInfo.uid); 5123 5124 // Critical, after this call app should never have the permission. 5125 mSettings.writeRuntimePermissionsForUserLPr(userId, true); 5126 5127 appId = UserHandle.getAppId(pkg.applicationInfo.uid); 5128 } 5129 5130 killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED); 5131 } 5132 5133 /** 5134 * Get the first event id for the permission. 5135 * 5136 * <p>There are four events for each permission: <ul> 5137 * <li>Request permission: first id + 0</li> 5138 * <li>Grant permission: first id + 1</li> 5139 * <li>Request for permission denied: first id + 2</li> 5140 * <li>Revoke permission: first id + 3</li> 5141 * </ul></p> 5142 * 5143 * @param name name of the permission 5144 * 5145 * @return The first event id for the permission 5146 */ 5147 private static int getBaseEventId(@NonNull String name) { 5148 int eventIdIndex = ALL_DANGEROUS_PERMISSIONS.indexOf(name); 5149 5150 if (eventIdIndex == -1) { 5151 if (AppOpsManager.permissionToOpCode(name) == AppOpsManager.OP_NONE 5152 || "user".equals(Build.TYPE)) { 5153 Log.i(TAG, "Unknown permission " + name); 5154 5155 return MetricsEvent.ACTION_PERMISSION_REQUEST_UNKNOWN; 5156 } else { 5157 // Most likely #ALL_DANGEROUS_PERMISSIONS needs to be updated. 5158 // 5159 // Also update 5160 // - EventLogger#ALL_DANGEROUS_PERMISSIONS 5161 // - metrics_constants.proto 5162 throw new IllegalStateException("Unknown permission " + name); 5163 } 5164 } 5165 5166 return MetricsEvent.ACTION_PERMISSION_REQUEST_READ_CALENDAR + eventIdIndex * 4; 5167 } 5168 5169 /** 5170 * Log that a permission was revoked. 5171 * 5172 * @param context Context of the caller 5173 * @param name name of the permission 5174 * @param packageName package permission if for 5175 */ 5176 private static void logPermissionRevoked(@NonNull Context context, @NonNull String name, 5177 @NonNull String packageName) { 5178 MetricsLogger.action(context, getBaseEventId(name) + 3, packageName); 5179 } 5180 5181 /** 5182 * Log that a permission request was granted. 5183 * 5184 * @param context Context of the caller 5185 * @param name name of the permission 5186 * @param packageName package permission if for 5187 */ 5188 private static void logPermissionGranted(@NonNull Context context, @NonNull String name, 5189 @NonNull String packageName) { 5190 MetricsLogger.action(context, getBaseEventId(name) + 1, packageName); 5191 } 5192 5193 @Override 5194 public void resetRuntimePermissions() { 5195 mContext.enforceCallingOrSelfPermission( 5196 android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, 5197 "revokeRuntimePermission"); 5198 5199 int callingUid = Binder.getCallingUid(); 5200 if (callingUid != Process.SYSTEM_UID && callingUid != 0) { 5201 mContext.enforceCallingOrSelfPermission( 5202 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, 5203 "resetRuntimePermissions"); 5204 } 5205 5206 synchronized (mPackages) { 5207 updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); 5208 for (int userId : UserManagerService.getInstance().getUserIds()) { 5209 final int packageCount = mPackages.size(); 5210 for (int i = 0; i < packageCount; i++) { 5211 PackageParser.Package pkg = mPackages.valueAt(i); 5212 if (!(pkg.mExtras instanceof PackageSetting)) { 5213 continue; 5214 } 5215 PackageSetting ps = (PackageSetting) pkg.mExtras; 5216 resetUserChangesToRuntimePermissionsAndFlagsLPw(ps, userId); 5217 } 5218 } 5219 } 5220 } 5221 5222 @Override 5223 public int getPermissionFlags(String name, String packageName, int userId) { 5224 if (!sUserManager.exists(userId)) { 5225 return 0; 5226 } 5227 5228 enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags"); 5229 5230 enforceCrossUserPermission(Binder.getCallingUid(), userId, 5231 true /* requireFullPermission */, false /* checkShell */, 5232 "getPermissionFlags"); 5233 5234 synchronized (mPackages) { 5235 final PackageParser.Package pkg = mPackages.get(packageName); 5236 if (pkg == null) { 5237 return 0; 5238 } 5239 5240 final BasePermission bp = mSettings.mPermissions.get(name); 5241 if (bp == null) { 5242 return 0; 5243 } 5244 5245 SettingBase sb = (SettingBase) pkg.mExtras; 5246 if (sb == null) { 5247 return 0; 5248 } 5249 5250 PermissionsState permissionsState = sb.getPermissionsState(); 5251 return permissionsState.getPermissionFlags(name, userId); 5252 } 5253 } 5254 5255 @Override 5256 public void updatePermissionFlags(String name, String packageName, int flagMask, 5257 int flagValues, int userId) { 5258 if (!sUserManager.exists(userId)) { 5259 return; 5260 } 5261 5262 enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags"); 5263 5264 enforceCrossUserPermission(Binder.getCallingUid(), userId, 5265 true /* requireFullPermission */, true /* checkShell */, 5266 "updatePermissionFlags"); 5267 5268 // Only the system can change these flags and nothing else. 5269 if (getCallingUid() != Process.SYSTEM_UID) { 5270 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 5271 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 5272 flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 5273 flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 5274 flagValues &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 5275 } 5276 5277 synchronized (mPackages) { 5278 final PackageParser.Package pkg = mPackages.get(packageName); 5279 if (pkg == null) { 5280 throw new IllegalArgumentException("Unknown package: " + packageName); 5281 } 5282 5283 final BasePermission bp = mSettings.mPermissions.get(name); 5284 if (bp == null) { 5285 throw new IllegalArgumentException("Unknown permission: " + name); 5286 } 5287 5288 SettingBase sb = (SettingBase) pkg.mExtras; 5289 if (sb == null) { 5290 throw new IllegalArgumentException("Unknown package: " + packageName); 5291 } 5292 5293 PermissionsState permissionsState = sb.getPermissionsState(); 5294 5295 boolean hadState = permissionsState.getRuntimePermissionState(name, userId) != null; 5296 5297 if (permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues)) { 5298 // Install and runtime permissions are stored in different places, 5299 // so figure out what permission changed and persist the change. 5300 if (permissionsState.getInstallPermissionState(name) != null) { 5301 scheduleWriteSettingsLocked(); 5302 } else if (permissionsState.getRuntimePermissionState(name, userId) != null 5303 || hadState) { 5304 mSettings.writeRuntimePermissionsForUserLPr(userId, false); 5305 } 5306 } 5307 } 5308 } 5309 5310 /** 5311 * Update the permission flags for all packages and runtime permissions of a user in order 5312 * to allow device or profile owner to remove POLICY_FIXED. 5313 */ 5314 @Override 5315 public void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId) { 5316 if (!sUserManager.exists(userId)) { 5317 return; 5318 } 5319 5320 enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlagsForAllApps"); 5321 5322 enforceCrossUserPermission(Binder.getCallingUid(), userId, 5323 true /* requireFullPermission */, true /* checkShell */, 5324 "updatePermissionFlagsForAllApps"); 5325 5326 // Only the system can change system fixed flags. 5327 if (getCallingUid() != Process.SYSTEM_UID) { 5328 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 5329 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 5330 } 5331 5332 synchronized (mPackages) { 5333 boolean changed = false; 5334 final int packageCount = mPackages.size(); 5335 for (int pkgIndex = 0; pkgIndex < packageCount; pkgIndex++) { 5336 final PackageParser.Package pkg = mPackages.valueAt(pkgIndex); 5337 SettingBase sb = (SettingBase) pkg.mExtras; 5338 if (sb == null) { 5339 continue; 5340 } 5341 PermissionsState permissionsState = sb.getPermissionsState(); 5342 changed |= permissionsState.updatePermissionFlagsForAllPermissions( 5343 userId, flagMask, flagValues); 5344 } 5345 if (changed) { 5346 mSettings.writeRuntimePermissionsForUserLPr(userId, false); 5347 } 5348 } 5349 } 5350 5351 private void enforceGrantRevokeRuntimePermissionPermissions(String message) { 5352 if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS) 5353 != PackageManager.PERMISSION_GRANTED 5354 && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) 5355 != PackageManager.PERMISSION_GRANTED) { 5356 throw new SecurityException(message + " requires " 5357 + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or " 5358 + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); 5359 } 5360 } 5361 5362 @Override 5363 public boolean shouldShowRequestPermissionRationale(String permissionName, 5364 String packageName, int userId) { 5365 if (UserHandle.getCallingUserId() != userId) { 5366 mContext.enforceCallingPermission( 5367 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, 5368 "canShowRequestPermissionRationale for user " + userId); 5369 } 5370 5371 final int uid = getPackageUid(packageName, MATCH_DEBUG_TRIAGED_MISSING, userId); 5372 if (UserHandle.getAppId(getCallingUid()) != UserHandle.getAppId(uid)) { 5373 return false; 5374 } 5375 5376 if (checkPermission(permissionName, packageName, userId) 5377 == PackageManager.PERMISSION_GRANTED) { 5378 return false; 5379 } 5380 5381 final int flags; 5382 5383 final long identity = Binder.clearCallingIdentity(); 5384 try { 5385 flags = getPermissionFlags(permissionName, 5386 packageName, userId); 5387 } finally { 5388 Binder.restoreCallingIdentity(identity); 5389 } 5390 5391 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 5392 | PackageManager.FLAG_PERMISSION_POLICY_FIXED 5393 | PackageManager.FLAG_PERMISSION_USER_FIXED; 5394 5395 if ((flags & fixedFlags) != 0) { 5396 return false; 5397 } 5398 5399 return (flags & PackageManager.FLAG_PERMISSION_USER_SET) != 0; 5400 } 5401 5402 @Override 5403 public void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener) { 5404 mContext.enforceCallingOrSelfPermission( 5405 Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS, 5406 "addOnPermissionsChangeListener"); 5407 5408 synchronized (mPackages) { 5409 mOnPermissionChangeListeners.addListenerLocked(listener); 5410 } 5411 } 5412 5413 @Override 5414 public void removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener) { 5415 synchronized (mPackages) { 5416 mOnPermissionChangeListeners.removeListenerLocked(listener); 5417 } 5418 } 5419 5420 @Override 5421 public boolean isProtectedBroadcast(String actionName) { 5422 synchronized (mPackages) { 5423 if (mProtectedBroadcasts.contains(actionName)) { 5424 return true; 5425 } else if (actionName != null) { 5426 // TODO: remove these terrible hacks 5427 if (actionName.startsWith("android.net.netmon.lingerExpired") 5428 || actionName.startsWith("com.android.server.sip.SipWakeupTimer") 5429 || actionName.startsWith("com.android.internal.telephony.data-reconnect") 5430 || actionName.startsWith("android.net.netmon.launchCaptivePortalApp")) { 5431 return true; 5432 } 5433 } 5434 } 5435 return false; 5436 } 5437 5438 @Override 5439 public int checkSignatures(String pkg1, String pkg2) { 5440 synchronized (mPackages) { 5441 final PackageParser.Package p1 = mPackages.get(pkg1); 5442 final PackageParser.Package p2 = mPackages.get(pkg2); 5443 if (p1 == null || p1.mExtras == null 5444 || p2 == null || p2.mExtras == null) { 5445 return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; 5446 } 5447 return compareSignatures(p1.mSignatures, p2.mSignatures); 5448 } 5449 } 5450 5451 @Override 5452 public int checkUidSignatures(int uid1, int uid2) { 5453 // Map to base uids. 5454 uid1 = UserHandle.getAppId(uid1); 5455 uid2 = UserHandle.getAppId(uid2); 5456 // reader 5457 synchronized (mPackages) { 5458 Signature[] s1; 5459 Signature[] s2; 5460 Object obj = mSettings.getUserIdLPr(uid1); 5461 if (obj != null) { 5462 if (obj instanceof SharedUserSetting) { 5463 s1 = ((SharedUserSetting)obj).signatures.mSignatures; 5464 } else if (obj instanceof PackageSetting) { 5465 s1 = ((PackageSetting)obj).signatures.mSignatures; 5466 } else { 5467 return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; 5468 } 5469 } else { 5470 return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; 5471 } 5472 obj = mSettings.getUserIdLPr(uid2); 5473 if (obj != null) { 5474 if (obj instanceof SharedUserSetting) { 5475 s2 = ((SharedUserSetting)obj).signatures.mSignatures; 5476 } else if (obj instanceof PackageSetting) { 5477 s2 = ((PackageSetting)obj).signatures.mSignatures; 5478 } else { 5479 return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; 5480 } 5481 } else { 5482 return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; 5483 } 5484 return compareSignatures(s1, s2); 5485 } 5486 } 5487 5488 /** 5489 * This method should typically only be used when granting or revoking 5490 * permissions, since the app may immediately restart after this call. 5491 * <p> 5492 * If you're doing surgery on app code/data, use {@link PackageFreezer} to 5493 * guard your work against the app being relaunched. 5494 */ 5495 private void killUid(int appId, int userId, String reason) { 5496 final long identity = Binder.clearCallingIdentity(); 5497 try { 5498 IActivityManager am = ActivityManager.getService(); 5499 if (am != null) { 5500 try { 5501 am.killUid(appId, userId, reason); 5502 } catch (RemoteException e) { 5503 /* ignore - same process */ 5504 } 5505 } 5506 } finally { 5507 Binder.restoreCallingIdentity(identity); 5508 } 5509 } 5510 5511 /** 5512 * Compares two sets of signatures. Returns: 5513 * <br /> 5514 * {@link PackageManager#SIGNATURE_NEITHER_SIGNED}: if both signature sets are null, 5515 * <br /> 5516 * {@link PackageManager#SIGNATURE_FIRST_NOT_SIGNED}: if the first signature set is null, 5517 * <br /> 5518 * {@link PackageManager#SIGNATURE_SECOND_NOT_SIGNED}: if the second signature set is null, 5519 * <br /> 5520 * {@link PackageManager#SIGNATURE_MATCH}: if the two signature sets are identical, 5521 * <br /> 5522 * {@link PackageManager#SIGNATURE_NO_MATCH}: if the two signature sets differ. 5523 */ 5524 static int compareSignatures(Signature[] s1, Signature[] s2) { 5525 if (s1 == null) { 5526 return s2 == null 5527 ? PackageManager.SIGNATURE_NEITHER_SIGNED 5528 : PackageManager.SIGNATURE_FIRST_NOT_SIGNED; 5529 } 5530 5531 if (s2 == null) { 5532 return PackageManager.SIGNATURE_SECOND_NOT_SIGNED; 5533 } 5534 5535 if (s1.length != s2.length) { 5536 return PackageManager.SIGNATURE_NO_MATCH; 5537 } 5538 5539 // Since both signature sets are of size 1, we can compare without HashSets. 5540 if (s1.length == 1) { 5541 return s1[0].equals(s2[0]) ? 5542 PackageManager.SIGNATURE_MATCH : 5543 PackageManager.SIGNATURE_NO_MATCH; 5544 } 5545 5546 ArraySet<Signature> set1 = new ArraySet<Signature>(); 5547 for (Signature sig : s1) { 5548 set1.add(sig); 5549 } 5550 ArraySet<Signature> set2 = new ArraySet<Signature>(); 5551 for (Signature sig : s2) { 5552 set2.add(sig); 5553 } 5554 // Make sure s2 contains all signatures in s1. 5555 if (set1.equals(set2)) { 5556 return PackageManager.SIGNATURE_MATCH; 5557 } 5558 return PackageManager.SIGNATURE_NO_MATCH; 5559 } 5560 5561 /** 5562 * If the database version for this type of package (internal storage or 5563 * external storage) is less than the version where package signatures 5564 * were updated, return true. 5565 */ 5566 private boolean isCompatSignatureUpdateNeeded(PackageParser.Package scannedPkg) { 5567 final VersionInfo ver = getSettingsVersionForPackage(scannedPkg); 5568 return ver.databaseVersion < DatabaseVersion.SIGNATURE_END_ENTITY; 5569 } 5570 5571 /** 5572 * Used for backward compatibility to make sure any packages with 5573 * certificate chains get upgraded to the new style. {@code existingSigs} 5574 * will be in the old format (since they were stored on disk from before the 5575 * system upgrade) and {@code scannedSigs} will be in the newer format. 5576 */ 5577 private int compareSignaturesCompat(PackageSignatures existingSigs, 5578 PackageParser.Package scannedPkg) { 5579 if (!isCompatSignatureUpdateNeeded(scannedPkg)) { 5580 return PackageManager.SIGNATURE_NO_MATCH; 5581 } 5582 5583 ArraySet<Signature> existingSet = new ArraySet<Signature>(); 5584 for (Signature sig : existingSigs.mSignatures) { 5585 existingSet.add(sig); 5586 } 5587 ArraySet<Signature> scannedCompatSet = new ArraySet<Signature>(); 5588 for (Signature sig : scannedPkg.mSignatures) { 5589 try { 5590 Signature[] chainSignatures = sig.getChainSignatures(); 5591 for (Signature chainSig : chainSignatures) { 5592 scannedCompatSet.add(chainSig); 5593 } 5594 } catch (CertificateEncodingException e) { 5595 scannedCompatSet.add(sig); 5596 } 5597 } 5598 /* 5599 * Make sure the expanded scanned set contains all signatures in the 5600 * existing one. 5601 */ 5602 if (scannedCompatSet.equals(existingSet)) { 5603 // Migrate the old signatures to the new scheme. 5604 existingSigs.assignSignatures(scannedPkg.mSignatures); 5605 // The new KeySets will be re-added later in the scanning process. 5606 synchronized (mPackages) { 5607 mSettings.mKeySetManagerService.removeAppKeySetDataLPw(scannedPkg.packageName); 5608 } 5609 return PackageManager.SIGNATURE_MATCH; 5610 } 5611 return PackageManager.SIGNATURE_NO_MATCH; 5612 } 5613 5614 private boolean isRecoverSignatureUpdateNeeded(PackageParser.Package scannedPkg) { 5615 final VersionInfo ver = getSettingsVersionForPackage(scannedPkg); 5616 return ver.databaseVersion < DatabaseVersion.SIGNATURE_MALFORMED_RECOVER; 5617 } 5618 5619 private int compareSignaturesRecover(PackageSignatures existingSigs, 5620 PackageParser.Package scannedPkg) { 5621 if (!isRecoverSignatureUpdateNeeded(scannedPkg)) { 5622 return PackageManager.SIGNATURE_NO_MATCH; 5623 } 5624 5625 String msg = null; 5626 try { 5627 if (Signature.areEffectiveMatch(existingSigs.mSignatures, scannedPkg.mSignatures)) { 5628 logCriticalInfo(Log.INFO, "Recovered effectively matching certificates for " 5629 + scannedPkg.packageName); 5630 return PackageManager.SIGNATURE_MATCH; 5631 } 5632 } catch (CertificateException e) { 5633 msg = e.getMessage(); 5634 } 5635 5636 logCriticalInfo(Log.INFO, 5637 "Failed to recover certificates for " + scannedPkg.packageName + ": " + msg); 5638 return PackageManager.SIGNATURE_NO_MATCH; 5639 } 5640 5641 @Override 5642 public List<String> getAllPackages() { 5643 synchronized (mPackages) { 5644 return new ArrayList<String>(mPackages.keySet()); 5645 } 5646 } 5647 5648 @Override 5649 public String[] getPackagesForUid(int uid) { 5650 final int userId = UserHandle.getUserId(uid); 5651 uid = UserHandle.getAppId(uid); 5652 // reader 5653 synchronized (mPackages) { 5654 Object obj = mSettings.getUserIdLPr(uid); 5655 if (obj instanceof SharedUserSetting) { 5656 final SharedUserSetting sus = (SharedUserSetting) obj; 5657 final int N = sus.packages.size(); 5658 String[] res = new String[N]; 5659 final Iterator<PackageSetting> it = sus.packages.iterator(); 5660 int i = 0; 5661 while (it.hasNext()) { 5662 PackageSetting ps = it.next(); 5663 if (ps.getInstalled(userId)) { 5664 res[i++] = ps.name; 5665 } else { 5666 res = ArrayUtils.removeElement(String.class, res, res[i]); 5667 } 5668 } 5669 return res; 5670 } else if (obj instanceof PackageSetting) { 5671 final PackageSetting ps = (PackageSetting) obj; 5672 if (ps.getInstalled(userId)) { 5673 return new String[]{ps.name}; 5674 } 5675 } 5676 } 5677 return null; 5678 } 5679 5680 @Override 5681 public String getNameForUid(int uid) { 5682 // reader 5683 synchronized (mPackages) { 5684 Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); 5685 if (obj instanceof SharedUserSetting) { 5686 final SharedUserSetting sus = (SharedUserSetting) obj; 5687 return sus.name + ":" + sus.userId; 5688 } else if (obj instanceof PackageSetting) { 5689 final PackageSetting ps = (PackageSetting) obj; 5690 return ps.name; 5691 } 5692 } 5693 return null; 5694 } 5695 5696 @Override 5697 public int getUidForSharedUser(String sharedUserName) { 5698 if(sharedUserName == null) { 5699 return -1; 5700 } 5701 // reader 5702 synchronized (mPackages) { 5703 SharedUserSetting suid; 5704 try { 5705 suid = mSettings.getSharedUserLPw(sharedUserName, 0, 0, false); 5706 if (suid != null) { 5707 return suid.userId; 5708 } 5709 } catch (PackageManagerException ignore) { 5710 // can't happen, but, still need to catch it 5711 } 5712 return -1; 5713 } 5714 } 5715 5716 @Override 5717 public int getFlagsForUid(int uid) { 5718 synchronized (mPackages) { 5719 Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); 5720 if (obj instanceof SharedUserSetting) { 5721 final SharedUserSetting sus = (SharedUserSetting) obj; 5722 return sus.pkgFlags; 5723 } else if (obj instanceof PackageSetting) { 5724 final PackageSetting ps = (PackageSetting) obj; 5725 return ps.pkgFlags; 5726 } 5727 } 5728 return 0; 5729 } 5730 5731 @Override 5732 public int getPrivateFlagsForUid(int uid) { 5733 synchronized (mPackages) { 5734 Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); 5735 if (obj instanceof SharedUserSetting) { 5736 final SharedUserSetting sus = (SharedUserSetting) obj; 5737 return sus.pkgPrivateFlags; 5738 } else if (obj instanceof PackageSetting) { 5739 final PackageSetting ps = (PackageSetting) obj; 5740 return ps.pkgPrivateFlags; 5741 } 5742 } 5743 return 0; 5744 } 5745 5746 @Override 5747 public boolean isUidPrivileged(int uid) { 5748 uid = UserHandle.getAppId(uid); 5749 // reader 5750 synchronized (mPackages) { 5751 Object obj = mSettings.getUserIdLPr(uid); 5752 if (obj instanceof SharedUserSetting) { 5753 final SharedUserSetting sus = (SharedUserSetting) obj; 5754 final Iterator<PackageSetting> it = sus.packages.iterator(); 5755 while (it.hasNext()) { 5756 if (it.next().isPrivileged()) { 5757 return true; 5758 } 5759 } 5760 } else if (obj instanceof PackageSetting) { 5761 final PackageSetting ps = (PackageSetting) obj; 5762 return ps.isPrivileged(); 5763 } 5764 } 5765 return false; 5766 } 5767 5768 @Override 5769 public String[] getAppOpPermissionPackages(String permissionName) { 5770 synchronized (mPackages) { 5771 ArraySet<String> pkgs = mAppOpPermissionPackages.get(permissionName); 5772 if (pkgs == null) { 5773 return null; 5774 } 5775 return pkgs.toArray(new String[pkgs.size()]); 5776 } 5777 } 5778 5779 @Override 5780 public ResolveInfo resolveIntent(Intent intent, String resolvedType, 5781 int flags, int userId) { 5782 return resolveIntentInternal( 5783 intent, resolvedType, flags, userId, false /*includeInstantApps*/); 5784 } 5785 5786 private ResolveInfo resolveIntentInternal(Intent intent, String resolvedType, 5787 int flags, int userId, boolean resolveForStart) { 5788 try { 5789 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "resolveIntent"); 5790 5791 if (!sUserManager.exists(userId)) return null; 5792 final int callingUid = Binder.getCallingUid(); 5793 flags = updateFlagsForResolve(flags, userId, intent, callingUid, resolveForStart); 5794 enforceCrossUserPermission(callingUid, userId, 5795 false /*requireFullPermission*/, false /*checkShell*/, "resolve intent"); 5796 5797 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "queryIntentActivities"); 5798 final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType, 5799 flags, userId, resolveForStart); 5800 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 5801 5802 final ResolveInfo bestChoice = 5803 chooseBestActivity(intent, resolvedType, flags, query, userId); 5804 return bestChoice; 5805 } finally { 5806 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 5807 } 5808 } 5809 5810 @Override 5811 public ResolveInfo findPersistentPreferredActivity(Intent intent, int userId) { 5812 if (!UserHandle.isSameApp(Binder.getCallingUid(), Process.SYSTEM_UID)) { 5813 throw new SecurityException( 5814 "findPersistentPreferredActivity can only be run by the system"); 5815 } 5816 if (!sUserManager.exists(userId)) { 5817 return null; 5818 } 5819 final int callingUid = Binder.getCallingUid(); 5820 intent = updateIntentForResolve(intent); 5821 final String resolvedType = intent.resolveTypeIfNeeded(mContext.getContentResolver()); 5822 final int flags = updateFlagsForResolve( 5823 0, userId, intent, callingUid, false /*includeInstantApps*/); 5824 final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType, flags, 5825 userId); 5826 synchronized (mPackages) { 5827 return findPersistentPreferredActivityLP(intent, resolvedType, flags, query, false, 5828 userId); 5829 } 5830 } 5831 5832 @Override 5833 public void setLastChosenActivity(Intent intent, String resolvedType, int flags, 5834 IntentFilter filter, int match, ComponentName activity) { 5835 final int userId = UserHandle.getCallingUserId(); 5836 if (DEBUG_PREFERRED) { 5837 Log.v(TAG, "setLastChosenActivity intent=" + intent 5838 + " resolvedType=" + resolvedType 5839 + " flags=" + flags 5840 + " filter=" + filter 5841 + " match=" + match 5842 + " activity=" + activity); 5843 filter.dump(new PrintStreamPrinter(System.out), " "); 5844 } 5845 intent.setComponent(null); 5846 final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType, flags, 5847 userId); 5848 // Find any earlier preferred or last chosen entries and nuke them 5849 findPreferredActivity(intent, resolvedType, 5850 flags, query, 0, false, true, false, userId); 5851 // Add the new activity as the last chosen for this filter 5852 addPreferredActivityInternal(filter, match, null, activity, false, userId, 5853 "Setting last chosen"); 5854 } 5855 5856 @Override 5857 public ResolveInfo getLastChosenActivity(Intent intent, String resolvedType, int flags) { 5858 final int userId = UserHandle.getCallingUserId(); 5859 if (DEBUG_PREFERRED) Log.v(TAG, "Querying last chosen activity for " + intent); 5860 final List<ResolveInfo> query = queryIntentActivitiesInternal(intent, resolvedType, flags, 5861 userId); 5862 return findPreferredActivity(intent, resolvedType, flags, query, 0, 5863 false, false, false, userId); 5864 } 5865 5866 /** 5867 * Returns whether or not instant apps have been disabled remotely. 5868 */ 5869 private boolean isEphemeralDisabled() { 5870 return mEphemeralAppsDisabled; 5871 } 5872 5873 private boolean isEphemeralAllowed( 5874 Intent intent, List<ResolveInfo> resolvedActivities, int userId, 5875 boolean skipPackageCheck) { 5876 final int callingUser = UserHandle.getCallingUserId(); 5877 if (mInstantAppResolverConnection == null) { 5878 return false; 5879 } 5880 if (mInstantAppInstallerActivity == null) { 5881 return false; 5882 } 5883 if (intent.getComponent() != null) { 5884 return false; 5885 } 5886 if ((intent.getFlags() & Intent.FLAG_IGNORE_EPHEMERAL) != 0) { 5887 return false; 5888 } 5889 if (!skipPackageCheck && intent.getPackage() != null) { 5890 return false; 5891 } 5892 final boolean isWebUri = hasWebURI(intent); 5893 if (!isWebUri || intent.getData().getHost() == null) { 5894 return false; 5895 } 5896 // Deny ephemeral apps if the user chose _ALWAYS or _ALWAYS_ASK for intent resolution. 5897 // Or if there's already an ephemeral app installed that handles the action 5898 synchronized (mPackages) { 5899 final int count = (resolvedActivities == null ? 0 : resolvedActivities.size()); 5900 for (int n = 0; n < count; n++) { 5901 final ResolveInfo info = resolvedActivities.get(n); 5902 final String packageName = info.activityInfo.packageName; 5903 final PackageSetting ps = mSettings.mPackages.get(packageName); 5904 if (ps != null) { 5905 // only check domain verification status if the app is not a browser 5906 if (!info.handleAllWebDataURI) { 5907 // Try to get the status from User settings first 5908 final long packedStatus = getDomainVerificationStatusLPr(ps, userId); 5909 final int status = (int) (packedStatus >> 32); 5910 if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS 5911 || status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK) { 5912 if (DEBUG_EPHEMERAL) { 5913 Slog.v(TAG, "DENY instant app;" 5914 + " pkg: " + packageName + ", status: " + status); 5915 } 5916 return false; 5917 } 5918 } 5919 if (ps.getInstantApp(userId)) { 5920 if (DEBUG_EPHEMERAL) { 5921 Slog.v(TAG, "DENY instant app installed;" 5922 + " pkg: " + packageName); 5923 } 5924 return false; 5925 } 5926 } 5927 } 5928 } 5929 // We've exhausted all ways to deny ephemeral application; let the system look for them. 5930 return true; 5931 } 5932 5933 private void requestInstantAppResolutionPhaseTwo(AuxiliaryResolveInfo responseObj, 5934 Intent origIntent, String resolvedType, String callingPackage, 5935 Bundle verificationBundle, int userId) { 5936 final Message msg = mHandler.obtainMessage(INSTANT_APP_RESOLUTION_PHASE_TWO, 5937 new InstantAppRequest(responseObj, origIntent, resolvedType, 5938 callingPackage, userId, verificationBundle)); 5939 mHandler.sendMessage(msg); 5940 } 5941 5942 private ResolveInfo chooseBestActivity(Intent intent, String resolvedType, 5943 int flags, List<ResolveInfo> query, int userId) { 5944 if (query != null) { 5945 final int N = query.size(); 5946 if (N == 1) { 5947 return query.get(0); 5948 } else if (N > 1) { 5949 final boolean debug = ((intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0); 5950 // If there is more than one activity with the same priority, 5951 // then let the user decide between them. 5952 ResolveInfo r0 = query.get(0); 5953 ResolveInfo r1 = query.get(1); 5954 if (DEBUG_INTENT_MATCHING || debug) { 5955 Slog.v(TAG, r0.activityInfo.name + "=" + r0.priority + " vs " 5956 + r1.activityInfo.name + "=" + r1.priority); 5957 } 5958 // If the first activity has a higher priority, or a different 5959 // default, then it is always desirable to pick it. 5960 if (r0.priority != r1.priority 5961 || r0.preferredOrder != r1.preferredOrder 5962 || r0.isDefault != r1.isDefault) { 5963 return query.get(0); 5964 } 5965 // If we have saved a preference for a preferred activity for 5966 // this Intent, use that. 5967 ResolveInfo ri = findPreferredActivity(intent, resolvedType, 5968 flags, query, r0.priority, true, false, debug, userId); 5969 if (ri != null) { 5970 return ri; 5971 } 5972 // If we have an ephemeral app, use it 5973 for (int i = 0; i < N; i++) { 5974 ri = query.get(i); 5975 if (ri.activityInfo.applicationInfo.isInstantApp()) { 5976 return ri; 5977 } 5978 } 5979 ri = new ResolveInfo(mResolveInfo); 5980 ri.activityInfo = new ActivityInfo(ri.activityInfo); 5981 ri.activityInfo.labelRes = ResolverActivity.getLabelRes(intent.getAction()); 5982 // If all of the options come from the same package, show the application's 5983 // label and icon instead of the generic resolver's. 5984 // Some calls like Intent.resolveActivityInfo query the ResolveInfo from here 5985 // and then throw away the ResolveInfo itself, meaning that the caller loses 5986 // the resolvePackageName. Therefore the activityInfo.labelRes above provides 5987 // a fallback for this case; we only set the target package's resources on 5988 // the ResolveInfo, not the ActivityInfo. 5989 final String intentPackage = intent.getPackage(); 5990 if (!TextUtils.isEmpty(intentPackage) && allHavePackage(query, intentPackage)) { 5991 final ApplicationInfo appi = query.get(0).activityInfo.applicationInfo; 5992 ri.resolvePackageName = intentPackage; 5993 if (userNeedsBadging(userId)) { 5994 ri.noResourceId = true; 5995 } else { 5996 ri.icon = appi.icon; 5997 } 5998 ri.iconResourceId = appi.icon; 5999 ri.labelRes = appi.labelRes; 6000 } 6001 ri.activityInfo.applicationInfo = new ApplicationInfo( 6002 ri.activityInfo.applicationInfo); 6003 if (userId != 0) { 6004 ri.activityInfo.applicationInfo.uid = UserHandle.getUid(userId, 6005 UserHandle.getAppId(ri.activityInfo.applicationInfo.uid)); 6006 } 6007 // Make sure that the resolver is displayable in car mode 6008 if (ri.activityInfo.metaData == null) ri.activityInfo.metaData = new Bundle(); 6009 ri.activityInfo.metaData.putBoolean(Intent.METADATA_DOCK_HOME, true); 6010 return ri; 6011 } 6012 } 6013 return null; 6014 } 6015 6016 /** 6017 * Return true if the given list is not empty and all of its contents have 6018 * an activityInfo with the given package name. 6019 */ 6020 private boolean allHavePackage(List<ResolveInfo> list, String packageName) { 6021 if (ArrayUtils.isEmpty(list)) { 6022 return false; 6023 } 6024 for (int i = 0, N = list.size(); i < N; i++) { 6025 final ResolveInfo ri = list.get(i); 6026 final ActivityInfo ai = ri != null ? ri.activityInfo : null; 6027 if (ai == null || !packageName.equals(ai.packageName)) { 6028 return false; 6029 } 6030 } 6031 return true; 6032 } 6033 6034 private ResolveInfo findPersistentPreferredActivityLP(Intent intent, String resolvedType, 6035 int flags, List<ResolveInfo> query, boolean debug, int userId) { 6036 final int N = query.size(); 6037 PersistentPreferredIntentResolver ppir = mSettings.mPersistentPreferredActivities 6038 .get(userId); 6039 // Get the list of persistent preferred activities that handle the intent 6040 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Looking for presistent preferred activities..."); 6041 List<PersistentPreferredActivity> pprefs = ppir != null 6042 ? ppir.queryIntent(intent, resolvedType, 6043 (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, 6044 userId) 6045 : null; 6046 if (pprefs != null && pprefs.size() > 0) { 6047 final int M = pprefs.size(); 6048 for (int i=0; i<M; i++) { 6049 final PersistentPreferredActivity ppa = pprefs.get(i); 6050 if (DEBUG_PREFERRED || debug) { 6051 Slog.v(TAG, "Checking PersistentPreferredActivity ds=" 6052 + (ppa.countDataSchemes() > 0 ? ppa.getDataScheme(0) : "<none>") 6053 + "\n component=" + ppa.mComponent); 6054 ppa.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); 6055 } 6056 final ActivityInfo ai = getActivityInfo(ppa.mComponent, 6057 flags | MATCH_DISABLED_COMPONENTS, userId); 6058 if (DEBUG_PREFERRED || debug) { 6059 Slog.v(TAG, "Found persistent preferred activity:"); 6060 if (ai != null) { 6061 ai.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); 6062 } else { 6063 Slog.v(TAG, " null"); 6064 } 6065 } 6066 if (ai == null) { 6067 // This previously registered persistent preferred activity 6068 // component is no longer known. Ignore it and do NOT remove it. 6069 continue; 6070 } 6071 for (int j=0; j<N; j++) { 6072 final ResolveInfo ri = query.get(j); 6073 if (!ri.activityInfo.applicationInfo.packageName 6074 .equals(ai.applicationInfo.packageName)) { 6075 continue; 6076 } 6077 if (!ri.activityInfo.name.equals(ai.name)) { 6078 continue; 6079 } 6080 // Found a persistent preference that can handle the intent. 6081 if (DEBUG_PREFERRED || debug) { 6082 Slog.v(TAG, "Returning persistent preferred activity: " + 6083 ri.activityInfo.packageName + "/" + ri.activityInfo.name); 6084 } 6085 return ri; 6086 } 6087 } 6088 } 6089 return null; 6090 } 6091 6092 // TODO: handle preferred activities missing while user has amnesia 6093 ResolveInfo findPreferredActivity(Intent intent, String resolvedType, int flags, 6094 List<ResolveInfo> query, int priority, boolean always, 6095 boolean removeMatches, boolean debug, int userId) { 6096 if (!sUserManager.exists(userId)) return null; 6097 final int callingUid = Binder.getCallingUid(); 6098 flags = updateFlagsForResolve( 6099 flags, userId, intent, callingUid, false /*includeInstantApps*/); 6100 intent = updateIntentForResolve(intent); 6101 // writer 6102 synchronized (mPackages) { 6103 // Try to find a matching persistent preferred activity. 6104 ResolveInfo pri = findPersistentPreferredActivityLP(intent, resolvedType, flags, query, 6105 debug, userId); 6106 6107 // If a persistent preferred activity matched, use it. 6108 if (pri != null) { 6109 return pri; 6110 } 6111 6112 PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); 6113 // Get the list of preferred activities that handle the intent 6114 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Looking for preferred activities..."); 6115 List<PreferredActivity> prefs = pir != null 6116 ? pir.queryIntent(intent, resolvedType, 6117 (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, 6118 userId) 6119 : null; 6120 if (prefs != null && prefs.size() > 0) { 6121 boolean changed = false; 6122 try { 6123 // First figure out how good the original match set is. 6124 // We will only allow preferred activities that came 6125 // from the same match quality. 6126 int match = 0; 6127 6128 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Figuring out best match..."); 6129 6130 final int N = query.size(); 6131 for (int j=0; j<N; j++) { 6132 final ResolveInfo ri = query.get(j); 6133 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Match for " + ri.activityInfo 6134 + ": 0x" + Integer.toHexString(match)); 6135 if (ri.match > match) { 6136 match = ri.match; 6137 } 6138 } 6139 6140 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Best match: 0x" 6141 + Integer.toHexString(match)); 6142 6143 match &= IntentFilter.MATCH_CATEGORY_MASK; 6144 final int M = prefs.size(); 6145 for (int i=0; i<M; i++) { 6146 final PreferredActivity pa = prefs.get(i); 6147 if (DEBUG_PREFERRED || debug) { 6148 Slog.v(TAG, "Checking PreferredActivity ds=" 6149 + (pa.countDataSchemes() > 0 ? pa.getDataScheme(0) : "<none>") 6150 + "\n component=" + pa.mPref.mComponent); 6151 pa.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); 6152 } 6153 if (pa.mPref.mMatch != match) { 6154 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Skipping bad match " 6155 + Integer.toHexString(pa.mPref.mMatch)); 6156 continue; 6157 } 6158 // If it's not an "always" type preferred activity and that's what we're 6159 // looking for, skip it. 6160 if (always && !pa.mPref.mAlways) { 6161 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Skipping mAlways=false entry"); 6162 continue; 6163 } 6164 final ActivityInfo ai = getActivityInfo( 6165 pa.mPref.mComponent, flags | MATCH_DISABLED_COMPONENTS 6166 | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, 6167 userId); 6168 if (DEBUG_PREFERRED || debug) { 6169 Slog.v(TAG, "Found preferred activity:"); 6170 if (ai != null) { 6171 ai.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); 6172 } else { 6173 Slog.v(TAG, " null"); 6174 } 6175 } 6176 if (ai == null) { 6177 // This previously registered preferred activity 6178 // component is no longer known. Most likely an update 6179 // to the app was installed and in the new version this 6180 // component no longer exists. Clean it up by removing 6181 // it from the preferred activities list, and skip it. 6182 Slog.w(TAG, "Removing dangling preferred activity: " 6183 + pa.mPref.mComponent); 6184 pir.removeFilter(pa); 6185 changed = true; 6186 continue; 6187 } 6188 for (int j=0; j<N; j++) { 6189 final ResolveInfo ri = query.get(j); 6190 if (!ri.activityInfo.applicationInfo.packageName 6191 .equals(ai.applicationInfo.packageName)) { 6192 continue; 6193 } 6194 if (!ri.activityInfo.name.equals(ai.name)) { 6195 continue; 6196 } 6197 6198 if (removeMatches) { 6199 pir.removeFilter(pa); 6200 changed = true; 6201 if (DEBUG_PREFERRED) { 6202 Slog.v(TAG, "Removing match " + pa.mPref.mComponent); 6203 } 6204 break; 6205 } 6206 6207 // Okay we found a previously set preferred or last chosen app. 6208 // If the result set is different from when this 6209 // was created, we need to clear it and re-ask the 6210 // user their preference, if we're looking for an "always" type entry. 6211 if (always && !pa.mPref.sameSet(query)) { 6212 Slog.i(TAG, "Result set changed, dropping preferred activity for " 6213 + intent + " type " + resolvedType); 6214 if (DEBUG_PREFERRED) { 6215 Slog.v(TAG, "Removing preferred activity since set changed " 6216 + pa.mPref.mComponent); 6217 } 6218 pir.removeFilter(pa); 6219 // Re-add the filter as a "last chosen" entry (!always) 6220 PreferredActivity lastChosen = new PreferredActivity( 6221 pa, pa.mPref.mMatch, null, pa.mPref.mComponent, false); 6222 pir.addFilter(lastChosen); 6223 changed = true; 6224 return null; 6225 } 6226 6227 // Yay! Either the set matched or we're looking for the last chosen 6228 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Returning preferred activity: " 6229 + ri.activityInfo.packageName + "/" + ri.activityInfo.name); 6230 return ri; 6231 } 6232 } 6233 } finally { 6234 if (changed) { 6235 if (DEBUG_PREFERRED) { 6236 Slog.v(TAG, "Preferred activity bookkeeping changed; writing restrictions"); 6237 } 6238 scheduleWritePackageRestrictionsLocked(userId); 6239 } 6240 } 6241 } 6242 } 6243 if (DEBUG_PREFERRED || debug) Slog.v(TAG, "No preferred activity to return"); 6244 return null; 6245 } 6246 6247 /* 6248 * Returns if intent can be forwarded from the sourceUserId to the targetUserId 6249 */ 6250 @Override 6251 public boolean canForwardTo(Intent intent, String resolvedType, int sourceUserId, 6252 int targetUserId) { 6253 mContext.enforceCallingOrSelfPermission( 6254 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null); 6255 List<CrossProfileIntentFilter> matches = 6256 getMatchingCrossProfileIntentFilters(intent, resolvedType, sourceUserId); 6257 if (matches != null) { 6258 int size = matches.size(); 6259 for (int i = 0; i < size; i++) { 6260 if (matches.get(i).getTargetUserId() == targetUserId) return true; 6261 } 6262 } 6263 if (hasWebURI(intent)) { 6264 // cross-profile app linking works only towards the parent. 6265 final int callingUid = Binder.getCallingUid(); 6266 final UserInfo parent = getProfileParent(sourceUserId); 6267 synchronized(mPackages) { 6268 int flags = updateFlagsForResolve(0, parent.id, intent, callingUid, 6269 false /*includeInstantApps*/); 6270 CrossProfileDomainInfo xpDomainInfo = getCrossProfileDomainPreferredLpr( 6271 intent, resolvedType, flags, sourceUserId, parent.id); 6272 return xpDomainInfo != null; 6273 } 6274 } 6275 return false; 6276 } 6277 6278 private UserInfo getProfileParent(int userId) { 6279 final long identity = Binder.clearCallingIdentity(); 6280 try { 6281 return sUserManager.getProfileParent(userId); 6282 } finally { 6283 Binder.restoreCallingIdentity(identity); 6284 } 6285 } 6286 6287 private List<CrossProfileIntentFilter> getMatchingCrossProfileIntentFilters(Intent intent, 6288 String resolvedType, int userId) { 6289 CrossProfileIntentResolver resolver = mSettings.mCrossProfileIntentResolvers.get(userId); 6290 if (resolver != null) { 6291 return resolver.queryIntent(intent, resolvedType, false /*defaultOnly*/, userId); 6292 } 6293 return null; 6294 } 6295 6296 @Override 6297 public @NonNull ParceledListSlice<ResolveInfo> queryIntentActivities(Intent intent, 6298 String resolvedType, int flags, int userId) { 6299 try { 6300 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "queryIntentActivities"); 6301 6302 return new ParceledListSlice<>( 6303 queryIntentActivitiesInternal(intent, resolvedType, flags, userId)); 6304 } finally { 6305 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 6306 } 6307 } 6308 6309 /** 6310 * Returns the package name of the calling Uid if it's an instant app. If it isn't 6311 * instant, returns {@code null}. 6312 */ 6313 private String getInstantAppPackageName(int callingUid) { 6314 // If the caller is an isolated app use the owner's uid for the lookup. 6315 if (Process.isIsolated(callingUid)) { 6316 callingUid = mIsolatedOwners.get(callingUid); 6317 } 6318 final int appId = UserHandle.getAppId(callingUid); 6319 synchronized (mPackages) { 6320 final Object obj = mSettings.getUserIdLPr(appId); 6321 if (obj instanceof PackageSetting) { 6322 final PackageSetting ps = (PackageSetting) obj; 6323 final boolean isInstantApp = ps.getInstantApp(UserHandle.getUserId(callingUid)); 6324 return isInstantApp ? ps.pkg.packageName : null; 6325 } 6326 } 6327 return null; 6328 } 6329 6330 private @NonNull List<ResolveInfo> queryIntentActivitiesInternal(Intent intent, 6331 String resolvedType, int flags, int userId) { 6332 return queryIntentActivitiesInternal(intent, resolvedType, flags, userId, false); 6333 } 6334 6335 private @NonNull List<ResolveInfo> queryIntentActivitiesInternal(Intent intent, 6336 String resolvedType, int flags, int userId, boolean resolveForStart) { 6337 if (!sUserManager.exists(userId)) return Collections.emptyList(); 6338 final int callingUid = Binder.getCallingUid(); 6339 final String instantAppPkgName = getInstantAppPackageName(callingUid); 6340 enforceCrossUserPermission(callingUid, userId, 6341 false /* requireFullPermission */, false /* checkShell */, 6342 "query intent activities"); 6343 final String pkgName = intent.getPackage(); 6344 ComponentName comp = intent.getComponent(); 6345 if (comp == null) { 6346 if (intent.getSelector() != null) { 6347 intent = intent.getSelector(); 6348 comp = intent.getComponent(); 6349 } 6350 } 6351 6352 flags = updateFlagsForResolve(flags, userId, intent, callingUid, resolveForStart, 6353 comp != null || pkgName != null /*onlyExposedExplicitly*/); 6354 if (comp != null) { 6355 final List<ResolveInfo> list = new ArrayList<ResolveInfo>(1); 6356 final ActivityInfo ai = getActivityInfo(comp, flags, userId); 6357 if (ai != null) { 6358 // When specifying an explicit component, we prevent the activity from being 6359 // used when either 1) the calling package is normal and the activity is within 6360 // an ephemeral application or 2) the calling package is ephemeral and the 6361 // activity is not visible to ephemeral applications. 6362 final boolean matchInstantApp = 6363 (flags & PackageManager.MATCH_INSTANT) != 0; 6364 final boolean matchVisibleToInstantAppOnly = 6365 (flags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 6366 final boolean matchExplicitlyVisibleOnly = 6367 (flags & PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY) != 0; 6368 final boolean isCallerInstantApp = 6369 instantAppPkgName != null; 6370 final boolean isTargetSameInstantApp = 6371 comp.getPackageName().equals(instantAppPkgName); 6372 final boolean isTargetInstantApp = 6373 (ai.applicationInfo.privateFlags 6374 & ApplicationInfo.PRIVATE_FLAG_INSTANT) != 0; 6375 final boolean isTargetVisibleToInstantApp = 6376 (ai.flags & ActivityInfo.FLAG_VISIBLE_TO_INSTANT_APP) != 0; 6377 final boolean isTargetExplicitlyVisibleToInstantApp = 6378 isTargetVisibleToInstantApp 6379 && (ai.flags & ActivityInfo.FLAG_IMPLICITLY_VISIBLE_TO_INSTANT_APP) == 0; 6380 final boolean isTargetHiddenFromInstantApp = 6381 !isTargetVisibleToInstantApp 6382 || (matchExplicitlyVisibleOnly && !isTargetExplicitlyVisibleToInstantApp); 6383 final boolean blockResolution = 6384 !isTargetSameInstantApp 6385 && ((!matchInstantApp && !isCallerInstantApp && isTargetInstantApp) 6386 || (matchVisibleToInstantAppOnly && isCallerInstantApp 6387 && isTargetHiddenFromInstantApp)); 6388 if (!blockResolution) { 6389 final ResolveInfo ri = new ResolveInfo(); 6390 ri.activityInfo = ai; 6391 list.add(ri); 6392 } 6393 } 6394 return applyPostResolutionFilter(list, instantAppPkgName); 6395 } 6396 6397 // reader 6398 boolean sortResult = false; 6399 boolean addEphemeral = false; 6400 List<ResolveInfo> result; 6401 final boolean ephemeralDisabled = isEphemeralDisabled(); 6402 synchronized (mPackages) { 6403 if (pkgName == null) { 6404 List<CrossProfileIntentFilter> matchingFilters = 6405 getMatchingCrossProfileIntentFilters(intent, resolvedType, userId); 6406 // Check for results that need to skip the current profile. 6407 ResolveInfo xpResolveInfo = querySkipCurrentProfileIntents(matchingFilters, intent, 6408 resolvedType, flags, userId); 6409 if (xpResolveInfo != null) { 6410 List<ResolveInfo> xpResult = new ArrayList<ResolveInfo>(1); 6411 xpResult.add(xpResolveInfo); 6412 return applyPostResolutionFilter( 6413 filterIfNotSystemUser(xpResult, userId), instantAppPkgName); 6414 } 6415 6416 // Check for results in the current profile. 6417 result = filterIfNotSystemUser(mActivities.queryIntent( 6418 intent, resolvedType, flags, userId), userId); 6419 addEphemeral = !ephemeralDisabled 6420 && isEphemeralAllowed(intent, result, userId, false /*skipPackageCheck*/); 6421 // Check for cross profile results. 6422 boolean hasNonNegativePriorityResult = hasNonNegativePriority(result); 6423 xpResolveInfo = queryCrossProfileIntents( 6424 matchingFilters, intent, resolvedType, flags, userId, 6425 hasNonNegativePriorityResult); 6426 if (xpResolveInfo != null && isUserEnabled(xpResolveInfo.targetUserId)) { 6427 boolean isVisibleToUser = filterIfNotSystemUser( 6428 Collections.singletonList(xpResolveInfo), userId).size() > 0; 6429 if (isVisibleToUser) { 6430 result.add(xpResolveInfo); 6431 sortResult = true; 6432 } 6433 } 6434 if (hasWebURI(intent)) { 6435 CrossProfileDomainInfo xpDomainInfo = null; 6436 final UserInfo parent = getProfileParent(userId); 6437 if (parent != null) { 6438 xpDomainInfo = getCrossProfileDomainPreferredLpr(intent, resolvedType, 6439 flags, userId, parent.id); 6440 } 6441 if (xpDomainInfo != null) { 6442 if (xpResolveInfo != null) { 6443 // If we didn't remove it, the cross-profile ResolveInfo would be twice 6444 // in the result. 6445 result.remove(xpResolveInfo); 6446 } 6447 if (result.size() == 0 && !addEphemeral) { 6448 // No result in current profile, but found candidate in parent user. 6449 // And we are not going to add emphemeral app, so we can return the 6450 // result straight away. 6451 result.add(xpDomainInfo.resolveInfo); 6452 return applyPostResolutionFilter(result, instantAppPkgName); 6453 } 6454 } else if (result.size() <= 1 && !addEphemeral) { 6455 // No result in parent user and <= 1 result in current profile, and we 6456 // are not going to add emphemeral app, so we can return the result without 6457 // further processing. 6458 return applyPostResolutionFilter(result, instantAppPkgName); 6459 } 6460 // We have more than one candidate (combining results from current and parent 6461 // profile), so we need filtering and sorting. 6462 result = filterCandidatesWithDomainPreferredActivitiesLPr( 6463 intent, flags, result, xpDomainInfo, userId); 6464 sortResult = true; 6465 } 6466 } else { 6467 final PackageParser.Package pkg = mPackages.get(pkgName); 6468 if (pkg != null) { 6469 return applyPostResolutionFilter(filterIfNotSystemUser( 6470 mActivities.queryIntentForPackage( 6471 intent, resolvedType, flags, pkg.activities, userId), 6472 userId), instantAppPkgName); 6473 } else { 6474 // the caller wants to resolve for a particular package; however, there 6475 // were no installed results, so, try to find an ephemeral result 6476 addEphemeral = !ephemeralDisabled 6477 && isEphemeralAllowed( 6478 intent, null /*result*/, userId, true /*skipPackageCheck*/); 6479 result = new ArrayList<ResolveInfo>(); 6480 } 6481 } 6482 } 6483 if (addEphemeral) { 6484 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "resolveEphemeral"); 6485 final InstantAppRequest requestObject = new InstantAppRequest( 6486 null /*responseObj*/, intent /*origIntent*/, resolvedType, 6487 null /*callingPackage*/, userId, null /*verificationBundle*/); 6488 final AuxiliaryResolveInfo auxiliaryResponse = 6489 InstantAppResolver.doInstantAppResolutionPhaseOne( 6490 mContext, mInstantAppResolverConnection, requestObject); 6491 if (auxiliaryResponse != null) { 6492 if (DEBUG_EPHEMERAL) { 6493 Slog.v(TAG, "Adding ephemeral installer to the ResolveInfo list"); 6494 } 6495 final ResolveInfo ephemeralInstaller = new ResolveInfo(mInstantAppInstallerInfo); 6496 final PackageSetting ps = 6497 mSettings.mPackages.get(mInstantAppInstallerActivity.packageName); 6498 if (ps != null) { 6499 ephemeralInstaller.activityInfo = PackageParser.generateActivityInfo( 6500 mInstantAppInstallerActivity, 0, ps.readUserState(userId), userId); 6501 ephemeralInstaller.activityInfo.launchToken = auxiliaryResponse.token; 6502 ephemeralInstaller.auxiliaryInfo = auxiliaryResponse; 6503 // make sure this resolver is the default 6504 ephemeralInstaller.isDefault = true; 6505 ephemeralInstaller.match = IntentFilter.MATCH_CATEGORY_SCHEME_SPECIFIC_PART 6506 | IntentFilter.MATCH_ADJUSTMENT_NORMAL; 6507 // add a non-generic filter 6508 ephemeralInstaller.filter = new IntentFilter(intent.getAction()); 6509 ephemeralInstaller.filter.addDataPath( 6510 intent.getData().getPath(), PatternMatcher.PATTERN_LITERAL); 6511 ephemeralInstaller.isInstantAppAvailable = true; 6512 result.add(ephemeralInstaller); 6513 } 6514 } 6515 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 6516 } 6517 if (sortResult) { 6518 Collections.sort(result, mResolvePrioritySorter); 6519 } 6520 return applyPostResolutionFilter(result, instantAppPkgName); 6521 } 6522 6523 private static class CrossProfileDomainInfo { 6524 /* ResolveInfo for IntentForwarderActivity to send the intent to the other profile */ 6525 ResolveInfo resolveInfo; 6526 /* Best domain verification status of the activities found in the other profile */ 6527 int bestDomainVerificationStatus; 6528 } 6529 6530 private CrossProfileDomainInfo getCrossProfileDomainPreferredLpr(Intent intent, 6531 String resolvedType, int flags, int sourceUserId, int parentUserId) { 6532 if (!sUserManager.hasUserRestriction(UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, 6533 sourceUserId)) { 6534 return null; 6535 } 6536 List<ResolveInfo> resultTargetUser = mActivities.queryIntent(intent, 6537 resolvedType, flags, parentUserId); 6538 6539 if (resultTargetUser == null || resultTargetUser.isEmpty()) { 6540 return null; 6541 } 6542 CrossProfileDomainInfo result = null; 6543 int size = resultTargetUser.size(); 6544 for (int i = 0; i < size; i++) { 6545 ResolveInfo riTargetUser = resultTargetUser.get(i); 6546 // Intent filter verification is only for filters that specify a host. So don't return 6547 // those that handle all web uris. 6548 if (riTargetUser.handleAllWebDataURI) { 6549 continue; 6550 } 6551 String packageName = riTargetUser.activityInfo.packageName; 6552 PackageSetting ps = mSettings.mPackages.get(packageName); 6553 if (ps == null) { 6554 continue; 6555 } 6556 long verificationState = getDomainVerificationStatusLPr(ps, parentUserId); 6557 int status = (int)(verificationState >> 32); 6558 if (result == null) { 6559 result = new CrossProfileDomainInfo(); 6560 result.resolveInfo = createForwardingResolveInfoUnchecked(new IntentFilter(), 6561 sourceUserId, parentUserId); 6562 result.bestDomainVerificationStatus = status; 6563 } else { 6564 result.bestDomainVerificationStatus = bestDomainVerificationStatus(status, 6565 result.bestDomainVerificationStatus); 6566 } 6567 } 6568 // Don't consider matches with status NEVER across profiles. 6569 if (result != null && result.bestDomainVerificationStatus 6570 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { 6571 return null; 6572 } 6573 return result; 6574 } 6575 6576 /** 6577 * Verification statuses are ordered from the worse to the best, except for 6578 * INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER, which is the worse. 6579 */ 6580 private int bestDomainVerificationStatus(int status1, int status2) { 6581 if (status1 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { 6582 return status2; 6583 } 6584 if (status2 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { 6585 return status1; 6586 } 6587 return (int) MathUtils.max(status1, status2); 6588 } 6589 6590 private boolean isUserEnabled(int userId) { 6591 long callingId = Binder.clearCallingIdentity(); 6592 try { 6593 UserInfo userInfo = sUserManager.getUserInfo(userId); 6594 return userInfo != null && userInfo.isEnabled(); 6595 } finally { 6596 Binder.restoreCallingIdentity(callingId); 6597 } 6598 } 6599 6600 /** 6601 * Filter out activities with systemUserOnly flag set, when current user is not System. 6602 * 6603 * @return filtered list 6604 */ 6605 private List<ResolveInfo> filterIfNotSystemUser(List<ResolveInfo> resolveInfos, int userId) { 6606 if (userId == UserHandle.USER_SYSTEM) { 6607 return resolveInfos; 6608 } 6609 for (int i = resolveInfos.size() - 1; i >= 0; i--) { 6610 ResolveInfo info = resolveInfos.get(i); 6611 if ((info.activityInfo.flags & ActivityInfo.FLAG_SYSTEM_USER_ONLY) != 0) { 6612 resolveInfos.remove(i); 6613 } 6614 } 6615 return resolveInfos; 6616 } 6617 6618 /** 6619 * Filters out ephemeral activities. 6620 * <p>When resolving for an ephemeral app, only activities that 1) are defined in the 6621 * ephemeral app or 2) marked with {@code visibleToEphemeral} are returned. 6622 * 6623 * @param resolveInfos The pre-filtered list of resolved activities 6624 * @param ephemeralPkgName The ephemeral package name. If {@code null}, no filtering 6625 * is performed. 6626 * @return A filtered list of resolved activities. 6627 */ 6628 private List<ResolveInfo> applyPostResolutionFilter(List<ResolveInfo> resolveInfos, 6629 String ephemeralPkgName) { 6630 // TODO: When adding on-demand split support for non-instant apps, remove this check 6631 // and always apply post filtering 6632 if (ephemeralPkgName == null) { 6633 return resolveInfos; 6634 } 6635 for (int i = resolveInfos.size() - 1; i >= 0; i--) { 6636 final ResolveInfo info = resolveInfos.get(i); 6637 final boolean isEphemeralApp = info.activityInfo.applicationInfo.isInstantApp(); 6638 // allow activities that are defined in the provided package 6639 if (isEphemeralApp && ephemeralPkgName.equals(info.activityInfo.packageName)) { 6640 if (info.activityInfo.splitName != null 6641 && !ArrayUtils.contains(info.activityInfo.applicationInfo.splitNames, 6642 info.activityInfo.splitName)) { 6643 // requested activity is defined in a split that hasn't been installed yet. 6644 // add the installer to the resolve list 6645 if (DEBUG_EPHEMERAL) { 6646 Slog.v(TAG, "Adding ephemeral installer to the ResolveInfo list"); 6647 } 6648 final ResolveInfo installerInfo = new ResolveInfo(mInstantAppInstallerInfo); 6649 installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( 6650 info.activityInfo.packageName, info.activityInfo.splitName, 6651 info.activityInfo.applicationInfo.versionCode); 6652 // make sure this resolver is the default 6653 installerInfo.isDefault = true; 6654 installerInfo.match = IntentFilter.MATCH_CATEGORY_SCHEME_SPECIFIC_PART 6655 | IntentFilter.MATCH_ADJUSTMENT_NORMAL; 6656 // add a non-generic filter 6657 installerInfo.filter = new IntentFilter(); 6658 // load resources from the correct package 6659 installerInfo.resolvePackageName = info.getComponentInfo().packageName; 6660 resolveInfos.set(i, installerInfo); 6661 } 6662 continue; 6663 } 6664 // allow activities that have been explicitly exposed to ephemeral apps 6665 if (!isEphemeralApp 6666 && ((info.activityInfo.flags & ActivityInfo.FLAG_VISIBLE_TO_INSTANT_APP) != 0)) { 6667 continue; 6668 } 6669 resolveInfos.remove(i); 6670 } 6671 return resolveInfos; 6672 } 6673 6674 /** 6675 * @param resolveInfos list of resolve infos in descending priority order 6676 * @return if the list contains a resolve info with non-negative priority 6677 */ 6678 private boolean hasNonNegativePriority(List<ResolveInfo> resolveInfos) { 6679 return resolveInfos.size() > 0 && resolveInfos.get(0).priority >= 0; 6680 } 6681 6682 private static boolean hasWebURI(Intent intent) { 6683 if (intent.getData() == null) { 6684 return false; 6685 } 6686 final String scheme = intent.getScheme(); 6687 if (TextUtils.isEmpty(scheme)) { 6688 return false; 6689 } 6690 return scheme.equals(IntentFilter.SCHEME_HTTP) || scheme.equals(IntentFilter.SCHEME_HTTPS); 6691 } 6692 6693 private List<ResolveInfo> filterCandidatesWithDomainPreferredActivitiesLPr(Intent intent, 6694 int matchFlags, List<ResolveInfo> candidates, CrossProfileDomainInfo xpDomainInfo, 6695 int userId) { 6696 final boolean debug = (intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0; 6697 6698 if (DEBUG_PREFERRED || DEBUG_DOMAIN_VERIFICATION) { 6699 Slog.v(TAG, "Filtering results with preferred activities. Candidates count: " + 6700 candidates.size()); 6701 } 6702 6703 ArrayList<ResolveInfo> result = new ArrayList<ResolveInfo>(); 6704 ArrayList<ResolveInfo> alwaysList = new ArrayList<ResolveInfo>(); 6705 ArrayList<ResolveInfo> undefinedList = new ArrayList<ResolveInfo>(); 6706 ArrayList<ResolveInfo> alwaysAskList = new ArrayList<ResolveInfo>(); 6707 ArrayList<ResolveInfo> neverList = new ArrayList<ResolveInfo>(); 6708 ArrayList<ResolveInfo> matchAllList = new ArrayList<ResolveInfo>(); 6709 6710 synchronized (mPackages) { 6711 final int count = candidates.size(); 6712 // First, try to use linked apps. Partition the candidates into four lists: 6713 // one for the final results, one for the "do not use ever", one for "undefined status" 6714 // and finally one for "browser app type". 6715 for (int n=0; n<count; n++) { 6716 ResolveInfo info = candidates.get(n); 6717 String packageName = info.activityInfo.packageName; 6718 PackageSetting ps = mSettings.mPackages.get(packageName); 6719 if (ps != null) { 6720 // Add to the special match all list (Browser use case) 6721 if (info.handleAllWebDataURI) { 6722 matchAllList.add(info); 6723 continue; 6724 } 6725 // Try to get the status from User settings first 6726 long packedStatus = getDomainVerificationStatusLPr(ps, userId); 6727 int status = (int)(packedStatus >> 32); 6728 int linkGeneration = (int)(packedStatus & 0xFFFFFFFF); 6729 if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS) { 6730 if (DEBUG_DOMAIN_VERIFICATION || debug) { 6731 Slog.i(TAG, " + always: " + info.activityInfo.packageName 6732 + " : linkgen=" + linkGeneration); 6733 } 6734 // Use link-enabled generation as preferredOrder, i.e. 6735 // prefer newly-enabled over earlier-enabled. 6736 info.preferredOrder = linkGeneration; 6737 alwaysList.add(info); 6738 } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { 6739 if (DEBUG_DOMAIN_VERIFICATION || debug) { 6740 Slog.i(TAG, " + never: " + info.activityInfo.packageName); 6741 } 6742 neverList.add(info); 6743 } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK) { 6744 if (DEBUG_DOMAIN_VERIFICATION || debug) { 6745 Slog.i(TAG, " + always-ask: " + info.activityInfo.packageName); 6746 } 6747 alwaysAskList.add(info); 6748 } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED || 6749 status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK) { 6750 if (DEBUG_DOMAIN_VERIFICATION || debug) { 6751 Slog.i(TAG, " + ask: " + info.activityInfo.packageName); 6752 } 6753 undefinedList.add(info); 6754 } 6755 } 6756 } 6757 6758 // We'll want to include browser possibilities in a few cases 6759 boolean includeBrowser = false; 6760 6761 // First try to add the "always" resolution(s) for the current user, if any 6762 if (alwaysList.size() > 0) { 6763 result.addAll(alwaysList); 6764 } else { 6765 // Add all undefined apps as we want them to appear in the disambiguation dialog. 6766 result.addAll(undefinedList); 6767 // Maybe add one for the other profile. 6768 if (xpDomainInfo != null && ( 6769 xpDomainInfo.bestDomainVerificationStatus 6770 != INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER)) { 6771 result.add(xpDomainInfo.resolveInfo); 6772 } 6773 includeBrowser = true; 6774 } 6775 6776 // The presence of any 'always ask' alternatives means we'll also offer browsers. 6777 // If there were 'always' entries their preferred order has been set, so we also 6778 // back that off to make the alternatives equivalent 6779 if (alwaysAskList.size() > 0) { 6780 for (ResolveInfo i : result) { 6781 i.preferredOrder = 0; 6782 } 6783 result.addAll(alwaysAskList); 6784 includeBrowser = true; 6785 } 6786 6787 if (includeBrowser) { 6788 // Also add browsers (all of them or only the default one) 6789 if (DEBUG_DOMAIN_VERIFICATION) { 6790 Slog.v(TAG, " ...including browsers in candidate set"); 6791 } 6792 if ((matchFlags & MATCH_ALL) != 0) { 6793 result.addAll(matchAllList); 6794 } else { 6795 // Browser/generic handling case. If there's a default browser, go straight 6796 // to that (but only if there is no other higher-priority match). 6797 final String defaultBrowserPackageName = getDefaultBrowserPackageName(userId); 6798 int maxMatchPrio = 0; 6799 ResolveInfo defaultBrowserMatch = null; 6800 final int numCandidates = matchAllList.size(); 6801 for (int n = 0; n < numCandidates; n++) { 6802 ResolveInfo info = matchAllList.get(n); 6803 // track the highest overall match priority... 6804 if (info.priority > maxMatchPrio) { 6805 maxMatchPrio = info.priority; 6806 } 6807 // ...and the highest-priority default browser match 6808 if (info.activityInfo.packageName.equals(defaultBrowserPackageName)) { 6809 if (defaultBrowserMatch == null 6810 || (defaultBrowserMatch.priority < info.priority)) { 6811 if (debug) { 6812 Slog.v(TAG, "Considering default browser match " + info); 6813 } 6814 defaultBrowserMatch = info; 6815 } 6816 } 6817 } 6818 if (defaultBrowserMatch != null 6819 && defaultBrowserMatch.priority >= maxMatchPrio 6820 && !TextUtils.isEmpty(defaultBrowserPackageName)) 6821 { 6822 if (debug) { 6823 Slog.v(TAG, "Default browser match " + defaultBrowserMatch); 6824 } 6825 result.add(defaultBrowserMatch); 6826 } else { 6827 result.addAll(matchAllList); 6828 } 6829 } 6830 6831 // If there is nothing selected, add all candidates and remove the ones that the user 6832 // has explicitly put into the INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER state 6833 if (result.size() == 0) { 6834 result.addAll(candidates); 6835 result.removeAll(neverList); 6836 } 6837 } 6838 } 6839 if (DEBUG_PREFERRED || DEBUG_DOMAIN_VERIFICATION) { 6840 Slog.v(TAG, "Filtered results with preferred activities. New candidates count: " + 6841 result.size()); 6842 for (ResolveInfo info : result) { 6843 Slog.v(TAG, " + " + info.activityInfo); 6844 } 6845 } 6846 return result; 6847 } 6848 6849 // Returns a packed value as a long: 6850 // 6851 // high 'int'-sized word: link status: undefined/ask/never/always. 6852 // low 'int'-sized word: relative priority among 'always' results. 6853 private long getDomainVerificationStatusLPr(PackageSetting ps, int userId) { 6854 long result = ps.getDomainVerificationStatusForUser(userId); 6855 // if none available, get the master status 6856 if (result >> 32 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED) { 6857 if (ps.getIntentFilterVerificationInfo() != null) { 6858 result = ((long)ps.getIntentFilterVerificationInfo().getStatus()) << 32; 6859 } 6860 } 6861 return result; 6862 } 6863 6864 private ResolveInfo querySkipCurrentProfileIntents( 6865 List<CrossProfileIntentFilter> matchingFilters, Intent intent, String resolvedType, 6866 int flags, int sourceUserId) { 6867 if (matchingFilters != null) { 6868 int size = matchingFilters.size(); 6869 for (int i = 0; i < size; i ++) { 6870 CrossProfileIntentFilter filter = matchingFilters.get(i); 6871 if ((filter.getFlags() & PackageManager.SKIP_CURRENT_PROFILE) != 0) { 6872 // Checking if there are activities in the target user that can handle the 6873 // intent. 6874 ResolveInfo resolveInfo = createForwardingResolveInfo(filter, intent, 6875 resolvedType, flags, sourceUserId); 6876 if (resolveInfo != null) { 6877 return resolveInfo; 6878 } 6879 } 6880 } 6881 } 6882 return null; 6883 } 6884 6885 // Return matching ResolveInfo in target user if any. 6886 private ResolveInfo queryCrossProfileIntents( 6887 List<CrossProfileIntentFilter> matchingFilters, Intent intent, String resolvedType, 6888 int flags, int sourceUserId, boolean matchInCurrentProfile) { 6889 if (matchingFilters != null) { 6890 // Two {@link CrossProfileIntentFilter}s can have the same targetUserId and 6891 // match the same intent. For performance reasons, it is better not to 6892 // run queryIntent twice for the same userId 6893 SparseBooleanArray alreadyTriedUserIds = new SparseBooleanArray(); 6894 int size = matchingFilters.size(); 6895 for (int i = 0; i < size; i++) { 6896 CrossProfileIntentFilter filter = matchingFilters.get(i); 6897 int targetUserId = filter.getTargetUserId(); 6898 boolean skipCurrentProfile = 6899 (filter.getFlags() & PackageManager.SKIP_CURRENT_PROFILE) != 0; 6900 boolean skipCurrentProfileIfNoMatchFound = 6901 (filter.getFlags() & PackageManager.ONLY_IF_NO_MATCH_FOUND) != 0; 6902 if (!skipCurrentProfile && !alreadyTriedUserIds.get(targetUserId) 6903 && (!skipCurrentProfileIfNoMatchFound || !matchInCurrentProfile)) { 6904 // Checking if there are activities in the target user that can handle the 6905 // intent. 6906 ResolveInfo resolveInfo = createForwardingResolveInfo(filter, intent, 6907 resolvedType, flags, sourceUserId); 6908 if (resolveInfo != null) return resolveInfo; 6909 alreadyTriedUserIds.put(targetUserId, true); 6910 } 6911 } 6912 } 6913 return null; 6914 } 6915 6916 /** 6917 * If the filter's target user can handle the intent and is enabled: returns a ResolveInfo that 6918 * will forward the intent to the filter's target user. 6919 * Otherwise, returns null. 6920 */ 6921 private ResolveInfo createForwardingResolveInfo(CrossProfileIntentFilter filter, Intent intent, 6922 String resolvedType, int flags, int sourceUserId) { 6923 int targetUserId = filter.getTargetUserId(); 6924 List<ResolveInfo> resultTargetUser = mActivities.queryIntent(intent, 6925 resolvedType, flags, targetUserId); 6926 if (resultTargetUser != null && isUserEnabled(targetUserId)) { 6927 // If all the matches in the target profile are suspended, return null. 6928 for (int i = resultTargetUser.size() - 1; i >= 0; i--) { 6929 if ((resultTargetUser.get(i).activityInfo.applicationInfo.flags 6930 & ApplicationInfo.FLAG_SUSPENDED) == 0) { 6931 return createForwardingResolveInfoUnchecked(filter, sourceUserId, 6932 targetUserId); 6933 } 6934 } 6935 } 6936 return null; 6937 } 6938 6939 private ResolveInfo createForwardingResolveInfoUnchecked(IntentFilter filter, 6940 int sourceUserId, int targetUserId) { 6941 ResolveInfo forwardingResolveInfo = new ResolveInfo(); 6942 long ident = Binder.clearCallingIdentity(); 6943 boolean targetIsProfile; 6944 try { 6945 targetIsProfile = sUserManager.getUserInfo(targetUserId).isManagedProfile(); 6946 } finally { 6947 Binder.restoreCallingIdentity(ident); 6948 } 6949 String className; 6950 if (targetIsProfile) { 6951 className = FORWARD_INTENT_TO_MANAGED_PROFILE; 6952 } else { 6953 className = FORWARD_INTENT_TO_PARENT; 6954 } 6955 ComponentName forwardingActivityComponentName = new ComponentName( 6956 mAndroidApplication.packageName, className); 6957 ActivityInfo forwardingActivityInfo = getActivityInfo(forwardingActivityComponentName, 0, 6958 sourceUserId); 6959 if (!targetIsProfile) { 6960 forwardingActivityInfo.showUserIcon = targetUserId; 6961 forwardingResolveInfo.noResourceId = true; 6962 } 6963 forwardingResolveInfo.activityInfo = forwardingActivityInfo; 6964 forwardingResolveInfo.priority = 0; 6965 forwardingResolveInfo.preferredOrder = 0; 6966 forwardingResolveInfo.match = 0; 6967 forwardingResolveInfo.isDefault = true; 6968 forwardingResolveInfo.filter = filter; 6969 forwardingResolveInfo.targetUserId = targetUserId; 6970 return forwardingResolveInfo; 6971 } 6972 6973 @Override 6974 public @NonNull ParceledListSlice<ResolveInfo> queryIntentActivityOptions(ComponentName caller, 6975 Intent[] specifics, String[] specificTypes, Intent intent, 6976 String resolvedType, int flags, int userId) { 6977 return new ParceledListSlice<>(queryIntentActivityOptionsInternal(caller, specifics, 6978 specificTypes, intent, resolvedType, flags, userId)); 6979 } 6980 6981 private @NonNull List<ResolveInfo> queryIntentActivityOptionsInternal(ComponentName caller, 6982 Intent[] specifics, String[] specificTypes, Intent intent, 6983 String resolvedType, int flags, int userId) { 6984 if (!sUserManager.exists(userId)) return Collections.emptyList(); 6985 final int callingUid = Binder.getCallingUid(); 6986 flags = updateFlagsForResolve(flags, userId, intent, callingUid, 6987 false /*includeInstantApps*/); 6988 enforceCrossUserPermission(callingUid, userId, 6989 false /*requireFullPermission*/, false /*checkShell*/, 6990 "query intent activity options"); 6991 final String resultsAction = intent.getAction(); 6992 6993 final List<ResolveInfo> results = queryIntentActivitiesInternal(intent, resolvedType, flags 6994 | PackageManager.GET_RESOLVED_FILTER, userId); 6995 6996 if (DEBUG_INTENT_MATCHING) { 6997 Log.v(TAG, "Query " + intent + ": " + results); 6998 } 6999 7000 int specificsPos = 0; 7001 int N; 7002 7003 // todo: note that the algorithm used here is O(N^2). This 7004 // isn't a problem in our current environment, but if we start running 7005 // into situations where we have more than 5 or 10 matches then this 7006 // should probably be changed to something smarter... 7007 7008 // First we go through and resolve each of the specific items 7009 // that were supplied, taking care of removing any corresponding 7010 // duplicate items in the generic resolve list. 7011 if (specifics != null) { 7012 for (int i=0; i<specifics.length; i++) { 7013 final Intent sintent = specifics[i]; 7014 if (sintent == null) { 7015 continue; 7016 } 7017 7018 if (DEBUG_INTENT_MATCHING) { 7019 Log.v(TAG, "Specific #" + i + ": " + sintent); 7020 } 7021 7022 String action = sintent.getAction(); 7023 if (resultsAction != null && resultsAction.equals(action)) { 7024 // If this action was explicitly requested, then don't 7025 // remove things that have it. 7026 action = null; 7027 } 7028 7029 ResolveInfo ri = null; 7030 ActivityInfo ai = null; 7031 7032 ComponentName comp = sintent.getComponent(); 7033 if (comp == null) { 7034 ri = resolveIntent( 7035 sintent, 7036 specificTypes != null ? specificTypes[i] : null, 7037 flags, userId); 7038 if (ri == null) { 7039 continue; 7040 } 7041 if (ri == mResolveInfo) { 7042 // ACK! Must do something better with this. 7043 } 7044 ai = ri.activityInfo; 7045 comp = new ComponentName(ai.applicationInfo.packageName, 7046 ai.name); 7047 } else { 7048 ai = getActivityInfo(comp, flags, userId); 7049 if (ai == null) { 7050 continue; 7051 } 7052 } 7053 7054 // Look for any generic query activities that are duplicates 7055 // of this specific one, and remove them from the results. 7056 if (DEBUG_INTENT_MATCHING) Log.v(TAG, "Specific #" + i + ": " + ai); 7057 N = results.size(); 7058 int j; 7059 for (j=specificsPos; j<N; j++) { 7060 ResolveInfo sri = results.get(j); 7061 if ((sri.activityInfo.name.equals(comp.getClassName()) 7062 && sri.activityInfo.applicationInfo.packageName.equals( 7063 comp.getPackageName())) 7064 || (action != null && sri.filter.matchAction(action))) { 7065 results.remove(j); 7066 if (DEBUG_INTENT_MATCHING) Log.v( 7067 TAG, "Removing duplicate item from " + j 7068 + " due to specific " + specificsPos); 7069 if (ri == null) { 7070 ri = sri; 7071 } 7072 j--; 7073 N--; 7074 } 7075 } 7076 7077 // Add this specific item to its proper place. 7078 if (ri == null) { 7079 ri = new ResolveInfo(); 7080 ri.activityInfo = ai; 7081 } 7082 results.add(specificsPos, ri); 7083 ri.specificIndex = i; 7084 specificsPos++; 7085 } 7086 } 7087 7088 // Now we go through the remaining generic results and remove any 7089 // duplicate actions that are found here. 7090 N = results.size(); 7091 for (int i=specificsPos; i<N-1; i++) { 7092 final ResolveInfo rii = results.get(i); 7093 if (rii.filter == null) { 7094 continue; 7095 } 7096 7097 // Iterate over all of the actions of this result's intent 7098 // filter... typically this should be just one. 7099 final Iterator<String> it = rii.filter.actionsIterator(); 7100 if (it == null) { 7101 continue; 7102 } 7103 while (it.hasNext()) { 7104 final String action = it.next(); 7105 if (resultsAction != null && resultsAction.equals(action)) { 7106 // If this action was explicitly requested, then don't 7107 // remove things that have it. 7108 continue; 7109 } 7110 for (int j=i+1; j<N; j++) { 7111 final ResolveInfo rij = results.get(j); 7112 if (rij.filter != null && rij.filter.hasAction(action)) { 7113 results.remove(j); 7114 if (DEBUG_INTENT_MATCHING) Log.v( 7115 TAG, "Removing duplicate item from " + j 7116 + " due to action " + action + " at " + i); 7117 j--; 7118 N--; 7119 } 7120 } 7121 } 7122 7123 // If the caller didn't request filter information, drop it now 7124 // so we don't have to marshall/unmarshall it. 7125 if ((flags&PackageManager.GET_RESOLVED_FILTER) == 0) { 7126 rii.filter = null; 7127 } 7128 } 7129 7130 // Filter out the caller activity if so requested. 7131 if (caller != null) { 7132 N = results.size(); 7133 for (int i=0; i<N; i++) { 7134 ActivityInfo ainfo = results.get(i).activityInfo; 7135 if (caller.getPackageName().equals(ainfo.applicationInfo.packageName) 7136 && caller.getClassName().equals(ainfo.name)) { 7137 results.remove(i); 7138 break; 7139 } 7140 } 7141 } 7142 7143 // If the caller didn't request filter information, 7144 // drop them now so we don't have to 7145 // marshall/unmarshall it. 7146 if ((flags&PackageManager.GET_RESOLVED_FILTER) == 0) { 7147 N = results.size(); 7148 for (int i=0; i<N; i++) { 7149 results.get(i).filter = null; 7150 } 7151 } 7152 7153 if (DEBUG_INTENT_MATCHING) Log.v(TAG, "Result: " + results); 7154 return results; 7155 } 7156 7157 @Override 7158 public @NonNull ParceledListSlice<ResolveInfo> queryIntentReceivers(Intent intent, 7159 String resolvedType, int flags, int userId) { 7160 return new ParceledListSlice<>( 7161 queryIntentReceiversInternal(intent, resolvedType, flags, userId)); 7162 } 7163 7164 private @NonNull List<ResolveInfo> queryIntentReceiversInternal(Intent intent, 7165 String resolvedType, int flags, int userId) { 7166 if (!sUserManager.exists(userId)) return Collections.emptyList(); 7167 final int callingUid = Binder.getCallingUid(); 7168 flags = updateFlagsForResolve(flags, userId, intent, callingUid, 7169 false /*includeInstantApps*/); 7170 ComponentName comp = intent.getComponent(); 7171 if (comp == null) { 7172 if (intent.getSelector() != null) { 7173 intent = intent.getSelector(); 7174 comp = intent.getComponent(); 7175 } 7176 } 7177 if (comp != null) { 7178 List<ResolveInfo> list = new ArrayList<ResolveInfo>(1); 7179 ActivityInfo ai = getReceiverInfo(comp, flags, userId); 7180 if (ai != null) { 7181 ResolveInfo ri = new ResolveInfo(); 7182 ri.activityInfo = ai; 7183 list.add(ri); 7184 } 7185 return list; 7186 } 7187 7188 // reader 7189 synchronized (mPackages) { 7190 String pkgName = intent.getPackage(); 7191 if (pkgName == null) { 7192 return mReceivers.queryIntent(intent, resolvedType, flags, userId); 7193 } 7194 final PackageParser.Package pkg = mPackages.get(pkgName); 7195 if (pkg != null) { 7196 return mReceivers.queryIntentForPackage(intent, resolvedType, flags, pkg.receivers, 7197 userId); 7198 } 7199 return Collections.emptyList(); 7200 } 7201 } 7202 7203 @Override 7204 public ResolveInfo resolveService(Intent intent, String resolvedType, int flags, int userId) { 7205 final int callingUid = Binder.getCallingUid(); 7206 return resolveServiceInternal(intent, resolvedType, flags, userId, callingUid); 7207 } 7208 7209 private ResolveInfo resolveServiceInternal(Intent intent, String resolvedType, int flags, 7210 int userId, int callingUid) { 7211 if (!sUserManager.exists(userId)) return null; 7212 flags = updateFlagsForResolve( 7213 flags, userId, intent, callingUid, false /*includeInstantApps*/); 7214 List<ResolveInfo> query = queryIntentServicesInternal( 7215 intent, resolvedType, flags, userId, callingUid, false /*includeInstantApps*/); 7216 if (query != null) { 7217 if (query.size() >= 1) { 7218 // If there is more than one service with the same priority, 7219 // just arbitrarily pick the first one. 7220 return query.get(0); 7221 } 7222 } 7223 return null; 7224 } 7225 7226 @Override 7227 public @NonNull ParceledListSlice<ResolveInfo> queryIntentServices(Intent intent, 7228 String resolvedType, int flags, int userId) { 7229 final int callingUid = Binder.getCallingUid(); 7230 return new ParceledListSlice<>(queryIntentServicesInternal( 7231 intent, resolvedType, flags, userId, callingUid, false /*includeInstantApps*/)); 7232 } 7233 7234 private @NonNull List<ResolveInfo> queryIntentServicesInternal(Intent intent, 7235 String resolvedType, int flags, int userId, int callingUid, 7236 boolean includeInstantApps) { 7237 if (!sUserManager.exists(userId)) return Collections.emptyList(); 7238 final String instantAppPkgName = getInstantAppPackageName(callingUid); 7239 flags = updateFlagsForResolve(flags, userId, intent, callingUid, includeInstantApps); 7240 ComponentName comp = intent.getComponent(); 7241 if (comp == null) { 7242 if (intent.getSelector() != null) { 7243 intent = intent.getSelector(); 7244 comp = intent.getComponent(); 7245 } 7246 } 7247 if (comp != null) { 7248 final List<ResolveInfo> list = new ArrayList<ResolveInfo>(1); 7249 final ServiceInfo si = getServiceInfo(comp, flags, userId); 7250 if (si != null) { 7251 // When specifying an explicit component, we prevent the service from being 7252 // used when either 1) the service is in an instant application and the 7253 // caller is not the same instant application or 2) the calling package is 7254 // ephemeral and the activity is not visible to ephemeral applications. 7255 final boolean matchInstantApp = 7256 (flags & PackageManager.MATCH_INSTANT) != 0; 7257 final boolean matchVisibleToInstantAppOnly = 7258 (flags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 7259 final boolean isCallerInstantApp = 7260 instantAppPkgName != null; 7261 final boolean isTargetSameInstantApp = 7262 comp.getPackageName().equals(instantAppPkgName); 7263 final boolean isTargetInstantApp = 7264 (si.applicationInfo.privateFlags 7265 & ApplicationInfo.PRIVATE_FLAG_INSTANT) != 0; 7266 final boolean isTargetHiddenFromInstantApp = 7267 (si.flags & ServiceInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0; 7268 final boolean blockResolution = 7269 !isTargetSameInstantApp 7270 && ((!matchInstantApp && !isCallerInstantApp && isTargetInstantApp) 7271 || (matchVisibleToInstantAppOnly && isCallerInstantApp 7272 && isTargetHiddenFromInstantApp)); 7273 if (!blockResolution) { 7274 final ResolveInfo ri = new ResolveInfo(); 7275 ri.serviceInfo = si; 7276 list.add(ri); 7277 } 7278 } 7279 return list; 7280 } 7281 7282 // reader 7283 synchronized (mPackages) { 7284 String pkgName = intent.getPackage(); 7285 if (pkgName == null) { 7286 return applyPostServiceResolutionFilter( 7287 mServices.queryIntent(intent, resolvedType, flags, userId), 7288 instantAppPkgName); 7289 } 7290 final PackageParser.Package pkg = mPackages.get(pkgName); 7291 if (pkg != null) { 7292 return applyPostServiceResolutionFilter( 7293 mServices.queryIntentForPackage(intent, resolvedType, flags, pkg.services, 7294 userId), 7295 instantAppPkgName); 7296 } 7297 return Collections.emptyList(); 7298 } 7299 } 7300 7301 private List<ResolveInfo> applyPostServiceResolutionFilter(List<ResolveInfo> resolveInfos, 7302 String instantAppPkgName) { 7303 // TODO: When adding on-demand split support for non-instant apps, remove this check 7304 // and always apply post filtering 7305 if (instantAppPkgName == null) { 7306 return resolveInfos; 7307 } 7308 for (int i = resolveInfos.size() - 1; i >= 0; i--) { 7309 final ResolveInfo info = resolveInfos.get(i); 7310 final boolean isEphemeralApp = info.serviceInfo.applicationInfo.isInstantApp(); 7311 // allow services that are defined in the provided package 7312 if (isEphemeralApp && instantAppPkgName.equals(info.serviceInfo.packageName)) { 7313 if (info.serviceInfo.splitName != null 7314 && !ArrayUtils.contains(info.serviceInfo.applicationInfo.splitNames, 7315 info.serviceInfo.splitName)) { 7316 // requested service is defined in a split that hasn't been installed yet. 7317 // add the installer to the resolve list 7318 if (DEBUG_EPHEMERAL) { 7319 Slog.v(TAG, "Adding ephemeral installer to the ResolveInfo list"); 7320 } 7321 final ResolveInfo installerInfo = new ResolveInfo(mInstantAppInstallerInfo); 7322 installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( 7323 info.serviceInfo.packageName, info.serviceInfo.splitName, 7324 info.serviceInfo.applicationInfo.versionCode); 7325 // make sure this resolver is the default 7326 installerInfo.isDefault = true; 7327 installerInfo.match = IntentFilter.MATCH_CATEGORY_SCHEME_SPECIFIC_PART 7328 | IntentFilter.MATCH_ADJUSTMENT_NORMAL; 7329 // add a non-generic filter 7330 installerInfo.filter = new IntentFilter(); 7331 // load resources from the correct package 7332 installerInfo.resolvePackageName = info.getComponentInfo().packageName; 7333 resolveInfos.set(i, installerInfo); 7334 } 7335 continue; 7336 } 7337 // allow services that have been explicitly exposed to ephemeral apps 7338 if (!isEphemeralApp 7339 && ((info.serviceInfo.flags & ServiceInfo.FLAG_VISIBLE_TO_INSTANT_APP) != 0)) { 7340 continue; 7341 } 7342 resolveInfos.remove(i); 7343 } 7344 return resolveInfos; 7345 } 7346 7347 @Override 7348 public @NonNull ParceledListSlice<ResolveInfo> queryIntentContentProviders(Intent intent, 7349 String resolvedType, int flags, int userId) { 7350 return new ParceledListSlice<>( 7351 queryIntentContentProvidersInternal(intent, resolvedType, flags, userId)); 7352 } 7353 7354 private @NonNull List<ResolveInfo> queryIntentContentProvidersInternal( 7355 Intent intent, String resolvedType, int flags, int userId) { 7356 if (!sUserManager.exists(userId)) return Collections.emptyList(); 7357 final int callingUid = Binder.getCallingUid(); 7358 final String instantAppPkgName = getInstantAppPackageName(callingUid); 7359 flags = updateFlagsForResolve(flags, userId, intent, callingUid, 7360 false /*includeInstantApps*/); 7361 ComponentName comp = intent.getComponent(); 7362 if (comp == null) { 7363 if (intent.getSelector() != null) { 7364 intent = intent.getSelector(); 7365 comp = intent.getComponent(); 7366 } 7367 } 7368 if (comp != null) { 7369 final List<ResolveInfo> list = new ArrayList<ResolveInfo>(1); 7370 final ProviderInfo pi = getProviderInfo(comp, flags, userId); 7371 if (pi != null) { 7372 // When specifying an explicit component, we prevent the provider from being 7373 // used when either 1) the provider is in an instant application and the 7374 // caller is not the same instant application or 2) the calling package is an 7375 // instant application and the provider is not visible to instant applications. 7376 final boolean matchInstantApp = 7377 (flags & PackageManager.MATCH_INSTANT) != 0; 7378 final boolean matchVisibleToInstantAppOnly = 7379 (flags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 7380 final boolean isCallerInstantApp = 7381 instantAppPkgName != null; 7382 final boolean isTargetSameInstantApp = 7383 comp.getPackageName().equals(instantAppPkgName); 7384 final boolean isTargetInstantApp = 7385 (pi.applicationInfo.privateFlags 7386 & ApplicationInfo.PRIVATE_FLAG_INSTANT) != 0; 7387 final boolean isTargetHiddenFromInstantApp = 7388 (pi.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0; 7389 final boolean blockResolution = 7390 !isTargetSameInstantApp 7391 && ((!matchInstantApp && !isCallerInstantApp && isTargetInstantApp) 7392 || (matchVisibleToInstantAppOnly && isCallerInstantApp 7393 && isTargetHiddenFromInstantApp)); 7394 if (!blockResolution) { 7395 final ResolveInfo ri = new ResolveInfo(); 7396 ri.providerInfo = pi; 7397 list.add(ri); 7398 } 7399 } 7400 return list; 7401 } 7402 7403 // reader 7404 synchronized (mPackages) { 7405 String pkgName = intent.getPackage(); 7406 if (pkgName == null) { 7407 return applyPostContentProviderResolutionFilter( 7408 mProviders.queryIntent(intent, resolvedType, flags, userId), 7409 instantAppPkgName); 7410 } 7411 final PackageParser.Package pkg = mPackages.get(pkgName); 7412 if (pkg != null) { 7413 return applyPostContentProviderResolutionFilter( 7414 mProviders.queryIntentForPackage( 7415 intent, resolvedType, flags, pkg.providers, userId), 7416 instantAppPkgName); 7417 } 7418 return Collections.emptyList(); 7419 } 7420 } 7421 7422 private List<ResolveInfo> applyPostContentProviderResolutionFilter( 7423 List<ResolveInfo> resolveInfos, String instantAppPkgName) { 7424 // TODO: When adding on-demand split support for non-instant applications, remove 7425 // this check and always apply post filtering 7426 if (instantAppPkgName == null) { 7427 return resolveInfos; 7428 } 7429 for (int i = resolveInfos.size() - 1; i >= 0; i--) { 7430 final ResolveInfo info = resolveInfos.get(i); 7431 final boolean isEphemeralApp = info.providerInfo.applicationInfo.isInstantApp(); 7432 // allow providers that are defined in the provided package 7433 if (isEphemeralApp && instantAppPkgName.equals(info.providerInfo.packageName)) { 7434 if (info.providerInfo.splitName != null 7435 && !ArrayUtils.contains(info.providerInfo.applicationInfo.splitNames, 7436 info.providerInfo.splitName)) { 7437 // requested provider is defined in a split that hasn't been installed yet. 7438 // add the installer to the resolve list 7439 if (DEBUG_EPHEMERAL) { 7440 Slog.v(TAG, "Adding ephemeral installer to the ResolveInfo list"); 7441 } 7442 final ResolveInfo installerInfo = new ResolveInfo(mInstantAppInstallerInfo); 7443 installerInfo.auxiliaryInfo = new AuxiliaryResolveInfo( 7444 info.providerInfo.packageName, info.providerInfo.splitName, 7445 info.providerInfo.applicationInfo.versionCode); 7446 // make sure this resolver is the default 7447 installerInfo.isDefault = true; 7448 installerInfo.match = IntentFilter.MATCH_CATEGORY_SCHEME_SPECIFIC_PART 7449 | IntentFilter.MATCH_ADJUSTMENT_NORMAL; 7450 // add a non-generic filter 7451 installerInfo.filter = new IntentFilter(); 7452 // load resources from the correct package 7453 installerInfo.resolvePackageName = info.getComponentInfo().packageName; 7454 resolveInfos.set(i, installerInfo); 7455 } 7456 continue; 7457 } 7458 // allow providers that have been explicitly exposed to instant applications 7459 if (!isEphemeralApp 7460 && ((info.providerInfo.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) != 0)) { 7461 continue; 7462 } 7463 resolveInfos.remove(i); 7464 } 7465 return resolveInfos; 7466 } 7467 7468 @Override 7469 public ParceledListSlice<PackageInfo> getInstalledPackages(int flags, int userId) { 7470 if (!sUserManager.exists(userId)) return ParceledListSlice.emptyList(); 7471 flags = updateFlagsForPackage(flags, userId, null); 7472 final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0; 7473 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7474 true /* requireFullPermission */, false /* checkShell */, 7475 "get installed packages"); 7476 7477 // writer 7478 synchronized (mPackages) { 7479 ArrayList<PackageInfo> list; 7480 if (listUninstalled) { 7481 list = new ArrayList<>(mSettings.mPackages.size()); 7482 for (PackageSetting ps : mSettings.mPackages.values()) { 7483 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 7484 continue; 7485 } 7486 final PackageInfo pi = generatePackageInfo(ps, flags, userId); 7487 if (pi != null) { 7488 list.add(pi); 7489 } 7490 } 7491 } else { 7492 list = new ArrayList<>(mPackages.size()); 7493 for (PackageParser.Package p : mPackages.values()) { 7494 if (filterSharedLibPackageLPr((PackageSetting) p.mExtras, 7495 Binder.getCallingUid(), userId)) { 7496 continue; 7497 } 7498 final PackageInfo pi = generatePackageInfo((PackageSetting) 7499 p.mExtras, flags, userId); 7500 if (pi != null) { 7501 list.add(pi); 7502 } 7503 } 7504 } 7505 7506 return new ParceledListSlice<>(list); 7507 } 7508 } 7509 7510 private void addPackageHoldingPermissions(ArrayList<PackageInfo> list, PackageSetting ps, 7511 String[] permissions, boolean[] tmp, int flags, int userId) { 7512 int numMatch = 0; 7513 final PermissionsState permissionsState = ps.getPermissionsState(); 7514 for (int i=0; i<permissions.length; i++) { 7515 final String permission = permissions[i]; 7516 if (permissionsState.hasPermission(permission, userId)) { 7517 tmp[i] = true; 7518 numMatch++; 7519 } else { 7520 tmp[i] = false; 7521 } 7522 } 7523 if (numMatch == 0) { 7524 return; 7525 } 7526 final PackageInfo pi = generatePackageInfo(ps, flags, userId); 7527 7528 // The above might return null in cases of uninstalled apps or install-state 7529 // skew across users/profiles. 7530 if (pi != null) { 7531 if ((flags&PackageManager.GET_PERMISSIONS) == 0) { 7532 if (numMatch == permissions.length) { 7533 pi.requestedPermissions = permissions; 7534 } else { 7535 pi.requestedPermissions = new String[numMatch]; 7536 numMatch = 0; 7537 for (int i=0; i<permissions.length; i++) { 7538 if (tmp[i]) { 7539 pi.requestedPermissions[numMatch] = permissions[i]; 7540 numMatch++; 7541 } 7542 } 7543 } 7544 } 7545 list.add(pi); 7546 } 7547 } 7548 7549 @Override 7550 public ParceledListSlice<PackageInfo> getPackagesHoldingPermissions( 7551 String[] permissions, int flags, int userId) { 7552 if (!sUserManager.exists(userId)) return ParceledListSlice.emptyList(); 7553 flags = updateFlagsForPackage(flags, userId, permissions); 7554 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7555 true /* requireFullPermission */, false /* checkShell */, 7556 "get packages holding permissions"); 7557 final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0; 7558 7559 // writer 7560 synchronized (mPackages) { 7561 ArrayList<PackageInfo> list = new ArrayList<PackageInfo>(); 7562 boolean[] tmpBools = new boolean[permissions.length]; 7563 if (listUninstalled) { 7564 for (PackageSetting ps : mSettings.mPackages.values()) { 7565 addPackageHoldingPermissions(list, ps, permissions, tmpBools, flags, 7566 userId); 7567 } 7568 } else { 7569 for (PackageParser.Package pkg : mPackages.values()) { 7570 PackageSetting ps = (PackageSetting)pkg.mExtras; 7571 if (ps != null) { 7572 addPackageHoldingPermissions(list, ps, permissions, tmpBools, flags, 7573 userId); 7574 } 7575 } 7576 } 7577 7578 return new ParceledListSlice<PackageInfo>(list); 7579 } 7580 } 7581 7582 @Override 7583 public ParceledListSlice<ApplicationInfo> getInstalledApplications(int flags, int userId) { 7584 if (!sUserManager.exists(userId)) return ParceledListSlice.emptyList(); 7585 flags = updateFlagsForApplication(flags, userId, null); 7586 final boolean listUninstalled = (flags & MATCH_KNOWN_PACKAGES) != 0; 7587 7588 // writer 7589 synchronized (mPackages) { 7590 ArrayList<ApplicationInfo> list; 7591 if (listUninstalled) { 7592 list = new ArrayList<>(mSettings.mPackages.size()); 7593 for (PackageSetting ps : mSettings.mPackages.values()) { 7594 ApplicationInfo ai; 7595 int effectiveFlags = flags; 7596 if (ps.isSystem()) { 7597 effectiveFlags |= PackageManager.MATCH_ANY_USER; 7598 } 7599 if (ps.pkg != null) { 7600 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 7601 continue; 7602 } 7603 ai = PackageParser.generateApplicationInfo(ps.pkg, effectiveFlags, 7604 ps.readUserState(userId), userId); 7605 if (ai != null) { 7606 rebaseEnabledOverlays(ai, userId); 7607 ai.packageName = resolveExternalPackageNameLPr(ps.pkg); 7608 } 7609 } else { 7610 // Shared lib filtering done in generateApplicationInfoFromSettingsLPw 7611 // and already converts to externally visible package name 7612 ai = generateApplicationInfoFromSettingsLPw(ps.name, 7613 Binder.getCallingUid(), effectiveFlags, userId); 7614 } 7615 if (ai != null) { 7616 list.add(ai); 7617 } 7618 } 7619 } else { 7620 list = new ArrayList<>(mPackages.size()); 7621 for (PackageParser.Package p : mPackages.values()) { 7622 if (p.mExtras != null) { 7623 PackageSetting ps = (PackageSetting) p.mExtras; 7624 if (filterSharedLibPackageLPr(ps, Binder.getCallingUid(), userId)) { 7625 continue; 7626 } 7627 ApplicationInfo ai = PackageParser.generateApplicationInfo(p, flags, 7628 ps.readUserState(userId), userId); 7629 if (ai != null) { 7630 rebaseEnabledOverlays(ai, userId); 7631 ai.packageName = resolveExternalPackageNameLPr(p); 7632 list.add(ai); 7633 } 7634 } 7635 } 7636 } 7637 7638 return new ParceledListSlice<>(list); 7639 } 7640 } 7641 7642 @Override 7643 public ParceledListSlice<InstantAppInfo> getInstantApps(int userId) { 7644 if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { 7645 return null; 7646 } 7647 7648 mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_INSTANT_APPS, 7649 "getEphemeralApplications"); 7650 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7651 true /* requireFullPermission */, false /* checkShell */, 7652 "getEphemeralApplications"); 7653 synchronized (mPackages) { 7654 List<InstantAppInfo> instantApps = mInstantAppRegistry 7655 .getInstantAppsLPr(userId); 7656 if (instantApps != null) { 7657 return new ParceledListSlice<>(instantApps); 7658 } 7659 } 7660 return null; 7661 } 7662 7663 @Override 7664 public boolean isInstantApp(String packageName, int userId) { 7665 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7666 true /* requireFullPermission */, false /* checkShell */, 7667 "isInstantApp"); 7668 if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { 7669 return false; 7670 } 7671 int uid = Binder.getCallingUid(); 7672 if (Process.isIsolated(uid)) { 7673 uid = mIsolatedOwners.get(uid); 7674 } 7675 7676 synchronized (mPackages) { 7677 final PackageSetting ps = mSettings.mPackages.get(packageName); 7678 PackageParser.Package pkg = mPackages.get(packageName); 7679 final boolean returnAllowed = 7680 ps != null 7681 && (isCallerSameApp(packageName, uid) 7682 || mContext.checkCallingOrSelfPermission( 7683 android.Manifest.permission.ACCESS_INSTANT_APPS) 7684 == PERMISSION_GRANTED 7685 || mInstantAppRegistry.isInstantAccessGranted( 7686 userId, UserHandle.getAppId(uid), ps.appId)); 7687 if (returnAllowed) { 7688 return ps.getInstantApp(userId); 7689 } 7690 } 7691 return false; 7692 } 7693 7694 @Override 7695 public byte[] getInstantAppCookie(String packageName, int userId) { 7696 if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { 7697 return null; 7698 } 7699 7700 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7701 true /* requireFullPermission */, false /* checkShell */, 7702 "getInstantAppCookie"); 7703 if (!isCallerSameApp(packageName, Binder.getCallingUid())) { 7704 return null; 7705 } 7706 synchronized (mPackages) { 7707 return mInstantAppRegistry.getInstantAppCookieLPw( 7708 packageName, userId); 7709 } 7710 } 7711 7712 @Override 7713 public boolean setInstantAppCookie(String packageName, byte[] cookie, int userId) { 7714 if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { 7715 return true; 7716 } 7717 7718 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7719 true /* requireFullPermission */, true /* checkShell */, 7720 "setInstantAppCookie"); 7721 if (!isCallerSameApp(packageName, Binder.getCallingUid())) { 7722 return false; 7723 } 7724 synchronized (mPackages) { 7725 return mInstantAppRegistry.setInstantAppCookieLPw( 7726 packageName, cookie, userId); 7727 } 7728 } 7729 7730 @Override 7731 public Bitmap getInstantAppIcon(String packageName, int userId) { 7732 if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) { 7733 return null; 7734 } 7735 7736 mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_INSTANT_APPS, 7737 "getInstantAppIcon"); 7738 7739 enforceCrossUserPermission(Binder.getCallingUid(), userId, 7740 true /* requireFullPermission */, false /* checkShell */, 7741 "getInstantAppIcon"); 7742 7743 synchronized (mPackages) { 7744 return mInstantAppRegistry.getInstantAppIconLPw( 7745 packageName, userId); 7746 } 7747 } 7748 7749 private boolean isCallerSameApp(String packageName, int uid) { 7750 PackageParser.Package pkg = mPackages.get(packageName); 7751 return pkg != null 7752 && UserHandle.getAppId(uid) == pkg.applicationInfo.uid; 7753 } 7754 7755 @Override 7756 public @NonNull ParceledListSlice<ApplicationInfo> getPersistentApplications(int flags) { 7757 return new ParceledListSlice<>(getPersistentApplicationsInternal(flags)); 7758 } 7759 7760 private @NonNull List<ApplicationInfo> getPersistentApplicationsInternal(int flags) { 7761 final ArrayList<ApplicationInfo> finalList = new ArrayList<ApplicationInfo>(); 7762 7763 // reader 7764 synchronized (mPackages) { 7765 final Iterator<PackageParser.Package> i = mPackages.values().iterator(); 7766 final int userId = UserHandle.getCallingUserId(); 7767 while (i.hasNext()) { 7768 final PackageParser.Package p = i.next(); 7769 if (p.applicationInfo == null) continue; 7770 7771 final boolean matchesUnaware = ((flags & MATCH_DIRECT_BOOT_UNAWARE) != 0) 7772 && !p.applicationInfo.isDirectBootAware(); 7773 final boolean matchesAware = ((flags & MATCH_DIRECT_BOOT_AWARE) != 0) 7774 && p.applicationInfo.isDirectBootAware(); 7775 7776 if ((p.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0 7777 && (!mSafeMode || isSystemApp(p)) 7778 && (matchesUnaware || matchesAware)) { 7779 PackageSetting ps = mSettings.mPackages.get(p.packageName); 7780 if (ps != null) { 7781 ApplicationInfo ai = PackageParser.generateApplicationInfo(p, flags, 7782 ps.readUserState(userId), userId); 7783 if (ai != null) { 7784 rebaseEnabledOverlays(ai, userId); 7785 finalList.add(ai); 7786 } 7787 } 7788 } 7789 } 7790 } 7791 7792 return finalList; 7793 } 7794 7795 @Override 7796 public ProviderInfo resolveContentProvider(String name, int flags, int userId) { 7797 if (!sUserManager.exists(userId)) return null; 7798 flags = updateFlagsForComponent(flags, userId, name); 7799 final String instantAppPkgName = getInstantAppPackageName(Binder.getCallingUid()); 7800 // reader 7801 synchronized (mPackages) { 7802 final PackageParser.Provider provider = mProvidersByAuthority.get(name); 7803 PackageSetting ps = provider != null 7804 ? mSettings.mPackages.get(provider.owner.packageName) 7805 : null; 7806 if (ps != null) { 7807 final boolean isInstantApp = ps.getInstantApp(userId); 7808 // normal application; filter out instant application provider 7809 if (instantAppPkgName == null && isInstantApp) { 7810 return null; 7811 } 7812 // instant application; filter out other instant applications 7813 if (instantAppPkgName != null 7814 && isInstantApp 7815 && !provider.owner.packageName.equals(instantAppPkgName)) { 7816 return null; 7817 } 7818 // instant application; filter out non-exposed provider 7819 if (instantAppPkgName != null 7820 && !isInstantApp 7821 && (provider.info.flags & ProviderInfo.FLAG_VISIBLE_TO_INSTANT_APP) == 0) { 7822 return null; 7823 } 7824 // provider not enabled 7825 if (!mSettings.isEnabledAndMatchLPr(provider.info, flags, userId)) { 7826 return null; 7827 } 7828 return PackageParser.generateProviderInfo( 7829 provider, flags, ps.readUserState(userId), userId); 7830 } 7831 return null; 7832 } 7833 } 7834 7835 /** 7836 * @deprecated 7837 */ 7838 @Deprecated 7839 public void querySyncProviders(List<String> outNames, List<ProviderInfo> outInfo) { 7840 // reader 7841 synchronized (mPackages) { 7842 final Iterator<Map.Entry<String, PackageParser.Provider>> i = mProvidersByAuthority 7843 .entrySet().iterator(); 7844 final int userId = UserHandle.getCallingUserId(); 7845 while (i.hasNext()) { 7846 Map.Entry<String, PackageParser.Provider> entry = i.next(); 7847 PackageParser.Provider p = entry.getValue(); 7848 PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); 7849 7850 if (ps != null && p.syncable 7851 && (!mSafeMode || (p.info.applicationInfo.flags 7852 &ApplicationInfo.FLAG_SYSTEM) != 0)) { 7853 ProviderInfo info = PackageParser.generateProviderInfo(p, 0, 7854 ps.readUserState(userId), userId); 7855 if (info != null) { 7856 outNames.add(entry.getKey()); 7857 outInfo.add(info); 7858 } 7859 } 7860 } 7861 } 7862 } 7863 7864 @Override 7865 public @NonNull ParceledListSlice<ProviderInfo> queryContentProviders(String processName, 7866 int uid, int flags, String metaDataKey) { 7867 final int userId = processName != null ? UserHandle.getUserId(uid) 7868 : UserHandle.getCallingUserId(); 7869 if (!sUserManager.exists(userId)) return ParceledListSlice.emptyList(); 7870 flags = updateFlagsForComponent(flags, userId, processName); 7871 7872 ArrayList<ProviderInfo> finalList = null; 7873 // reader 7874 synchronized (mPackages) { 7875 final Iterator<PackageParser.Provider> i = mProviders.mProviders.values().iterator(); 7876 while (i.hasNext()) { 7877 final PackageParser.Provider p = i.next(); 7878 PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); 7879 if (ps != null && p.info.authority != null 7880 && (processName == null 7881 || (p.info.processName.equals(processName) 7882 && UserHandle.isSameApp(p.info.applicationInfo.uid, uid))) 7883 && mSettings.isEnabledAndMatchLPr(p.info, flags, userId)) { 7884 7885 // See PM.queryContentProviders()'s javadoc for why we have the metaData 7886 // parameter. 7887 if (metaDataKey != null 7888 && (p.metaData == null || !p.metaData.containsKey(metaDataKey))) { 7889 continue; 7890 } 7891 7892 if (finalList == null) { 7893 finalList = new ArrayList<ProviderInfo>(3); 7894 } 7895 ProviderInfo info = PackageParser.generateProviderInfo(p, flags, 7896 ps.readUserState(userId), userId); 7897 if (info != null) { 7898 finalList.add(info); 7899 } 7900 } 7901 } 7902 } 7903 7904 if (finalList != null) { 7905 Collections.sort(finalList, mProviderInitOrderSorter); 7906 return new ParceledListSlice<ProviderInfo>(finalList); 7907 } 7908 7909 return ParceledListSlice.emptyList(); 7910 } 7911 7912 @Override 7913 public InstrumentationInfo getInstrumentationInfo(ComponentName name, int flags) { 7914 // reader 7915 synchronized (mPackages) { 7916 final PackageParser.Instrumentation i = mInstrumentation.get(name); 7917 return PackageParser.generateInstrumentationInfo(i, flags); 7918 } 7919 } 7920 7921 @Override 7922 public @NonNull ParceledListSlice<InstrumentationInfo> queryInstrumentation( 7923 String targetPackage, int flags) { 7924 return new ParceledListSlice<>(queryInstrumentationInternal(targetPackage, flags)); 7925 } 7926 7927 private @NonNull List<InstrumentationInfo> queryInstrumentationInternal(String targetPackage, 7928 int flags) { 7929 ArrayList<InstrumentationInfo> finalList = new ArrayList<InstrumentationInfo>(); 7930 7931 // reader 7932 synchronized (mPackages) { 7933 final Iterator<PackageParser.Instrumentation> i = mInstrumentation.values().iterator(); 7934 while (i.hasNext()) { 7935 final PackageParser.Instrumentation p = i.next(); 7936 if (targetPackage == null 7937 || targetPackage.equals(p.info.targetPackage)) { 7938 InstrumentationInfo ii = PackageParser.generateInstrumentationInfo(p, 7939 flags); 7940 if (ii != null) { 7941 finalList.add(ii); 7942 } 7943 } 7944 } 7945 } 7946 7947 return finalList; 7948 } 7949 7950 private void scanDirTracedLI(File dir, final int parseFlags, int scanFlags, long currentTime) { 7951 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "scanDir [" + dir.getAbsolutePath() + "]"); 7952 try { 7953 scanDirLI(dir, parseFlags, scanFlags, currentTime); 7954 } finally { 7955 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 7956 } 7957 } 7958 7959 private void scanDirLI(File dir, int parseFlags, int scanFlags, long currentTime) { 7960 final File[] files = dir.listFiles(); 7961 if (ArrayUtils.isEmpty(files)) { 7962 Log.d(TAG, "No files in app dir " + dir); 7963 return; 7964 } 7965 7966 if (DEBUG_PACKAGE_SCANNING) { 7967 Log.d(TAG, "Scanning app dir " + dir + " scanFlags=" + scanFlags 7968 + " flags=0x" + Integer.toHexString(parseFlags)); 7969 } 7970 ParallelPackageParser parallelPackageParser = new ParallelPackageParser( 7971 mSeparateProcesses, mOnlyCore, mMetrics, mCacheDir, 7972 mParallelPackageParserCallback); 7973 7974 // Submit files for parsing in parallel 7975 int fileCount = 0; 7976 for (File file : files) { 7977 final boolean isPackage = (isApkFile(file) || file.isDirectory()) 7978 && !PackageInstallerService.isStageName(file.getName()); 7979 if (!isPackage) { 7980 // Ignore entries which are not packages 7981 continue; 7982 } 7983 parallelPackageParser.submit(file, parseFlags); 7984 fileCount++; 7985 } 7986 7987 // Process results one by one 7988 for (; fileCount > 0; fileCount--) { 7989 ParallelPackageParser.ParseResult parseResult = parallelPackageParser.take(); 7990 Throwable throwable = parseResult.throwable; 7991 int errorCode = PackageManager.INSTALL_SUCCEEDED; 7992 7993 if (throwable == null) { 7994 // Static shared libraries have synthetic package names 7995 if (parseResult.pkg.applicationInfo.isStaticSharedLibrary()) { 7996 renameStaticSharedLibraryPackage(parseResult.pkg); 7997 } 7998 try { 7999 if (errorCode == PackageManager.INSTALL_SUCCEEDED) { 8000 scanPackageLI(parseResult.pkg, parseResult.scanFile, parseFlags, scanFlags, 8001 currentTime, null); 8002 } 8003 } catch (PackageManagerException e) { 8004 errorCode = e.error; 8005 Slog.w(TAG, "Failed to scan " + parseResult.scanFile + ": " + e.getMessage()); 8006 } 8007 } else if (throwable instanceof PackageParser.PackageParserException) { 8008 PackageParser.PackageParserException e = (PackageParser.PackageParserException) 8009 throwable; 8010 errorCode = e.error; 8011 Slog.w(TAG, "Failed to parse " + parseResult.scanFile + ": " + e.getMessage()); 8012 } else { 8013 throw new IllegalStateException("Unexpected exception occurred while parsing " 8014 + parseResult.scanFile, throwable); 8015 } 8016 8017 // Delete invalid userdata apps 8018 if ((parseFlags & PackageParser.PARSE_IS_SYSTEM) == 0 && 8019 errorCode == PackageManager.INSTALL_FAILED_INVALID_APK) { 8020 logCriticalInfo(Log.WARN, 8021 "Deleting invalid package at " + parseResult.scanFile); 8022 removeCodePathLI(parseResult.scanFile); 8023 } 8024 } 8025 parallelPackageParser.close(); 8026 } 8027 8028 private static File getSettingsProblemFile() { 8029 File dataDir = Environment.getDataDirectory(); 8030 File systemDir = new File(dataDir, "system"); 8031 File fname = new File(systemDir, "uiderrors.txt"); 8032 return fname; 8033 } 8034 8035 static void reportSettingsProblem(int priority, String msg) { 8036 logCriticalInfo(priority, msg); 8037 } 8038 8039 public static void logCriticalInfo(int priority, String msg) { 8040 Slog.println(priority, TAG, msg); 8041 EventLogTags.writePmCriticalInfo(msg); 8042 try { 8043 File fname = getSettingsProblemFile(); 8044 FileOutputStream out = new FileOutputStream(fname, true); 8045 PrintWriter pw = new FastPrintWriter(out); 8046 SimpleDateFormat formatter = new SimpleDateFormat(); 8047 String dateString = formatter.format(new Date(System.currentTimeMillis())); 8048 pw.println(dateString + ": " + msg); 8049 pw.close(); 8050 FileUtils.setPermissions( 8051 fname.toString(), 8052 FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IROTH, 8053 -1, -1); 8054 } catch (java.io.IOException e) { 8055 } 8056 } 8057 8058 private long getLastModifiedTime(PackageParser.Package pkg, File srcFile) { 8059 if (srcFile.isDirectory()) { 8060 final File baseFile = new File(pkg.baseCodePath); 8061 long maxModifiedTime = baseFile.lastModified(); 8062 if (pkg.splitCodePaths != null) { 8063 for (int i = pkg.splitCodePaths.length - 1; i >=0; --i) { 8064 final File splitFile = new File(pkg.splitCodePaths[i]); 8065 maxModifiedTime = Math.max(maxModifiedTime, splitFile.lastModified()); 8066 } 8067 } 8068 return maxModifiedTime; 8069 } 8070 return srcFile.lastModified(); 8071 } 8072 8073 private void collectCertificatesLI(PackageSetting ps, PackageParser.Package pkg, File srcFile, 8074 final int policyFlags) throws PackageManagerException { 8075 // When upgrading from pre-N MR1, verify the package time stamp using the package 8076 // directory and not the APK file. 8077 final long lastModifiedTime = mIsPreNMR1Upgrade 8078 ? new File(pkg.codePath).lastModified() : getLastModifiedTime(pkg, srcFile); 8079 if (ps != null 8080 && ps.codePath.equals(srcFile) 8081 && ps.timeStamp == lastModifiedTime 8082 && !isCompatSignatureUpdateNeeded(pkg) 8083 && !isRecoverSignatureUpdateNeeded(pkg)) { 8084 long mSigningKeySetId = ps.keySetData.getProperSigningKeySet(); 8085 KeySetManagerService ksms = mSettings.mKeySetManagerService; 8086 ArraySet<PublicKey> signingKs; 8087 synchronized (mPackages) { 8088 signingKs = ksms.getPublicKeysFromKeySetLPr(mSigningKeySetId); 8089 } 8090 if (ps.signatures.mSignatures != null 8091 && ps.signatures.mSignatures.length != 0 8092 && signingKs != null) { 8093 // Optimization: reuse the existing cached certificates 8094 // if the package appears to be unchanged. 8095 pkg.mSignatures = ps.signatures.mSignatures; 8096 pkg.mSigningKeys = signingKs; 8097 return; 8098 } 8099 8100 Slog.w(TAG, "PackageSetting for " + ps.name 8101 + " is missing signatures. Collecting certs again to recover them."); 8102 } else { 8103 Slog.i(TAG, srcFile.toString() + " changed; collecting certs"); 8104 } 8105 8106 try { 8107 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates"); 8108 PackageParser.collectCertificates(pkg, policyFlags); 8109 } catch (PackageParserException e) { 8110 throw PackageManagerException.from(e); 8111 } finally { 8112 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 8113 } 8114 } 8115 8116 /** 8117 * Traces a package scan. 8118 * @see #scanPackageLI(File, int, int, long, UserHandle) 8119 */ 8120 private PackageParser.Package scanPackageTracedLI(File scanFile, final int parseFlags, 8121 int scanFlags, long currentTime, UserHandle user) throws PackageManagerException { 8122 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "scanPackage [" + scanFile.toString() + "]"); 8123 try { 8124 return scanPackageLI(scanFile, parseFlags, scanFlags, currentTime, user); 8125 } finally { 8126 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 8127 } 8128 } 8129 8130 /** 8131 * Scans a package and returns the newly parsed package. 8132 * Returns {@code null} in case of errors and the error code is stored in mLastScanError 8133 */ 8134 private PackageParser.Package scanPackageLI(File scanFile, int parseFlags, int scanFlags, 8135 long currentTime, UserHandle user) throws PackageManagerException { 8136 if (DEBUG_INSTALL) Slog.d(TAG, "Parsing: " + scanFile); 8137 PackageParser pp = new PackageParser(); 8138 pp.setSeparateProcesses(mSeparateProcesses); 8139 pp.setOnlyCoreApps(mOnlyCore); 8140 pp.setDisplayMetrics(mMetrics); 8141 pp.setCallback(mPackageParserCallback); 8142 8143 if ((scanFlags & SCAN_TRUSTED_OVERLAY) != 0) { 8144 parseFlags |= PackageParser.PARSE_TRUSTED_OVERLAY; 8145 } 8146 8147 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "parsePackage"); 8148 final PackageParser.Package pkg; 8149 try { 8150 pkg = pp.parsePackage(scanFile, parseFlags); 8151 } catch (PackageParserException e) { 8152 throw PackageManagerException.from(e); 8153 } finally { 8154 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 8155 } 8156 8157 // Static shared libraries have synthetic package names 8158 if (pkg.applicationInfo.isStaticSharedLibrary()) { 8159 renameStaticSharedLibraryPackage(pkg); 8160 } 8161 8162 return scanPackageLI(pkg, scanFile, parseFlags, scanFlags, currentTime, user); 8163 } 8164 8165 /** 8166 * Scans a package and returns the newly parsed package. 8167 * @throws PackageManagerException on a parse error. 8168 */ 8169 private PackageParser.Package scanPackageLI(PackageParser.Package pkg, File scanFile, 8170 final int policyFlags, int scanFlags, long currentTime, @Nullable UserHandle user) 8171 throws PackageManagerException { 8172 // If the package has children and this is the first dive in the function 8173 // we scan the package with the SCAN_CHECK_ONLY flag set to see whether all 8174 // packages (parent and children) would be successfully scanned before the 8175 // actual scan since scanning mutates internal state and we want to atomically 8176 // install the package and its children. 8177 if ((scanFlags & SCAN_CHECK_ONLY) == 0) { 8178 if (pkg.childPackages != null && pkg.childPackages.size() > 0) { 8179 scanFlags |= SCAN_CHECK_ONLY; 8180 } 8181 } else { 8182 scanFlags &= ~SCAN_CHECK_ONLY; 8183 } 8184 8185 // Scan the parent 8186 PackageParser.Package scannedPkg = scanPackageInternalLI(pkg, scanFile, policyFlags, 8187 scanFlags, currentTime, user); 8188 8189 // Scan the children 8190 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 8191 for (int i = 0; i < childCount; i++) { 8192 PackageParser.Package childPackage = pkg.childPackages.get(i); 8193 scanPackageInternalLI(childPackage, scanFile, policyFlags, scanFlags, 8194 currentTime, user); 8195 } 8196 8197 8198 if ((scanFlags & SCAN_CHECK_ONLY) != 0) { 8199 return scanPackageLI(pkg, scanFile, policyFlags, scanFlags, currentTime, user); 8200 } 8201 8202 return scannedPkg; 8203 } 8204 8205 /** 8206 * Scans a package and returns the newly parsed package. 8207 * @throws PackageManagerException on a parse error. 8208 */ 8209 private PackageParser.Package scanPackageInternalLI(PackageParser.Package pkg, File scanFile, 8210 int policyFlags, int scanFlags, long currentTime, @Nullable UserHandle user) 8211 throws PackageManagerException { 8212 PackageSetting ps = null; 8213 PackageSetting updatedPkg; 8214 // reader 8215 synchronized (mPackages) { 8216 // Look to see if we already know about this package. 8217 String oldName = mSettings.getRenamedPackageLPr(pkg.packageName); 8218 if (pkg.mOriginalPackages != null && pkg.mOriginalPackages.contains(oldName)) { 8219 // This package has been renamed to its original name. Let's 8220 // use that. 8221 ps = mSettings.getPackageLPr(oldName); 8222 } 8223 // If there was no original package, see one for the real package name. 8224 if (ps == null) { 8225 ps = mSettings.getPackageLPr(pkg.packageName); 8226 } 8227 // Check to see if this package could be hiding/updating a system 8228 // package. Must look for it either under the original or real 8229 // package name depending on our state. 8230 updatedPkg = mSettings.getDisabledSystemPkgLPr(ps != null ? ps.name : pkg.packageName); 8231 if (DEBUG_INSTALL && updatedPkg != null) Slog.d(TAG, "updatedPkg = " + updatedPkg); 8232 8233 // If this is a package we don't know about on the system partition, we 8234 // may need to remove disabled child packages on the system partition 8235 // or may need to not add child packages if the parent apk is updated 8236 // on the data partition and no longer defines this child package. 8237 if ((policyFlags & PackageParser.PARSE_IS_SYSTEM) != 0) { 8238 // If this is a parent package for an updated system app and this system 8239 // app got an OTA update which no longer defines some of the child packages 8240 // we have to prune them from the disabled system packages. 8241 PackageSetting disabledPs = mSettings.getDisabledSystemPkgLPr(pkg.packageName); 8242 if (disabledPs != null) { 8243 final int scannedChildCount = (pkg.childPackages != null) 8244 ? pkg.childPackages.size() : 0; 8245 final int disabledChildCount = disabledPs.childPackageNames != null 8246 ? disabledPs.childPackageNames.size() : 0; 8247 for (int i = 0; i < disabledChildCount; i++) { 8248 String disabledChildPackageName = disabledPs.childPackageNames.get(i); 8249 boolean disabledPackageAvailable = false; 8250 for (int j = 0; j < scannedChildCount; j++) { 8251 PackageParser.Package childPkg = pkg.childPackages.get(j); 8252 if (childPkg.packageName.equals(disabledChildPackageName)) { 8253 disabledPackageAvailable = true; 8254 break; 8255 } 8256 } 8257 if (!disabledPackageAvailable) { 8258 mSettings.removeDisabledSystemPackageLPw(disabledChildPackageName); 8259 } 8260 } 8261 } 8262 } 8263 } 8264 8265 boolean updatedPkgBetter = false; 8266 // First check if this is a system package that may involve an update 8267 if (updatedPkg != null && (policyFlags & PackageParser.PARSE_IS_SYSTEM) != 0) { 8268 // If new package is not located in "/system/priv-app" (e.g. due to an OTA), 8269 // it needs to drop FLAG_PRIVILEGED. 8270 if (locationIsPrivileged(scanFile)) { 8271 updatedPkg.pkgPrivateFlags |= ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; 8272 } else { 8273 updatedPkg.pkgPrivateFlags &= ~ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; 8274 } 8275 8276 if (ps != null && !ps.codePath.equals(scanFile)) { 8277 // The path has changed from what was last scanned... check the 8278 // version of the new path against what we have stored to determine 8279 // what to do. 8280 if (DEBUG_INSTALL) Slog.d(TAG, "Path changing from " + ps.codePath); 8281 if (pkg.mVersionCode <= ps.versionCode) { 8282 // The system package has been updated and the code path does not match 8283 // Ignore entry. Skip it. 8284 if (DEBUG_INSTALL) Slog.i(TAG, "Package " + ps.name + " at " + scanFile 8285 + " ignored: updated version " + ps.versionCode 8286 + " better than this " + pkg.mVersionCode); 8287 if (!updatedPkg.codePath.equals(scanFile)) { 8288 Slog.w(PackageManagerService.TAG, "Code path for hidden system pkg " 8289 + ps.name + " changing from " + updatedPkg.codePathString 8290 + " to " + scanFile); 8291 updatedPkg.codePath = scanFile; 8292 updatedPkg.codePathString = scanFile.toString(); 8293 updatedPkg.resourcePath = scanFile; 8294 updatedPkg.resourcePathString = scanFile.toString(); 8295 } 8296 updatedPkg.pkg = pkg; 8297 updatedPkg.versionCode = pkg.mVersionCode; 8298 8299 // Update the disabled system child packages to point to the package too. 8300 final int childCount = updatedPkg.childPackageNames != null 8301 ? updatedPkg.childPackageNames.size() : 0; 8302 for (int i = 0; i < childCount; i++) { 8303 String childPackageName = updatedPkg.childPackageNames.get(i); 8304 PackageSetting updatedChildPkg = mSettings.getDisabledSystemPkgLPr( 8305 childPackageName); 8306 if (updatedChildPkg != null) { 8307 updatedChildPkg.pkg = pkg; 8308 updatedChildPkg.versionCode = pkg.mVersionCode; 8309 } 8310 } 8311 8312 throw new PackageManagerException(Log.WARN, "Package " + ps.name + " at " 8313 + scanFile + " ignored: updated version " + ps.versionCode 8314 + " better than this " + pkg.mVersionCode); 8315 } else { 8316 // The current app on the system partition is better than 8317 // what we have updated to on the data partition; switch 8318 // back to the system partition version. 8319 // At this point, its safely assumed that package installation for 8320 // apps in system partition will go through. If not there won't be a working 8321 // version of the app 8322 // writer 8323 synchronized (mPackages) { 8324 // Just remove the loaded entries from package lists. 8325 mPackages.remove(ps.name); 8326 } 8327 8328 logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile 8329 + " reverting from " + ps.codePathString 8330 + ": new version " + pkg.mVersionCode 8331 + " better than installed " + ps.versionCode); 8332 8333 InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps), 8334 ps.codePathString, ps.resourcePathString, getAppDexInstructionSets(ps)); 8335 synchronized (mInstallLock) { 8336 args.cleanUpResourcesLI(); 8337 } 8338 synchronized (mPackages) { 8339 mSettings.enableSystemPackageLPw(ps.name); 8340 } 8341 updatedPkgBetter = true; 8342 } 8343 } 8344 } 8345 8346 if (updatedPkg != null) { 8347 // An updated system app will not have the PARSE_IS_SYSTEM flag set 8348 // initially 8349 policyFlags |= PackageParser.PARSE_IS_SYSTEM; 8350 8351 // An updated privileged app will not have the PARSE_IS_PRIVILEGED 8352 // flag set initially 8353 if ((updatedPkg.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0) { 8354 policyFlags |= PackageParser.PARSE_IS_PRIVILEGED; 8355 } 8356 } 8357 8358 // Verify certificates against what was last scanned 8359 collectCertificatesLI(ps, pkg, scanFile, policyFlags); 8360 8361 /* 8362 * A new system app appeared, but we already had a non-system one of the 8363 * same name installed earlier. 8364 */ 8365 boolean shouldHideSystemApp = false; 8366 if (updatedPkg == null && ps != null 8367 && (policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) != 0 && !isSystemApp(ps)) { 8368 /* 8369 * Check to make sure the signatures match first. If they don't, 8370 * wipe the installed application and its data. 8371 */ 8372 if (compareSignatures(ps.signatures.mSignatures, pkg.mSignatures) 8373 != PackageManager.SIGNATURE_MATCH) { 8374 logCriticalInfo(Log.WARN, "Package " + ps.name + " appeared on system, but" 8375 + " signatures don't match existing userdata copy; removing"); 8376 try (PackageFreezer freezer = freezePackage(pkg.packageName, 8377 "scanPackageInternalLI")) { 8378 deletePackageLIF(pkg.packageName, null, true, null, 0, null, false, null); 8379 } 8380 ps = null; 8381 } else { 8382 /* 8383 * If the newly-added system app is an older version than the 8384 * already installed version, hide it. It will be scanned later 8385 * and re-added like an update. 8386 */ 8387 if (pkg.mVersionCode <= ps.versionCode) { 8388 shouldHideSystemApp = true; 8389 logCriticalInfo(Log.INFO, "Package " + ps.name + " appeared at " + scanFile 8390 + " but new version " + pkg.mVersionCode + " better than installed " 8391 + ps.versionCode + "; hiding system"); 8392 } else { 8393 /* 8394 * The newly found system app is a newer version that the 8395 * one previously installed. Simply remove the 8396 * already-installed application and replace it with our own 8397 * while keeping the application data. 8398 */ 8399 logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile 8400 + " reverting from " + ps.codePathString + ": new version " 8401 + pkg.mVersionCode + " better than installed " + ps.versionCode); 8402 InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps), 8403 ps.codePathString, ps.resourcePathString, getAppDexInstructionSets(ps)); 8404 synchronized (mInstallLock) { 8405 args.cleanUpResourcesLI(); 8406 } 8407 } 8408 } 8409 } 8410 8411 // The apk is forward locked (not public) if its code and resources 8412 // are kept in different files. (except for app in either system or 8413 // vendor path). 8414 // TODO grab this value from PackageSettings 8415 if ((policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { 8416 if (ps != null && !ps.codePath.equals(ps.resourcePath)) { 8417 policyFlags |= PackageParser.PARSE_FORWARD_LOCK; 8418 } 8419 } 8420 8421 // TODO: extend to support forward-locked splits 8422 String resourcePath = null; 8423 String baseResourcePath = null; 8424 if ((policyFlags & PackageParser.PARSE_FORWARD_LOCK) != 0 && !updatedPkgBetter) { 8425 if (ps != null && ps.resourcePathString != null) { 8426 resourcePath = ps.resourcePathString; 8427 baseResourcePath = ps.resourcePathString; 8428 } else { 8429 // Should not happen at all. Just log an error. 8430 Slog.e(TAG, "Resource path not set for package " + pkg.packageName); 8431 } 8432 } else { 8433 resourcePath = pkg.codePath; 8434 baseResourcePath = pkg.baseCodePath; 8435 } 8436 8437 // Set application objects path explicitly. 8438 pkg.setApplicationVolumeUuid(pkg.volumeUuid); 8439 pkg.setApplicationInfoCodePath(pkg.codePath); 8440 pkg.setApplicationInfoBaseCodePath(pkg.baseCodePath); 8441 pkg.setApplicationInfoSplitCodePaths(pkg.splitCodePaths); 8442 pkg.setApplicationInfoResourcePath(resourcePath); 8443 pkg.setApplicationInfoBaseResourcePath(baseResourcePath); 8444 pkg.setApplicationInfoSplitResourcePaths(pkg.splitCodePaths); 8445 8446 final int userId = ((user == null) ? 0 : user.getIdentifier()); 8447 if (ps != null && ps.getInstantApp(userId)) { 8448 scanFlags |= SCAN_AS_INSTANT_APP; 8449 } 8450 8451 // Note that we invoke the following method only if we are about to unpack an application 8452 PackageParser.Package scannedPkg = scanPackageLI(pkg, policyFlags, scanFlags 8453 | SCAN_UPDATE_SIGNATURE, currentTime, user); 8454 8455 /* 8456 * If the system app should be overridden by a previously installed 8457 * data, hide the system app now and let the /data/app scan pick it up 8458 * again. 8459 */ 8460 if (shouldHideSystemApp) { 8461 synchronized (mPackages) { 8462 mSettings.disableSystemPackageLPw(pkg.packageName, true); 8463 } 8464 } 8465 8466 return scannedPkg; 8467 } 8468 8469 private void renameStaticSharedLibraryPackage(PackageParser.Package pkg) { 8470 // Derive the new package synthetic package name 8471 pkg.setPackageName(pkg.packageName + STATIC_SHARED_LIB_DELIMITER 8472 + pkg.staticSharedLibVersion); 8473 } 8474 8475 private static String fixProcessName(String defProcessName, 8476 String processName) { 8477 if (processName == null) { 8478 return defProcessName; 8479 } 8480 return processName; 8481 } 8482 8483 private void verifySignaturesLP(PackageSetting pkgSetting, PackageParser.Package pkg) 8484 throws PackageManagerException { 8485 if (pkgSetting.signatures.mSignatures != null) { 8486 // Already existing package. Make sure signatures match 8487 boolean match = compareSignatures(pkgSetting.signatures.mSignatures, pkg.mSignatures) 8488 == PackageManager.SIGNATURE_MATCH; 8489 if (!match) { 8490 match = compareSignaturesCompat(pkgSetting.signatures, pkg) 8491 == PackageManager.SIGNATURE_MATCH; 8492 } 8493 if (!match) { 8494 match = compareSignaturesRecover(pkgSetting.signatures, pkg) 8495 == PackageManager.SIGNATURE_MATCH; 8496 } 8497 if (!match) { 8498 throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE, "Package " 8499 + pkg.packageName + " signatures do not match the " 8500 + "previously installed version; ignoring!"); 8501 } 8502 } 8503 8504 // Check for shared user signatures 8505 if (pkgSetting.sharedUser != null && pkgSetting.sharedUser.signatures.mSignatures != null) { 8506 // Already existing package. Make sure signatures match 8507 boolean match = compareSignatures(pkgSetting.sharedUser.signatures.mSignatures, 8508 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 8509 if (!match) { 8510 match = compareSignaturesCompat(pkgSetting.sharedUser.signatures, pkg) 8511 == PackageManager.SIGNATURE_MATCH; 8512 } 8513 if (!match) { 8514 match = compareSignaturesRecover(pkgSetting.sharedUser.signatures, pkg) 8515 == PackageManager.SIGNATURE_MATCH; 8516 } 8517 if (!match) { 8518 throw new PackageManagerException(INSTALL_FAILED_SHARED_USER_INCOMPATIBLE, 8519 "Package " + pkg.packageName 8520 + " has no signatures that match those in shared user " 8521 + pkgSetting.sharedUser.name + "; ignoring!"); 8522 } 8523 } 8524 } 8525 8526 /** 8527 * Enforces that only the system UID or root's UID can call a method exposed 8528 * via Binder. 8529 * 8530 * @param message used as message if SecurityException is thrown 8531 * @throws SecurityException if the caller is not system or root 8532 */ 8533 private static final void enforceSystemOrRoot(String message) { 8534 final int uid = Binder.getCallingUid(); 8535 if (uid != Process.SYSTEM_UID && uid != 0) { 8536 throw new SecurityException(message); 8537 } 8538 } 8539 8540 @Override 8541 public void performFstrimIfNeeded() { 8542 enforceSystemOrRoot("Only the system can request fstrim"); 8543 8544 // Before everything else, see whether we need to fstrim. 8545 try { 8546 IStorageManager sm = PackageHelper.getStorageManager(); 8547 if (sm != null) { 8548 boolean doTrim = false; 8549 final long interval = android.provider.Settings.Global.getLong( 8550 mContext.getContentResolver(), 8551 android.provider.Settings.Global.FSTRIM_MANDATORY_INTERVAL, 8552 DEFAULT_MANDATORY_FSTRIM_INTERVAL); 8553 if (interval > 0) { 8554 final long timeSinceLast = System.currentTimeMillis() - sm.lastMaintenance(); 8555 if (timeSinceLast > interval) { 8556 doTrim = true; 8557 Slog.w(TAG, "No disk maintenance in " + timeSinceLast 8558 + "; running immediately"); 8559 } 8560 } 8561 if (doTrim) { 8562 final boolean dexOptDialogShown; 8563 synchronized (mPackages) { 8564 dexOptDialogShown = mDexOptDialogShown; 8565 } 8566 if (!isFirstBoot() && dexOptDialogShown) { 8567 try { 8568 ActivityManager.getService().showBootMessage( 8569 mContext.getResources().getString( 8570 R.string.android_upgrading_fstrim), true); 8571 } catch (RemoteException e) { 8572 } 8573 } 8574 sm.runMaintenance(); 8575 } 8576 } else { 8577 Slog.e(TAG, "storageManager service unavailable!"); 8578 } 8579 } catch (RemoteException e) { 8580 // Can't happen; StorageManagerService is local 8581 } 8582 } 8583 8584 @Override 8585 public void updatePackagesIfNeeded() { 8586 enforceSystemOrRoot("Only the system can request package update"); 8587 8588 // We need to re-extract after an OTA. 8589 boolean causeUpgrade = isUpgrade(); 8590 8591 // First boot or factory reset. 8592 // Note: we also handle devices that are upgrading to N right now as if it is their 8593 // first boot, as they do not have profile data. 8594 boolean causeFirstBoot = isFirstBoot() || mIsPreNUpgrade; 8595 8596 // We need to re-extract after a pruned cache, as AoT-ed files will be out of date. 8597 boolean causePrunedCache = VMRuntime.didPruneDalvikCache(); 8598 8599 if (!causeUpgrade && !causeFirstBoot && !causePrunedCache) { 8600 return; 8601 } 8602 8603 List<PackageParser.Package> pkgs; 8604 synchronized (mPackages) { 8605 pkgs = PackageManagerServiceUtils.getPackagesForDexopt(mPackages.values(), this); 8606 } 8607 8608 final long startTime = System.nanoTime(); 8609 final int[] stats = performDexOptUpgrade(pkgs, mIsPreNUpgrade /* showDialog */, 8610 getCompilerFilterForReason(causeFirstBoot ? REASON_FIRST_BOOT : REASON_BOOT)); 8611 8612 final int elapsedTimeSeconds = 8613 (int) TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - startTime); 8614 8615 MetricsLogger.histogram(mContext, "opt_dialog_num_dexopted", stats[0]); 8616 MetricsLogger.histogram(mContext, "opt_dialog_num_skipped", stats[1]); 8617 MetricsLogger.histogram(mContext, "opt_dialog_num_failed", stats[2]); 8618 MetricsLogger.histogram(mContext, "opt_dialog_num_total", getOptimizablePackages().size()); 8619 MetricsLogger.histogram(mContext, "opt_dialog_time_s", elapsedTimeSeconds); 8620 } 8621 8622 /** 8623 * Performs dexopt on the set of packages in {@code packages} and returns an int array 8624 * containing statistics about the invocation. The array consists of three elements, 8625 * which are (in order) {@code numberOfPackagesOptimized}, {@code numberOfPackagesSkipped} 8626 * and {@code numberOfPackagesFailed}. 8627 */ 8628 private int[] performDexOptUpgrade(List<PackageParser.Package> pkgs, boolean showDialog, 8629 String compilerFilter) { 8630 8631 int numberOfPackagesVisited = 0; 8632 int numberOfPackagesOptimized = 0; 8633 int numberOfPackagesSkipped = 0; 8634 int numberOfPackagesFailed = 0; 8635 final int numberOfPackagesToDexopt = pkgs.size(); 8636 8637 for (PackageParser.Package pkg : pkgs) { 8638 numberOfPackagesVisited++; 8639 8640 if (!PackageDexOptimizer.canOptimizePackage(pkg)) { 8641 if (DEBUG_DEXOPT) { 8642 Log.i(TAG, "Skipping update of of non-optimizable app " + pkg.packageName); 8643 } 8644 numberOfPackagesSkipped++; 8645 continue; 8646 } 8647 8648 if (DEBUG_DEXOPT) { 8649 Log.i(TAG, "Updating app " + numberOfPackagesVisited + " of " + 8650 numberOfPackagesToDexopt + ": " + pkg.packageName); 8651 } 8652 8653 if (showDialog) { 8654 try { 8655 ActivityManager.getService().showBootMessage( 8656 mContext.getResources().getString(R.string.android_upgrading_apk, 8657 numberOfPackagesVisited, numberOfPackagesToDexopt), true); 8658 } catch (RemoteException e) { 8659 } 8660 synchronized (mPackages) { 8661 mDexOptDialogShown = true; 8662 } 8663 } 8664 8665 // If the OTA updates a system app which was previously preopted to a non-preopted state 8666 // the app might end up being verified at runtime. That's because by default the apps 8667 // are verify-profile but for preopted apps there's no profile. 8668 // Do a hacky check to ensure that if we have no profiles (a reasonable indication 8669 // that before the OTA the app was preopted) the app gets compiled with a non-profile 8670 // filter (by default interpret-only). 8671 // Note that at this stage unused apps are already filtered. 8672 if (isSystemApp(pkg) && 8673 DexFile.isProfileGuidedCompilerFilter(compilerFilter) && 8674 !Environment.getReferenceProfile(pkg.packageName).exists()) { 8675 compilerFilter = getNonProfileGuidedCompilerFilter(compilerFilter); 8676 } 8677 8678 // checkProfiles is false to avoid merging profiles during boot which 8679 // might interfere with background compilation (b/28612421). 8680 // Unfortunately this will also means that "pm.dexopt.boot=speed-profile" will 8681 // behave differently than "pm.dexopt.bg-dexopt=speed-profile" but that's a 8682 // trade-off worth doing to save boot time work. 8683 int dexOptStatus = performDexOptTraced(pkg.packageName, 8684 false /* checkProfiles */, 8685 compilerFilter, 8686 false /* force */); 8687 switch (dexOptStatus) { 8688 case PackageDexOptimizer.DEX_OPT_PERFORMED: 8689 numberOfPackagesOptimized++; 8690 break; 8691 case PackageDexOptimizer.DEX_OPT_SKIPPED: 8692 numberOfPackagesSkipped++; 8693 break; 8694 case PackageDexOptimizer.DEX_OPT_FAILED: 8695 numberOfPackagesFailed++; 8696 break; 8697 default: 8698 Log.e(TAG, "Unexpected dexopt return code " + dexOptStatus); 8699 break; 8700 } 8701 } 8702 8703 return new int[] { numberOfPackagesOptimized, numberOfPackagesSkipped, 8704 numberOfPackagesFailed }; 8705 } 8706 8707 @Override 8708 public void notifyPackageUse(String packageName, int reason) { 8709 synchronized (mPackages) { 8710 PackageParser.Package p = mPackages.get(packageName); 8711 if (p == null) { 8712 return; 8713 } 8714 p.mLastPackageUsageTimeInMills[reason] = System.currentTimeMillis(); 8715 } 8716 } 8717 8718 @Override 8719 public void notifyDexLoad(String loadingPackageName, List<String> dexPaths, String loaderIsa) { 8720 int userId = UserHandle.getCallingUserId(); 8721 ApplicationInfo ai = getApplicationInfo(loadingPackageName, /*flags*/ 0, userId); 8722 if (ai == null) { 8723 Slog.w(TAG, "Loading a package that does not exist for the calling user. package=" 8724 + loadingPackageName + ", user=" + userId); 8725 return; 8726 } 8727 mDexManager.notifyDexLoad(ai, dexPaths, loaderIsa, userId); 8728 } 8729 8730 @Override 8731 public boolean performDexOpt(String packageName, 8732 boolean checkProfiles, int compileReason, boolean force) { 8733 int dexOptStatus = performDexOptTraced(packageName, checkProfiles, 8734 getCompilerFilterForReason(compileReason), force); 8735 return dexOptStatus != PackageDexOptimizer.DEX_OPT_FAILED; 8736 } 8737 8738 @Override 8739 public boolean performDexOptMode(String packageName, 8740 boolean checkProfiles, String targetCompilerFilter, boolean force) { 8741 int dexOptStatus = performDexOptTraced(packageName, checkProfiles, 8742 targetCompilerFilter, force); 8743 return dexOptStatus != PackageDexOptimizer.DEX_OPT_FAILED; 8744 } 8745 8746 private int performDexOptTraced(String packageName, 8747 boolean checkProfiles, String targetCompilerFilter, boolean force) { 8748 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dexopt"); 8749 try { 8750 return performDexOptInternal(packageName, checkProfiles, 8751 targetCompilerFilter, force); 8752 } finally { 8753 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 8754 } 8755 } 8756 8757 // Run dexopt on a given package. Returns true if dexopt did not fail, i.e. 8758 // if the package can now be considered up to date for the given filter. 8759 private int performDexOptInternal(String packageName, 8760 boolean checkProfiles, String targetCompilerFilter, boolean force) { 8761 PackageParser.Package p; 8762 synchronized (mPackages) { 8763 p = mPackages.get(packageName); 8764 if (p == null) { 8765 // Package could not be found. Report failure. 8766 return PackageDexOptimizer.DEX_OPT_FAILED; 8767 } 8768 mPackageUsage.maybeWriteAsync(mPackages); 8769 mCompilerStats.maybeWriteAsync(); 8770 } 8771 long callingId = Binder.clearCallingIdentity(); 8772 try { 8773 synchronized (mInstallLock) { 8774 return performDexOptInternalWithDependenciesLI(p, checkProfiles, 8775 targetCompilerFilter, force); 8776 } 8777 } finally { 8778 Binder.restoreCallingIdentity(callingId); 8779 } 8780 } 8781 8782 public ArraySet<String> getOptimizablePackages() { 8783 ArraySet<String> pkgs = new ArraySet<String>(); 8784 synchronized (mPackages) { 8785 for (PackageParser.Package p : mPackages.values()) { 8786 if (PackageDexOptimizer.canOptimizePackage(p)) { 8787 pkgs.add(p.packageName); 8788 } 8789 } 8790 } 8791 return pkgs; 8792 } 8793 8794 private int performDexOptInternalWithDependenciesLI(PackageParser.Package p, 8795 boolean checkProfiles, String targetCompilerFilter, 8796 boolean force) { 8797 // Select the dex optimizer based on the force parameter. 8798 // Note: The force option is rarely used (cmdline input for testing, mostly), so it's OK to 8799 // allocate an object here. 8800 PackageDexOptimizer pdo = force 8801 ? new PackageDexOptimizer.ForcedUpdatePackageDexOptimizer(mPackageDexOptimizer) 8802 : mPackageDexOptimizer; 8803 8804 // Dexopt all dependencies first. Note: we ignore the return value and march on 8805 // on errors. 8806 // Note that we are going to call performDexOpt on those libraries as many times as 8807 // they are referenced in packages. When we do a batch of performDexOpt (for example 8808 // at boot, or background job), the passed 'targetCompilerFilter' stays the same, 8809 // and the first package that uses the library will dexopt it. The 8810 // others will see that the compiled code for the library is up to date. 8811 Collection<PackageParser.Package> deps = findSharedNonSystemLibraries(p); 8812 final String[] instructionSets = getAppDexInstructionSets(p.applicationInfo); 8813 if (!deps.isEmpty()) { 8814 for (PackageParser.Package depPackage : deps) { 8815 // TODO: Analyze and investigate if we (should) profile libraries. 8816 pdo.performDexOpt(depPackage, null /* sharedLibraries */, instructionSets, 8817 false /* checkProfiles */, 8818 targetCompilerFilter, 8819 getOrCreateCompilerPackageStats(depPackage), 8820 true /* isUsedByOtherApps */); 8821 } 8822 } 8823 return pdo.performDexOpt(p, p.usesLibraryFiles, instructionSets, checkProfiles, 8824 targetCompilerFilter, getOrCreateCompilerPackageStats(p), 8825 mDexManager.isUsedByOtherApps(p.packageName)); 8826 } 8827 8828 // Performs dexopt on the used secondary dex files belonging to the given package. 8829 // Returns true if all dex files were process successfully (which could mean either dexopt or 8830 // skip). Returns false if any of the files caused errors. 8831 @Override 8832 public boolean performDexOptSecondary(String packageName, String compilerFilter, 8833 boolean force) { 8834 mDexManager.reconcileSecondaryDexFiles(packageName); 8835 return mDexManager.dexoptSecondaryDex(packageName, compilerFilter, force); 8836 } 8837 8838 public boolean performDexOptSecondary(String packageName, int compileReason, 8839 boolean force) { 8840 return mDexManager.dexoptSecondaryDex(packageName, compileReason, force); 8841 } 8842 8843 /** 8844 * Reconcile the information we have about the secondary dex files belonging to 8845 * {@code packagName} and the actual dex files. For all dex files that were 8846 * deleted, update the internal records and delete the generated oat files. 8847 */ 8848 @Override 8849 public void reconcileSecondaryDexFiles(String packageName) { 8850 mDexManager.reconcileSecondaryDexFiles(packageName); 8851 } 8852 8853 // TODO(calin): this is only needed for BackgroundDexOptService. Find a cleaner way to inject 8854 // a reference there. 8855 /*package*/ DexManager getDexManager() { 8856 return mDexManager; 8857 } 8858 8859 /** 8860 * Execute the background dexopt job immediately. 8861 */ 8862 @Override 8863 public boolean runBackgroundDexoptJob() { 8864 return BackgroundDexOptService.runIdleOptimizationsNow(this, mContext); 8865 } 8866 8867 List<PackageParser.Package> findSharedNonSystemLibraries(PackageParser.Package p) { 8868 if (p.usesLibraries != null || p.usesOptionalLibraries != null 8869 || p.usesStaticLibraries != null) { 8870 ArrayList<PackageParser.Package> retValue = new ArrayList<>(); 8871 Set<String> collectedNames = new HashSet<>(); 8872 findSharedNonSystemLibrariesRecursive(p, retValue, collectedNames); 8873 8874 retValue.remove(p); 8875 8876 return retValue; 8877 } else { 8878 return Collections.emptyList(); 8879 } 8880 } 8881 8882 private void findSharedNonSystemLibrariesRecursive(PackageParser.Package p, 8883 ArrayList<PackageParser.Package> collected, Set<String> collectedNames) { 8884 if (!collectedNames.contains(p.packageName)) { 8885 collectedNames.add(p.packageName); 8886 collected.add(p); 8887 8888 if (p.usesLibraries != null) { 8889 findSharedNonSystemLibrariesRecursive(p.usesLibraries, 8890 null, collected, collectedNames); 8891 } 8892 if (p.usesOptionalLibraries != null) { 8893 findSharedNonSystemLibrariesRecursive(p.usesOptionalLibraries, 8894 null, collected, collectedNames); 8895 } 8896 if (p.usesStaticLibraries != null) { 8897 findSharedNonSystemLibrariesRecursive(p.usesStaticLibraries, 8898 p.usesStaticLibrariesVersions, collected, collectedNames); 8899 } 8900 } 8901 } 8902 8903 private void findSharedNonSystemLibrariesRecursive(ArrayList<String> libs, int[] versions, 8904 ArrayList<PackageParser.Package> collected, Set<String> collectedNames) { 8905 final int libNameCount = libs.size(); 8906 for (int i = 0; i < libNameCount; i++) { 8907 String libName = libs.get(i); 8908 int version = (versions != null && versions.length == libNameCount) 8909 ? versions[i] : PackageManager.VERSION_CODE_HIGHEST; 8910 PackageParser.Package libPkg = findSharedNonSystemLibrary(libName, version); 8911 if (libPkg != null) { 8912 findSharedNonSystemLibrariesRecursive(libPkg, collected, collectedNames); 8913 } 8914 } 8915 } 8916 8917 private PackageParser.Package findSharedNonSystemLibrary(String name, int version) { 8918 synchronized (mPackages) { 8919 SharedLibraryEntry libEntry = getSharedLibraryEntryLPr(name, version); 8920 if (libEntry != null) { 8921 return mPackages.get(libEntry.apk); 8922 } 8923 return null; 8924 } 8925 } 8926 8927 private SharedLibraryEntry getSharedLibraryEntryLPr(String name, int version) { 8928 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get(name); 8929 if (versionedLib == null) { 8930 return null; 8931 } 8932 return versionedLib.get(version); 8933 } 8934 8935 private SharedLibraryEntry getLatestSharedLibraVersionLPr(PackageParser.Package pkg) { 8936 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get( 8937 pkg.staticSharedLibName); 8938 if (versionedLib == null) { 8939 return null; 8940 } 8941 int previousLibVersion = -1; 8942 final int versionCount = versionedLib.size(); 8943 for (int i = 0; i < versionCount; i++) { 8944 final int libVersion = versionedLib.keyAt(i); 8945 if (libVersion < pkg.staticSharedLibVersion) { 8946 previousLibVersion = Math.max(previousLibVersion, libVersion); 8947 } 8948 } 8949 if (previousLibVersion >= 0) { 8950 return versionedLib.get(previousLibVersion); 8951 } 8952 return null; 8953 } 8954 8955 public void shutdown() { 8956 mPackageUsage.writeNow(mPackages); 8957 mCompilerStats.writeNow(); 8958 } 8959 8960 @Override 8961 public void dumpProfiles(String packageName) { 8962 PackageParser.Package pkg; 8963 synchronized (mPackages) { 8964 pkg = mPackages.get(packageName); 8965 if (pkg == null) { 8966 throw new IllegalArgumentException("Unknown package: " + packageName); 8967 } 8968 } 8969 /* Only the shell, root, or the app user should be able to dump profiles. */ 8970 int callingUid = Binder.getCallingUid(); 8971 if (callingUid != Process.SHELL_UID && 8972 callingUid != Process.ROOT_UID && 8973 callingUid != pkg.applicationInfo.uid) { 8974 throw new SecurityException("dumpProfiles"); 8975 } 8976 8977 synchronized (mInstallLock) { 8978 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dump profiles"); 8979 final int sharedGid = UserHandle.getSharedAppGid(pkg.applicationInfo.uid); 8980 try { 8981 List<String> allCodePaths = pkg.getAllCodePathsExcludingResourceOnly(); 8982 String codePaths = TextUtils.join(";", allCodePaths); 8983 mInstaller.dumpProfiles(sharedGid, packageName, codePaths); 8984 } catch (InstallerException e) { 8985 Slog.w(TAG, "Failed to dump profiles", e); 8986 } 8987 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 8988 } 8989 } 8990 8991 @Override 8992 public void forceDexOpt(String packageName) { 8993 enforceSystemOrRoot("forceDexOpt"); 8994 8995 PackageParser.Package pkg; 8996 synchronized (mPackages) { 8997 pkg = mPackages.get(packageName); 8998 if (pkg == null) { 8999 throw new IllegalArgumentException("Unknown package: " + packageName); 9000 } 9001 } 9002 9003 synchronized (mInstallLock) { 9004 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dexopt"); 9005 9006 // Whoever is calling forceDexOpt wants a compiled package. 9007 // Don't use profiles since that may cause compilation to be skipped. 9008 final int res = performDexOptInternalWithDependenciesLI(pkg, 9009 false /* checkProfiles */, getDefaultCompilerFilter(), 9010 true /* force */); 9011 9012 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 9013 if (res != PackageDexOptimizer.DEX_OPT_PERFORMED) { 9014 throw new IllegalStateException("Failed to dexopt: " + res); 9015 } 9016 } 9017 } 9018 9019 private boolean verifyPackageUpdateLPr(PackageSetting oldPkg, PackageParser.Package newPkg) { 9020 if ((oldPkg.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) { 9021 Slog.w(TAG, "Unable to update from " + oldPkg.name 9022 + " to " + newPkg.packageName 9023 + ": old package not in system partition"); 9024 return false; 9025 } else if (mPackages.get(oldPkg.name) != null) { 9026 Slog.w(TAG, "Unable to update from " + oldPkg.name 9027 + " to " + newPkg.packageName 9028 + ": old package still exists"); 9029 return false; 9030 } 9031 return true; 9032 } 9033 9034 void removeCodePathLI(File codePath) { 9035 if (codePath.isDirectory()) { 9036 try { 9037 mInstaller.rmPackageDir(codePath.getAbsolutePath()); 9038 } catch (InstallerException e) { 9039 Slog.w(TAG, "Failed to remove code path", e); 9040 } 9041 } else { 9042 codePath.delete(); 9043 } 9044 } 9045 9046 private int[] resolveUserIds(int userId) { 9047 return (userId == UserHandle.USER_ALL) ? sUserManager.getUserIds() : new int[] { userId }; 9048 } 9049 9050 private void clearAppDataLIF(PackageParser.Package pkg, int userId, int flags) { 9051 if (pkg == null) { 9052 Slog.wtf(TAG, "Package was null!", new Throwable()); 9053 return; 9054 } 9055 clearAppDataLeafLIF(pkg, userId, flags); 9056 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9057 for (int i = 0; i < childCount; i++) { 9058 clearAppDataLeafLIF(pkg.childPackages.get(i), userId, flags); 9059 } 9060 } 9061 9062 private void clearAppDataLeafLIF(PackageParser.Package pkg, int userId, int flags) { 9063 final PackageSetting ps; 9064 synchronized (mPackages) { 9065 ps = mSettings.mPackages.get(pkg.packageName); 9066 } 9067 for (int realUserId : resolveUserIds(userId)) { 9068 final long ceDataInode = (ps != null) ? ps.getCeDataInode(realUserId) : 0; 9069 try { 9070 mInstaller.clearAppData(pkg.volumeUuid, pkg.packageName, realUserId, flags, 9071 ceDataInode); 9072 } catch (InstallerException e) { 9073 Slog.w(TAG, String.valueOf(e)); 9074 } 9075 } 9076 } 9077 9078 private void destroyAppDataLIF(PackageParser.Package pkg, int userId, int flags) { 9079 if (pkg == null) { 9080 Slog.wtf(TAG, "Package was null!", new Throwable()); 9081 return; 9082 } 9083 destroyAppDataLeafLIF(pkg, userId, flags); 9084 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9085 for (int i = 0; i < childCount; i++) { 9086 destroyAppDataLeafLIF(pkg.childPackages.get(i), userId, flags); 9087 } 9088 } 9089 9090 private void destroyAppDataLeafLIF(PackageParser.Package pkg, int userId, int flags) { 9091 final PackageSetting ps; 9092 synchronized (mPackages) { 9093 ps = mSettings.mPackages.get(pkg.packageName); 9094 } 9095 for (int realUserId : resolveUserIds(userId)) { 9096 final long ceDataInode = (ps != null) ? ps.getCeDataInode(realUserId) : 0; 9097 try { 9098 mInstaller.destroyAppData(pkg.volumeUuid, pkg.packageName, realUserId, flags, 9099 ceDataInode); 9100 } catch (InstallerException e) { 9101 Slog.w(TAG, String.valueOf(e)); 9102 } 9103 mDexManager.notifyPackageDataDestroyed(pkg.packageName, userId); 9104 } 9105 } 9106 9107 private void destroyAppProfilesLIF(PackageParser.Package pkg, int userId) { 9108 if (pkg == null) { 9109 Slog.wtf(TAG, "Package was null!", new Throwable()); 9110 return; 9111 } 9112 destroyAppProfilesLeafLIF(pkg); 9113 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9114 for (int i = 0; i < childCount; i++) { 9115 destroyAppProfilesLeafLIF(pkg.childPackages.get(i)); 9116 } 9117 } 9118 9119 private void destroyAppProfilesLeafLIF(PackageParser.Package pkg) { 9120 try { 9121 mInstaller.destroyAppProfiles(pkg.packageName); 9122 } catch (InstallerException e) { 9123 Slog.w(TAG, String.valueOf(e)); 9124 } 9125 } 9126 9127 private void clearAppProfilesLIF(PackageParser.Package pkg, int userId) { 9128 if (pkg == null) { 9129 Slog.wtf(TAG, "Package was null!", new Throwable()); 9130 return; 9131 } 9132 clearAppProfilesLeafLIF(pkg); 9133 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9134 for (int i = 0; i < childCount; i++) { 9135 clearAppProfilesLeafLIF(pkg.childPackages.get(i)); 9136 } 9137 } 9138 9139 private void clearAppProfilesLeafLIF(PackageParser.Package pkg) { 9140 try { 9141 mInstaller.clearAppProfiles(pkg.packageName); 9142 } catch (InstallerException e) { 9143 Slog.w(TAG, String.valueOf(e)); 9144 } 9145 } 9146 9147 private void setInstallAndUpdateTime(PackageParser.Package pkg, long firstInstallTime, 9148 long lastUpdateTime) { 9149 // Set parent install/update time 9150 PackageSetting ps = (PackageSetting) pkg.mExtras; 9151 if (ps != null) { 9152 ps.firstInstallTime = firstInstallTime; 9153 ps.lastUpdateTime = lastUpdateTime; 9154 } 9155 // Set children install/update time 9156 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9157 for (int i = 0; i < childCount; i++) { 9158 PackageParser.Package childPkg = pkg.childPackages.get(i); 9159 ps = (PackageSetting) childPkg.mExtras; 9160 if (ps != null) { 9161 ps.firstInstallTime = firstInstallTime; 9162 ps.lastUpdateTime = lastUpdateTime; 9163 } 9164 } 9165 } 9166 9167 private void addSharedLibraryLPr(ArraySet<String> usesLibraryFiles, SharedLibraryEntry file, 9168 PackageParser.Package changingLib) { 9169 if (file.path != null) { 9170 usesLibraryFiles.add(file.path); 9171 return; 9172 } 9173 PackageParser.Package p = mPackages.get(file.apk); 9174 if (changingLib != null && changingLib.packageName.equals(file.apk)) { 9175 // If we are doing this while in the middle of updating a library apk, 9176 // then we need to make sure to use that new apk for determining the 9177 // dependencies here. (We haven't yet finished committing the new apk 9178 // to the package manager state.) 9179 if (p == null || p.packageName.equals(changingLib.packageName)) { 9180 p = changingLib; 9181 } 9182 } 9183 if (p != null) { 9184 usesLibraryFiles.addAll(p.getAllCodePaths()); 9185 } 9186 } 9187 9188 private void updateSharedLibrariesLPr(PackageParser.Package pkg, 9189 PackageParser.Package changingLib) throws PackageManagerException { 9190 if (pkg == null) { 9191 return; 9192 } 9193 ArraySet<String> usesLibraryFiles = null; 9194 if (pkg.usesLibraries != null) { 9195 usesLibraryFiles = addSharedLibrariesLPw(pkg.usesLibraries, 9196 null, null, pkg.packageName, changingLib, true, null); 9197 } 9198 if (pkg.usesStaticLibraries != null) { 9199 usesLibraryFiles = addSharedLibrariesLPw(pkg.usesStaticLibraries, 9200 pkg.usesStaticLibrariesVersions, pkg.usesStaticLibrariesCertDigests, 9201 pkg.packageName, changingLib, true, usesLibraryFiles); 9202 } 9203 if (pkg.usesOptionalLibraries != null) { 9204 usesLibraryFiles = addSharedLibrariesLPw(pkg.usesOptionalLibraries, 9205 null, null, pkg.packageName, changingLib, false, usesLibraryFiles); 9206 } 9207 if (!ArrayUtils.isEmpty(usesLibraryFiles)) { 9208 pkg.usesLibraryFiles = usesLibraryFiles.toArray(new String[usesLibraryFiles.size()]); 9209 } else { 9210 pkg.usesLibraryFiles = null; 9211 } 9212 } 9213 9214 private ArraySet<String> addSharedLibrariesLPw(@NonNull List<String> requestedLibraries, 9215 @Nullable int[] requiredVersions, @Nullable String[] requiredCertDigests, 9216 @NonNull String packageName, @Nullable PackageParser.Package changingLib, 9217 boolean required, @Nullable ArraySet<String> outUsedLibraries) 9218 throws PackageManagerException { 9219 final int libCount = requestedLibraries.size(); 9220 for (int i = 0; i < libCount; i++) { 9221 final String libName = requestedLibraries.get(i); 9222 final int libVersion = requiredVersions != null ? requiredVersions[i] 9223 : SharedLibraryInfo.VERSION_UNDEFINED; 9224 final SharedLibraryEntry libEntry = getSharedLibraryEntryLPr(libName, libVersion); 9225 if (libEntry == null) { 9226 if (required) { 9227 throw new PackageManagerException(INSTALL_FAILED_MISSING_SHARED_LIBRARY, 9228 "Package " + packageName + " requires unavailable shared library " 9229 + libName + "; failing!"); 9230 } else { 9231 Slog.w(TAG, "Package " + packageName 9232 + " desires unavailable shared library " 9233 + libName + "; ignoring!"); 9234 } 9235 } else { 9236 if (requiredVersions != null && requiredCertDigests != null) { 9237 if (libEntry.info.getVersion() != requiredVersions[i]) { 9238 throw new PackageManagerException(INSTALL_FAILED_MISSING_SHARED_LIBRARY, 9239 "Package " + packageName + " requires unavailable static shared" 9240 + " library " + libName + " version " 9241 + libEntry.info.getVersion() + "; failing!"); 9242 } 9243 9244 PackageParser.Package libPkg = mPackages.get(libEntry.apk); 9245 if (libPkg == null) { 9246 throw new PackageManagerException(INSTALL_FAILED_MISSING_SHARED_LIBRARY, 9247 "Package " + packageName + " requires unavailable static shared" 9248 + " library; failing!"); 9249 } 9250 9251 String expectedCertDigest = requiredCertDigests[i]; 9252 String libCertDigest = PackageUtils.computeCertSha256Digest( 9253 libPkg.mSignatures[0]); 9254 if (!libCertDigest.equalsIgnoreCase(expectedCertDigest)) { 9255 throw new PackageManagerException(INSTALL_FAILED_MISSING_SHARED_LIBRARY, 9256 "Package " + packageName + " requires differently signed" + 9257 " static shared library; failing!"); 9258 } 9259 } 9260 9261 if (outUsedLibraries == null) { 9262 outUsedLibraries = new ArraySet<>(); 9263 } 9264 addSharedLibraryLPr(outUsedLibraries, libEntry, changingLib); 9265 } 9266 } 9267 return outUsedLibraries; 9268 } 9269 9270 private static boolean hasString(List<String> list, List<String> which) { 9271 if (list == null) { 9272 return false; 9273 } 9274 for (int i=list.size()-1; i>=0; i--) { 9275 for (int j=which.size()-1; j>=0; j--) { 9276 if (which.get(j).equals(list.get(i))) { 9277 return true; 9278 } 9279 } 9280 } 9281 return false; 9282 } 9283 9284 private ArrayList<PackageParser.Package> updateAllSharedLibrariesLPw( 9285 PackageParser.Package changingPkg) { 9286 ArrayList<PackageParser.Package> res = null; 9287 for (PackageParser.Package pkg : mPackages.values()) { 9288 if (changingPkg != null 9289 && !hasString(pkg.usesLibraries, changingPkg.libraryNames) 9290 && !hasString(pkg.usesOptionalLibraries, changingPkg.libraryNames) 9291 && !ArrayUtils.contains(pkg.usesStaticLibraries, 9292 changingPkg.staticSharedLibName)) { 9293 return null; 9294 } 9295 if (res == null) { 9296 res = new ArrayList<>(); 9297 } 9298 res.add(pkg); 9299 try { 9300 updateSharedLibrariesLPr(pkg, changingPkg); 9301 } catch (PackageManagerException e) { 9302 // If a system app update or an app and a required lib missing we 9303 // delete the package and for updated system apps keep the data as 9304 // it is better for the user to reinstall than to be in an limbo 9305 // state. Also libs disappearing under an app should never happen 9306 // - just in case. 9307 if (!pkg.isSystemApp() || pkg.isUpdatedSystemApp()) { 9308 final int flags = pkg.isUpdatedSystemApp() 9309 ? PackageManager.DELETE_KEEP_DATA : 0; 9310 deletePackageLIF(pkg.packageName, null, true, sUserManager.getUserIds(), 9311 flags , null, true, null); 9312 } 9313 Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage()); 9314 } 9315 } 9316 return res; 9317 } 9318 9319 /** 9320 * Derive the value of the {@code cpuAbiOverride} based on the provided 9321 * value and an optional stored value from the package settings. 9322 */ 9323 private static String deriveAbiOverride(String abiOverride, PackageSetting settings) { 9324 String cpuAbiOverride = null; 9325 9326 if (NativeLibraryHelper.CLEAR_ABI_OVERRIDE.equals(abiOverride)) { 9327 cpuAbiOverride = null; 9328 } else if (abiOverride != null) { 9329 cpuAbiOverride = abiOverride; 9330 } else if (settings != null) { 9331 cpuAbiOverride = settings.cpuAbiOverrideString; 9332 } 9333 9334 return cpuAbiOverride; 9335 } 9336 9337 private PackageParser.Package scanPackageTracedLI(PackageParser.Package pkg, 9338 final int policyFlags, int scanFlags, long currentTime, @Nullable UserHandle user) 9339 throws PackageManagerException { 9340 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "scanPackage"); 9341 // If the package has children and this is the first dive in the function 9342 // we recursively scan the package with the SCAN_CHECK_ONLY flag set to see 9343 // whether all packages (parent and children) would be successfully scanned 9344 // before the actual scan since scanning mutates internal state and we want 9345 // to atomically install the package and its children. 9346 if ((scanFlags & SCAN_CHECK_ONLY) == 0) { 9347 if (pkg.childPackages != null && pkg.childPackages.size() > 0) { 9348 scanFlags |= SCAN_CHECK_ONLY; 9349 } 9350 } else { 9351 scanFlags &= ~SCAN_CHECK_ONLY; 9352 } 9353 9354 final PackageParser.Package scannedPkg; 9355 try { 9356 // Scan the parent 9357 scannedPkg = scanPackageLI(pkg, policyFlags, scanFlags, currentTime, user); 9358 // Scan the children 9359 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 9360 for (int i = 0; i < childCount; i++) { 9361 PackageParser.Package childPkg = pkg.childPackages.get(i); 9362 scanPackageLI(childPkg, policyFlags, 9363 scanFlags, currentTime, user); 9364 } 9365 } finally { 9366 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 9367 } 9368 9369 if ((scanFlags & SCAN_CHECK_ONLY) != 0) { 9370 return scanPackageTracedLI(pkg, policyFlags, scanFlags, currentTime, user); 9371 } 9372 9373 return scannedPkg; 9374 } 9375 9376 private PackageParser.Package scanPackageLI(PackageParser.Package pkg, final int policyFlags, 9377 int scanFlags, long currentTime, @Nullable UserHandle user) 9378 throws PackageManagerException { 9379 boolean success = false; 9380 try { 9381 final PackageParser.Package res = scanPackageDirtyLI(pkg, policyFlags, scanFlags, 9382 currentTime, user); 9383 success = true; 9384 return res; 9385 } finally { 9386 if (!success && (scanFlags & SCAN_DELETE_DATA_ON_FAILURES) != 0) { 9387 // DELETE_DATA_ON_FAILURES is only used by frozen paths 9388 destroyAppDataLIF(pkg, UserHandle.USER_ALL, 9389 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE); 9390 destroyAppProfilesLIF(pkg, UserHandle.USER_ALL); 9391 } 9392 } 9393 } 9394 9395 /** 9396 * Returns {@code true} if the given file contains code. Otherwise {@code false}. 9397 */ 9398 private static boolean apkHasCode(String fileName) { 9399 StrictJarFile jarFile = null; 9400 try { 9401 jarFile = new StrictJarFile(fileName, 9402 false /*verify*/, false /*signatureSchemeRollbackProtectionsEnforced*/); 9403 return jarFile.findEntry("classes.dex") != null; 9404 } catch (IOException ignore) { 9405 } finally { 9406 try { 9407 if (jarFile != null) { 9408 jarFile.close(); 9409 } 9410 } catch (IOException ignore) {} 9411 } 9412 return false; 9413 } 9414 9415 /** 9416 * Enforces code policy for the package. This ensures that if an APK has 9417 * declared hasCode="true" in its manifest that the APK actually contains 9418 * code. 9419 * 9420 * @throws PackageManagerException If bytecode could not be found when it should exist 9421 */ 9422 private static void assertCodePolicy(PackageParser.Package pkg) 9423 throws PackageManagerException { 9424 final boolean shouldHaveCode = 9425 (pkg.applicationInfo.flags & ApplicationInfo.FLAG_HAS_CODE) != 0; 9426 if (shouldHaveCode && !apkHasCode(pkg.baseCodePath)) { 9427 throw new PackageManagerException(INSTALL_FAILED_INVALID_APK, 9428 "Package " + pkg.baseCodePath + " code is missing"); 9429 } 9430 9431 if (!ArrayUtils.isEmpty(pkg.splitCodePaths)) { 9432 for (int i = 0; i < pkg.splitCodePaths.length; i++) { 9433 final boolean splitShouldHaveCode = 9434 (pkg.splitFlags[i] & ApplicationInfo.FLAG_HAS_CODE) != 0; 9435 if (splitShouldHaveCode && !apkHasCode(pkg.splitCodePaths[i])) { 9436 throw new PackageManagerException(INSTALL_FAILED_INVALID_APK, 9437 "Package " + pkg.splitCodePaths[i] + " code is missing"); 9438 } 9439 } 9440 } 9441 } 9442 9443 private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg, 9444 final int policyFlags, final int scanFlags, long currentTime, @Nullable UserHandle user) 9445 throws PackageManagerException { 9446 if (DEBUG_PACKAGE_SCANNING) { 9447 if ((policyFlags & PackageParser.PARSE_CHATTY) != 0) 9448 Log.d(TAG, "Scanning package " + pkg.packageName); 9449 } 9450 9451 applyPolicy(pkg, policyFlags); 9452 9453 assertPackageIsValid(pkg, policyFlags, scanFlags); 9454 9455 // Initialize package source and resource directories 9456 final File scanFile = new File(pkg.codePath); 9457 final File destCodeFile = new File(pkg.applicationInfo.getCodePath()); 9458 final File destResourceFile = new File(pkg.applicationInfo.getResourcePath()); 9459 9460 SharedUserSetting suid = null; 9461 PackageSetting pkgSetting = null; 9462 9463 // Getting the package setting may have a side-effect, so if we 9464 // are only checking if scan would succeed, stash a copy of the 9465 // old setting to restore at the end. 9466 PackageSetting nonMutatedPs = null; 9467 9468 // We keep references to the derived CPU Abis from settings in oder to reuse 9469 // them in the case where we're not upgrading or booting for the first time. 9470 String primaryCpuAbiFromSettings = null; 9471 String secondaryCpuAbiFromSettings = null; 9472 9473 // writer 9474 synchronized (mPackages) { 9475 if (pkg.mSharedUserId != null) { 9476 // SIDE EFFECTS; may potentially allocate a new shared user 9477 suid = mSettings.getSharedUserLPw( 9478 pkg.mSharedUserId, 0 /*pkgFlags*/, 0 /*pkgPrivateFlags*/, true /*create*/); 9479 if (DEBUG_PACKAGE_SCANNING) { 9480 if ((policyFlags & PackageParser.PARSE_CHATTY) != 0) 9481 Log.d(TAG, "Shared UserID " + pkg.mSharedUserId + " (uid=" + suid.userId 9482 + "): packages=" + suid.packages); 9483 } 9484 } 9485 9486 // Check if we are renaming from an original package name. 9487 PackageSetting origPackage = null; 9488 String realName = null; 9489 if (pkg.mOriginalPackages != null) { 9490 // This package may need to be renamed to a previously 9491 // installed name. Let's check on that... 9492 final String renamed = mSettings.getRenamedPackageLPr(pkg.mRealPackage); 9493 if (pkg.mOriginalPackages.contains(renamed)) { 9494 // This package had originally been installed as the 9495 // original name, and we have already taken care of 9496 // transitioning to the new one. Just update the new 9497 // one to continue using the old name. 9498 realName = pkg.mRealPackage; 9499 if (!pkg.packageName.equals(renamed)) { 9500 // Callers into this function may have already taken 9501 // care of renaming the package; only do it here if 9502 // it is not already done. 9503 pkg.setPackageName(renamed); 9504 } 9505 } else { 9506 for (int i=pkg.mOriginalPackages.size()-1; i>=0; i--) { 9507 if ((origPackage = mSettings.getPackageLPr( 9508 pkg.mOriginalPackages.get(i))) != null) { 9509 // We do have the package already installed under its 9510 // original name... should we use it? 9511 if (!verifyPackageUpdateLPr(origPackage, pkg)) { 9512 // New package is not compatible with original. 9513 origPackage = null; 9514 continue; 9515 } else if (origPackage.sharedUser != null) { 9516 // Make sure uid is compatible between packages. 9517 if (!origPackage.sharedUser.name.equals(pkg.mSharedUserId)) { 9518 Slog.w(TAG, "Unable to migrate data from " + origPackage.name 9519 + " to " + pkg.packageName + ": old uid " 9520 + origPackage.sharedUser.name 9521 + " differs from " + pkg.mSharedUserId); 9522 origPackage = null; 9523 continue; 9524 } 9525 // TODO: Add case when shared user id is added [b/28144775] 9526 } else { 9527 if (DEBUG_UPGRADE) Log.v(TAG, "Renaming new package " 9528 + pkg.packageName + " to old name " + origPackage.name); 9529 } 9530 break; 9531 } 9532 } 9533 } 9534 } 9535 9536 if (mTransferedPackages.contains(pkg.packageName)) { 9537 Slog.w(TAG, "Package " + pkg.packageName 9538 + " was transferred to another, but its .apk remains"); 9539 } 9540 9541 // See comments in nonMutatedPs declaration 9542 if ((scanFlags & SCAN_CHECK_ONLY) != 0) { 9543 PackageSetting foundPs = mSettings.getPackageLPr(pkg.packageName); 9544 if (foundPs != null) { 9545 nonMutatedPs = new PackageSetting(foundPs); 9546 } 9547 } 9548 9549 if ((scanFlags & SCAN_FIRST_BOOT_OR_UPGRADE) == 0) { 9550 PackageSetting foundPs = mSettings.getPackageLPr(pkg.packageName); 9551 if (foundPs != null) { 9552 primaryCpuAbiFromSettings = foundPs.primaryCpuAbiString; 9553 secondaryCpuAbiFromSettings = foundPs.secondaryCpuAbiString; 9554 } 9555 } 9556 9557 pkgSetting = mSettings.getPackageLPr(pkg.packageName); 9558 if (pkgSetting != null && pkgSetting.sharedUser != suid) { 9559 PackageManagerService.reportSettingsProblem(Log.WARN, 9560 "Package " + pkg.packageName + " shared user changed from " 9561 + (pkgSetting.sharedUser != null 9562 ? pkgSetting.sharedUser.name : "<nothing>") 9563 + " to " 9564 + (suid != null ? suid.name : "<nothing>") 9565 + "; replacing with new"); 9566 pkgSetting = null; 9567 } 9568 final PackageSetting oldPkgSetting = 9569 pkgSetting == null ? null : new PackageSetting(pkgSetting); 9570 final PackageSetting disabledPkgSetting = 9571 mSettings.getDisabledSystemPkgLPr(pkg.packageName); 9572 9573 String[] usesStaticLibraries = null; 9574 if (pkg.usesStaticLibraries != null) { 9575 usesStaticLibraries = new String[pkg.usesStaticLibraries.size()]; 9576 pkg.usesStaticLibraries.toArray(usesStaticLibraries); 9577 } 9578 9579 if (pkgSetting == null) { 9580 final String parentPackageName = (pkg.parentPackage != null) 9581 ? pkg.parentPackage.packageName : null; 9582 final boolean instantApp = (scanFlags & SCAN_AS_INSTANT_APP) != 0; 9583 // REMOVE SharedUserSetting from method; update in a separate call 9584 pkgSetting = Settings.createNewSetting(pkg.packageName, origPackage, 9585 disabledPkgSetting, realName, suid, destCodeFile, destResourceFile, 9586 pkg.applicationInfo.nativeLibraryRootDir, pkg.applicationInfo.primaryCpuAbi, 9587 pkg.applicationInfo.secondaryCpuAbi, pkg.mVersionCode, 9588 pkg.applicationInfo.flags, pkg.applicationInfo.privateFlags, user, 9589 true /*allowInstall*/, instantApp, parentPackageName, 9590 pkg.getChildPackageNames(), UserManagerService.getInstance(), 9591 usesStaticLibraries, pkg.usesStaticLibrariesVersions); 9592 // SIDE EFFECTS; updates system state; move elsewhere 9593 if (origPackage != null) { 9594 mSettings.addRenamedPackageLPw(pkg.packageName, origPackage.name); 9595 } 9596 mSettings.addUserToSettingLPw(pkgSetting); 9597 } else { 9598 // REMOVE SharedUserSetting from method; update in a separate call. 9599 // 9600 // TODO(narayan): This update is bogus. nativeLibraryDir & primaryCpuAbi, 9601 // secondaryCpuAbi are not known at this point so we always update them 9602 // to null here, only to reset them at a later point. 9603 Settings.updatePackageSetting(pkgSetting, disabledPkgSetting, suid, destCodeFile, 9604 pkg.applicationInfo.nativeLibraryDir, pkg.applicationInfo.primaryCpuAbi, 9605 pkg.applicationInfo.secondaryCpuAbi, pkg.applicationInfo.flags, 9606 pkg.applicationInfo.privateFlags, pkg.getChildPackageNames(), 9607 UserManagerService.getInstance(), usesStaticLibraries, 9608 pkg.usesStaticLibrariesVersions); 9609 } 9610 // SIDE EFFECTS; persists system state to files on disk; move elsewhere 9611 mSettings.writeUserRestrictionsLPw(pkgSetting, oldPkgSetting); 9612 9613 // SIDE EFFECTS; modifies system state; move elsewhere 9614 if (pkgSetting.origPackage != null) { 9615 // If we are first transitioning from an original package, 9616 // fix up the new package's name now. We need to do this after 9617 // looking up the package under its new name, so getPackageLP 9618 // can take care of fiddling things correctly. 9619 pkg.setPackageName(origPackage.name); 9620 9621 // File a report about this. 9622 String msg = "New package " + pkgSetting.realName 9623 + " renamed to replace old package " + pkgSetting.name; 9624 reportSettingsProblem(Log.WARN, msg); 9625 9626 // Make a note of it. 9627 if ((scanFlags & SCAN_CHECK_ONLY) == 0) { 9628 mTransferedPackages.add(origPackage.name); 9629 } 9630 9631 // No longer need to retain this. 9632 pkgSetting.origPackage = null; 9633 } 9634 9635 // SIDE EFFECTS; modifies system state; move elsewhere 9636 if ((scanFlags & SCAN_CHECK_ONLY) == 0 && realName != null) { 9637 // Make a note of it. 9638 mTransferedPackages.add(pkg.packageName); 9639 } 9640 9641 if (mSettings.isDisabledSystemPackageLPr(pkg.packageName)) { 9642 pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; 9643 } 9644 9645 if ((scanFlags & SCAN_BOOTING) == 0 9646 && (policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { 9647 // Check all shared libraries and map to their actual file path. 9648 // We only do this here for apps not on a system dir, because those 9649 // are the only ones that can fail an install due to this. We 9650 // will take care of the system apps by updating all of their 9651 // library paths after the scan is done. Also during the initial 9652 // scan don't update any libs as we do this wholesale after all 9653 // apps are scanned to avoid dependency based scanning. 9654 updateSharedLibrariesLPr(pkg, null); 9655 } 9656 9657 if (mFoundPolicyFile) { 9658 SELinuxMMAC.assignSeInfoValue(pkg); 9659 } 9660 pkg.applicationInfo.uid = pkgSetting.appId; 9661 pkg.mExtras = pkgSetting; 9662 9663 9664 // Static shared libs have same package with different versions where 9665 // we internally use a synthetic package name to allow multiple versions 9666 // of the same package, therefore we need to compare signatures against 9667 // the package setting for the latest library version. 9668 PackageSetting signatureCheckPs = pkgSetting; 9669 if (pkg.applicationInfo.isStaticSharedLibrary()) { 9670 SharedLibraryEntry libraryEntry = getLatestSharedLibraVersionLPr(pkg); 9671 if (libraryEntry != null) { 9672 signatureCheckPs = mSettings.getPackageLPr(libraryEntry.apk); 9673 } 9674 } 9675 9676 if (shouldCheckUpgradeKeySetLP(signatureCheckPs, scanFlags)) { 9677 if (checkUpgradeKeySetLP(signatureCheckPs, pkg)) { 9678 // We just determined the app is signed correctly, so bring 9679 // over the latest parsed certs. 9680 pkgSetting.signatures.mSignatures = pkg.mSignatures; 9681 } else { 9682 if ((policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { 9683 throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE, 9684 "Package " + pkg.packageName + " upgrade keys do not match the " 9685 + "previously installed version"); 9686 } else { 9687 pkgSetting.signatures.mSignatures = pkg.mSignatures; 9688 String msg = "System package " + pkg.packageName 9689 + " signature changed; retaining data."; 9690 reportSettingsProblem(Log.WARN, msg); 9691 } 9692 } 9693 } else { 9694 try { 9695 // SIDE EFFECTS; compareSignaturesCompat() changes KeysetManagerService 9696 verifySignaturesLP(signatureCheckPs, pkg); 9697 // We just determined the app is signed correctly, so bring 9698 // over the latest parsed certs. 9699 pkgSetting.signatures.mSignatures = pkg.mSignatures; 9700 } catch (PackageManagerException e) { 9701 if ((policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { 9702 throw e; 9703 } 9704 // The signature has changed, but this package is in the system 9705 // image... let's recover! 9706 pkgSetting.signatures.mSignatures = pkg.mSignatures; 9707 // However... if this package is part of a shared user, but it 9708 // doesn't match the signature of the shared user, let's fail. 9709 // What this means is that you can't change the signatures 9710 // associated with an overall shared user, which doesn't seem all 9711 // that unreasonable. 9712 if (signatureCheckPs.sharedUser != null) { 9713 if (compareSignatures(signatureCheckPs.sharedUser.signatures.mSignatures, 9714 pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { 9715 throw new PackageManagerException( 9716 INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES, 9717 "Signature mismatch for shared user: " 9718 + pkgSetting.sharedUser); 9719 } 9720 } 9721 // File a report about this. 9722 String msg = "System package " + pkg.packageName 9723 + " signature changed; retaining data."; 9724 reportSettingsProblem(Log.WARN, msg); 9725 } 9726 } 9727 9728 if ((scanFlags & SCAN_CHECK_ONLY) == 0 && pkg.mAdoptPermissions != null) { 9729 // This package wants to adopt ownership of permissions from 9730 // another package. 9731 for (int i = pkg.mAdoptPermissions.size() - 1; i >= 0; i--) { 9732 final String origName = pkg.mAdoptPermissions.get(i); 9733 final PackageSetting orig = mSettings.getPackageLPr(origName); 9734 if (orig != null) { 9735 if (verifyPackageUpdateLPr(orig, pkg)) { 9736 Slog.i(TAG, "Adopting permissions from " + origName + " to " 9737 + pkg.packageName); 9738 // SIDE EFFECTS; updates permissions system state; move elsewhere 9739 mSettings.transferPermissionsLPw(origName, pkg.packageName); 9740 } 9741 } 9742 } 9743 } 9744 } 9745 9746 pkg.applicationInfo.processName = fixProcessName( 9747 pkg.applicationInfo.packageName, 9748 pkg.applicationInfo.processName); 9749 9750 if (pkg != mPlatformPackage) { 9751 // Get all of our default paths setup 9752 pkg.applicationInfo.initForUser(UserHandle.USER_SYSTEM); 9753 } 9754 9755 final String cpuAbiOverride = deriveAbiOverride(pkg.cpuAbiOverride, pkgSetting); 9756 9757 if ((scanFlags & SCAN_NEW_INSTALL) == 0) { 9758 if ((scanFlags & SCAN_FIRST_BOOT_OR_UPGRADE) != 0) { 9759 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "derivePackageAbi"); 9760 derivePackageAbi( 9761 pkg, scanFile, cpuAbiOverride, true /*extractLibs*/, mAppLib32InstallDir); 9762 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 9763 9764 // Some system apps still use directory structure for native libraries 9765 // in which case we might end up not detecting abi solely based on apk 9766 // structure. Try to detect abi based on directory structure. 9767 if (isSystemApp(pkg) && !pkg.isUpdatedSystemApp() && 9768 pkg.applicationInfo.primaryCpuAbi == null) { 9769 setBundledAppAbisAndRoots(pkg, pkgSetting); 9770 setNativeLibraryPaths(pkg, mAppLib32InstallDir); 9771 } 9772 } else { 9773 // This is not a first boot or an upgrade, don't bother deriving the 9774 // ABI during the scan. Instead, trust the value that was stored in the 9775 // package setting. 9776 pkg.applicationInfo.primaryCpuAbi = primaryCpuAbiFromSettings; 9777 pkg.applicationInfo.secondaryCpuAbi = secondaryCpuAbiFromSettings; 9778 9779 setNativeLibraryPaths(pkg, mAppLib32InstallDir); 9780 9781 if (DEBUG_ABI_SELECTION) { 9782 Slog.i(TAG, "Using ABIS and native lib paths from settings : " + 9783 pkg.packageName + " " + pkg.applicationInfo.primaryCpuAbi + ", " + 9784 pkg.applicationInfo.secondaryCpuAbi); 9785 } 9786 } 9787 } else { 9788 if ((scanFlags & SCAN_MOVE) != 0) { 9789 // We haven't run dex-opt for this move (since we've moved the compiled output too) 9790 // but we already have this packages package info in the PackageSetting. We just 9791 // use that and derive the native library path based on the new codepath. 9792 pkg.applicationInfo.primaryCpuAbi = pkgSetting.primaryCpuAbiString; 9793 pkg.applicationInfo.secondaryCpuAbi = pkgSetting.secondaryCpuAbiString; 9794 } 9795 9796 // Set native library paths again. For moves, the path will be updated based on the 9797 // ABIs we've determined above. For non-moves, the path will be updated based on the 9798 // ABIs we determined during compilation, but the path will depend on the final 9799 // package path (after the rename away from the stage path). 9800 setNativeLibraryPaths(pkg, mAppLib32InstallDir); 9801 } 9802 9803 // This is a special case for the "system" package, where the ABI is 9804 // dictated by the zygote configuration (and init.rc). We should keep track 9805 // of this ABI so that we can deal with "normal" applications that run under 9806 // the same UID correctly. 9807 if (mPlatformPackage == pkg) { 9808 pkg.applicationInfo.primaryCpuAbi = VMRuntime.getRuntime().is64Bit() ? 9809 Build.SUPPORTED_64_BIT_ABIS[0] : Build.SUPPORTED_32_BIT_ABIS[0]; 9810 } 9811 9812 // If there's a mismatch between the abi-override in the package setting 9813 // and the abiOverride specified for the install. Warn about this because we 9814 // would've already compiled the app without taking the package setting into 9815 // account. 9816 if ((scanFlags & SCAN_NO_DEX) == 0 && (scanFlags & SCAN_NEW_INSTALL) != 0) { 9817 if (cpuAbiOverride == null && pkgSetting.cpuAbiOverrideString != null) { 9818 Slog.w(TAG, "Ignoring persisted ABI override " + cpuAbiOverride + 9819 " for package " + pkg.packageName); 9820 } 9821 } 9822 9823 pkgSetting.primaryCpuAbiString = pkg.applicationInfo.primaryCpuAbi; 9824 pkgSetting.secondaryCpuAbiString = pkg.applicationInfo.secondaryCpuAbi; 9825 pkgSetting.cpuAbiOverrideString = cpuAbiOverride; 9826 9827 // Copy the derived override back to the parsed package, so that we can 9828 // update the package settings accordingly. 9829 pkg.cpuAbiOverride = cpuAbiOverride; 9830 9831 if (DEBUG_ABI_SELECTION) { 9832 Slog.d(TAG, "Resolved nativeLibraryRoot for " + pkg.applicationInfo.packageName 9833 + " to root=" + pkg.applicationInfo.nativeLibraryRootDir + ", isa=" 9834 + pkg.applicationInfo.nativeLibraryRootRequiresIsa); 9835 } 9836 9837 // Push the derived path down into PackageSettings so we know what to 9838 // clean up at uninstall time. 9839 pkgSetting.legacyNativeLibraryPathString = pkg.applicationInfo.nativeLibraryRootDir; 9840 9841 if (DEBUG_ABI_SELECTION) { 9842 Log.d(TAG, "Abis for package[" + pkg.packageName + "] are" + 9843 " primary=" + pkg.applicationInfo.primaryCpuAbi + 9844 " secondary=" + pkg.applicationInfo.secondaryCpuAbi); 9845 } 9846 9847 // SIDE EFFECTS; removes DEX files from disk; move elsewhere 9848 if ((scanFlags & SCAN_BOOTING) == 0 && pkgSetting.sharedUser != null) { 9849 // We don't do this here during boot because we can do it all 9850 // at once after scanning all existing packages. 9851 // 9852 // We also do this *before* we perform dexopt on this package, so that 9853 // we can avoid redundant dexopts, and also to make sure we've got the 9854 // code and package path correct. 9855 adjustCpuAbisForSharedUserLPw(pkgSetting.sharedUser.packages, pkg); 9856 } 9857 9858 if (mFactoryTest && pkg.requestedPermissions.contains( 9859 android.Manifest.permission.FACTORY_TEST)) { 9860 pkg.applicationInfo.flags |= ApplicationInfo.FLAG_FACTORY_TEST; 9861 } 9862 9863 if (isSystemApp(pkg)) { 9864 pkgSetting.isOrphaned = true; 9865 } 9866 9867 // Take care of first install / last update times. 9868 final long scanFileTime = getLastModifiedTime(pkg, scanFile); 9869 if (currentTime != 0) { 9870 if (pkgSetting.firstInstallTime == 0) { 9871 pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = currentTime; 9872 } else if ((scanFlags & SCAN_UPDATE_TIME) != 0) { 9873 pkgSetting.lastUpdateTime = currentTime; 9874 } 9875 } else if (pkgSetting.firstInstallTime == 0) { 9876 // We need *something*. Take time time stamp of the file. 9877 pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = scanFileTime; 9878 } else if ((policyFlags & PackageParser.PARSE_IS_SYSTEM_DIR) != 0) { 9879 if (scanFileTime != pkgSetting.timeStamp) { 9880 // A package on the system image has changed; consider this 9881 // to be an update. 9882 pkgSetting.lastUpdateTime = scanFileTime; 9883 } 9884 } 9885 pkgSetting.setTimeStamp(scanFileTime); 9886 9887 if ((scanFlags & SCAN_CHECK_ONLY) != 0) { 9888 if (nonMutatedPs != null) { 9889 synchronized (mPackages) { 9890 mSettings.mPackages.put(nonMutatedPs.name, nonMutatedPs); 9891 } 9892 } 9893 } else { 9894 final int userId = user == null ? 0 : user.getIdentifier(); 9895 // Modify state for the given package setting 9896 commitPackageSettings(pkg, pkgSetting, user, scanFlags, 9897 (policyFlags & PackageParser.PARSE_CHATTY) != 0 /*chatty*/); 9898 if (pkgSetting.getInstantApp(userId)) { 9899 mInstantAppRegistry.addInstantAppLPw(userId, pkgSetting.appId); 9900 } 9901 } 9902 return pkg; 9903 } 9904 9905 /** 9906 * Applies policy to the parsed package based upon the given policy flags. 9907 * Ensures the package is in a good state. 9908 * <p> 9909 * Implementation detail: This method must NOT have any side effect. It would 9910 * ideally be static, but, it requires locks to read system state. 9911 */ 9912 private void applyPolicy(PackageParser.Package pkg, int policyFlags) { 9913 if ((policyFlags&PackageParser.PARSE_IS_SYSTEM) != 0) { 9914 pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; 9915 if (pkg.applicationInfo.isDirectBootAware()) { 9916 // we're direct boot aware; set for all components 9917 for (PackageParser.Service s : pkg.services) { 9918 s.info.encryptionAware = s.info.directBootAware = true; 9919 } 9920 for (PackageParser.Provider p : pkg.providers) { 9921 p.info.encryptionAware = p.info.directBootAware = true; 9922 } 9923 for (PackageParser.Activity a : pkg.activities) { 9924 a.info.encryptionAware = a.info.directBootAware = true; 9925 } 9926 for (PackageParser.Activity r : pkg.receivers) { 9927 r.info.encryptionAware = r.info.directBootAware = true; 9928 } 9929 } 9930 } else { 9931 // Only allow system apps to be flagged as core apps. 9932 pkg.coreApp = false; 9933 // clear flags not applicable to regular apps 9934 pkg.applicationInfo.privateFlags &= 9935 ~ApplicationInfo.PRIVATE_FLAG_DEFAULT_TO_DEVICE_PROTECTED_STORAGE; 9936 pkg.applicationInfo.privateFlags &= 9937 ~ApplicationInfo.PRIVATE_FLAG_DIRECT_BOOT_AWARE; 9938 } 9939 pkg.mTrustedOverlay = (policyFlags&PackageParser.PARSE_TRUSTED_OVERLAY) != 0; 9940 9941 if ((policyFlags&PackageParser.PARSE_IS_PRIVILEGED) != 0) { 9942 pkg.applicationInfo.privateFlags |= ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; 9943 } 9944 9945 if (!isSystemApp(pkg)) { 9946 // Only system apps can use these features. 9947 pkg.mOriginalPackages = null; 9948 pkg.mRealPackage = null; 9949 pkg.mAdoptPermissions = null; 9950 } 9951 } 9952 9953 /** 9954 * Asserts the parsed package is valid according to the given policy. If the 9955 * package is invalid, for whatever reason, throws {@link PackageManagerException}. 9956 * <p> 9957 * Implementation detail: This method must NOT have any side effects. It would 9958 * ideally be static, but, it requires locks to read system state. 9959 * 9960 * @throws PackageManagerException If the package fails any of the validation checks 9961 */ 9962 private void assertPackageIsValid(PackageParser.Package pkg, int policyFlags, int scanFlags) 9963 throws PackageManagerException { 9964 if ((policyFlags & PackageParser.PARSE_ENFORCE_CODE) != 0) { 9965 assertCodePolicy(pkg); 9966 } 9967 9968 if (pkg.applicationInfo.getCodePath() == null || 9969 pkg.applicationInfo.getResourcePath() == null) { 9970 // Bail out. The resource and code paths haven't been set. 9971 throw new PackageManagerException(INSTALL_FAILED_INVALID_APK, 9972 "Code and resource paths haven't been set correctly"); 9973 } 9974 9975 // Make sure we're not adding any bogus keyset info 9976 KeySetManagerService ksms = mSettings.mKeySetManagerService; 9977 ksms.assertScannedPackageValid(pkg); 9978 9979 synchronized (mPackages) { 9980 // The special "android" package can only be defined once 9981 if (pkg.packageName.equals("android")) { 9982 if (mAndroidApplication != null) { 9983 Slog.w(TAG, "*************************************************"); 9984 Slog.w(TAG, "Core android package being redefined. Skipping."); 9985 Slog.w(TAG, " codePath=" + pkg.codePath); 9986 Slog.w(TAG, "*************************************************"); 9987 throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, 9988 "Core android package being redefined. Skipping."); 9989 } 9990 } 9991 9992 // A package name must be unique; don't allow duplicates 9993 if (mPackages.containsKey(pkg.packageName)) { 9994 throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, 9995 "Application package " + pkg.packageName 9996 + " already installed. Skipping duplicate."); 9997 } 9998 9999 if (pkg.applicationInfo.isStaticSharedLibrary()) { 10000 // Static libs have a synthetic package name containing the version 10001 // but we still want the base name to be unique. 10002 if (mPackages.containsKey(pkg.manifestPackageName)) { 10003 throw new PackageManagerException( 10004 "Duplicate static shared lib provider package"); 10005 } 10006 10007 // Static shared libraries should have at least O target SDK 10008 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) { 10009 throw new PackageManagerException( 10010 "Packages declaring static-shared libs must target O SDK or higher"); 10011 } 10012 10013 // Package declaring static a shared lib cannot be instant apps 10014 if ((scanFlags & SCAN_AS_INSTANT_APP) != 0) { 10015 throw new PackageManagerException( 10016 "Packages declaring static-shared libs cannot be instant apps"); 10017 } 10018 10019 // Package declaring static a shared lib cannot be renamed since the package 10020 // name is synthetic and apps can't code around package manager internals. 10021 if (!ArrayUtils.isEmpty(pkg.mOriginalPackages)) { 10022 throw new PackageManagerException( 10023 "Packages declaring static-shared libs cannot be renamed"); 10024 } 10025 10026 // Package declaring static a shared lib cannot declare child packages 10027 if (!ArrayUtils.isEmpty(pkg.childPackages)) { 10028 throw new PackageManagerException( 10029 "Packages declaring static-shared libs cannot have child packages"); 10030 } 10031 10032 // Package declaring static a shared lib cannot declare dynamic libs 10033 if (!ArrayUtils.isEmpty(pkg.libraryNames)) { 10034 throw new PackageManagerException( 10035 "Packages declaring static-shared libs cannot declare dynamic libs"); 10036 } 10037 10038 // Package declaring static a shared lib cannot declare shared users 10039 if (pkg.mSharedUserId != null) { 10040 throw new PackageManagerException( 10041 "Packages declaring static-shared libs cannot declare shared users"); 10042 } 10043 10044 // Static shared libs cannot declare activities 10045 if (!pkg.activities.isEmpty()) { 10046 throw new PackageManagerException( 10047 "Static shared libs cannot declare activities"); 10048 } 10049 10050 // Static shared libs cannot declare services 10051 if (!pkg.services.isEmpty()) { 10052 throw new PackageManagerException( 10053 "Static shared libs cannot declare services"); 10054 } 10055 10056 // Static shared libs cannot declare providers 10057 if (!pkg.providers.isEmpty()) { 10058 throw new PackageManagerException( 10059 "Static shared libs cannot declare content providers"); 10060 } 10061 10062 // Static shared libs cannot declare receivers 10063 if (!pkg.receivers.isEmpty()) { 10064 throw new PackageManagerException( 10065 "Static shared libs cannot declare broadcast receivers"); 10066 } 10067 10068 // Static shared libs cannot declare permission groups 10069 if (!pkg.permissionGroups.isEmpty()) { 10070 throw new PackageManagerException( 10071 "Static shared libs cannot declare permission groups"); 10072 } 10073 10074 // Static shared libs cannot declare permissions 10075 if (!pkg.permissions.isEmpty()) { 10076 throw new PackageManagerException( 10077 "Static shared libs cannot declare permissions"); 10078 } 10079 10080 // Static shared libs cannot declare protected broadcasts 10081 if (pkg.protectedBroadcasts != null) { 10082 throw new PackageManagerException( 10083 "Static shared libs cannot declare protected broadcasts"); 10084 } 10085 10086 // Static shared libs cannot be overlay targets 10087 if (pkg.mOverlayTarget != null) { 10088 throw new PackageManagerException( 10089 "Static shared libs cannot be overlay targets"); 10090 } 10091 10092 // The version codes must be ordered as lib versions 10093 int minVersionCode = Integer.MIN_VALUE; 10094 int maxVersionCode = Integer.MAX_VALUE; 10095 10096 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get( 10097 pkg.staticSharedLibName); 10098 if (versionedLib != null) { 10099 final int versionCount = versionedLib.size(); 10100 for (int i = 0; i < versionCount; i++) { 10101 SharedLibraryInfo libInfo = versionedLib.valueAt(i).info; 10102 // TODO: We will change version code to long, so in the new API it is long 10103 final int libVersionCode = (int) libInfo.getDeclaringPackage() 10104 .getVersionCode(); 10105 if (libInfo.getVersion() < pkg.staticSharedLibVersion) { 10106 minVersionCode = Math.max(minVersionCode, libVersionCode + 1); 10107 } else if (libInfo.getVersion() > pkg.staticSharedLibVersion) { 10108 maxVersionCode = Math.min(maxVersionCode, libVersionCode - 1); 10109 } else { 10110 minVersionCode = maxVersionCode = libVersionCode; 10111 break; 10112 } 10113 } 10114 } 10115 if (pkg.mVersionCode < minVersionCode || pkg.mVersionCode > maxVersionCode) { 10116 throw new PackageManagerException("Static shared" 10117 + " lib version codes must be ordered as lib versions"); 10118 } 10119 } 10120 10121 // Only privileged apps and updated privileged apps can add child packages. 10122 if (pkg.childPackages != null && !pkg.childPackages.isEmpty()) { 10123 if ((policyFlags & PARSE_IS_PRIVILEGED) == 0) { 10124 throw new PackageManagerException("Only privileged apps can add child " 10125 + "packages. Ignoring package " + pkg.packageName); 10126 } 10127 final int childCount = pkg.childPackages.size(); 10128 for (int i = 0; i < childCount; i++) { 10129 PackageParser.Package childPkg = pkg.childPackages.get(i); 10130 if (mSettings.hasOtherDisabledSystemPkgWithChildLPr(pkg.packageName, 10131 childPkg.packageName)) { 10132 throw new PackageManagerException("Can't override child of " 10133 + "another disabled app. Ignoring package " + pkg.packageName); 10134 } 10135 } 10136 } 10137 10138 // If we're only installing presumed-existing packages, require that the 10139 // scanned APK is both already known and at the path previously established 10140 // for it. Previously unknown packages we pick up normally, but if we have an 10141 // a priori expectation about this package's install presence, enforce it. 10142 // With a singular exception for new system packages. When an OTA contains 10143 // a new system package, we allow the codepath to change from a system location 10144 // to the user-installed location. If we don't allow this change, any newer, 10145 // user-installed version of the application will be ignored. 10146 if ((scanFlags & SCAN_REQUIRE_KNOWN) != 0) { 10147 if (mExpectingBetter.containsKey(pkg.packageName)) { 10148 logCriticalInfo(Log.WARN, 10149 "Relax SCAN_REQUIRE_KNOWN requirement for package " + pkg.packageName); 10150 } else { 10151 PackageSetting known = mSettings.getPackageLPr(pkg.packageName); 10152 if (known != null) { 10153 if (DEBUG_PACKAGE_SCANNING) { 10154 Log.d(TAG, "Examining " + pkg.codePath 10155 + " and requiring known paths " + known.codePathString 10156 + " & " + known.resourcePathString); 10157 } 10158 if (!pkg.applicationInfo.getCodePath().equals(known.codePathString) 10159 || !pkg.applicationInfo.getResourcePath().equals( 10160 known.resourcePathString)) { 10161 throw new PackageManagerException(INSTALL_FAILED_PACKAGE_CHANGED, 10162 "Application package " + pkg.packageName 10163 + " found at " + pkg.applicationInfo.getCodePath() 10164 + " but expected at " + known.codePathString 10165 + "; ignoring."); 10166 } 10167 } 10168 } 10169 } 10170 10171 // Verify that this new package doesn't have any content providers 10172 // that conflict with existing packages. Only do this if the 10173 // package isn't already installed, since we don't want to break 10174 // things that are installed. 10175 if ((scanFlags & SCAN_NEW_INSTALL) != 0) { 10176 final int N = pkg.providers.size(); 10177 int i; 10178 for (i=0; i<N; i++) { 10179 PackageParser.Provider p = pkg.providers.get(i); 10180 if (p.info.authority != null) { 10181 String names[] = p.info.authority.split(";"); 10182 for (int j = 0; j < names.length; j++) { 10183 if (mProvidersByAuthority.containsKey(names[j])) { 10184 PackageParser.Provider other = mProvidersByAuthority.get(names[j]); 10185 final String otherPackageName = 10186 ((other != null && other.getComponentName() != null) ? 10187 other.getComponentName().getPackageName() : "?"); 10188 throw new PackageManagerException( 10189 INSTALL_FAILED_CONFLICTING_PROVIDER, 10190 "Can't install because provider name " + names[j] 10191 + " (in package " + pkg.applicationInfo.packageName 10192 + ") is already used by " + otherPackageName); 10193 } 10194 } 10195 } 10196 } 10197 } 10198 } 10199 } 10200 10201 private boolean addSharedLibraryLPw(String path, String apk, String name, int version, 10202 int type, String declaringPackageName, int declaringVersionCode) { 10203 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get(name); 10204 if (versionedLib == null) { 10205 versionedLib = new SparseArray<>(); 10206 mSharedLibraries.put(name, versionedLib); 10207 if (type == SharedLibraryInfo.TYPE_STATIC) { 10208 mStaticLibsByDeclaringPackage.put(declaringPackageName, versionedLib); 10209 } 10210 } else if (versionedLib.indexOfKey(version) >= 0) { 10211 return false; 10212 } 10213 SharedLibraryEntry libEntry = new SharedLibraryEntry(path, apk, name, 10214 version, type, declaringPackageName, declaringVersionCode); 10215 versionedLib.put(version, libEntry); 10216 return true; 10217 } 10218 10219 private boolean removeSharedLibraryLPw(String name, int version) { 10220 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get(name); 10221 if (versionedLib == null) { 10222 return false; 10223 } 10224 final int libIdx = versionedLib.indexOfKey(version); 10225 if (libIdx < 0) { 10226 return false; 10227 } 10228 SharedLibraryEntry libEntry = versionedLib.valueAt(libIdx); 10229 versionedLib.remove(version); 10230 if (versionedLib.size() <= 0) { 10231 mSharedLibraries.remove(name); 10232 if (libEntry.info.getType() == SharedLibraryInfo.TYPE_STATIC) { 10233 mStaticLibsByDeclaringPackage.remove(libEntry.info.getDeclaringPackage() 10234 .getPackageName()); 10235 } 10236 } 10237 return true; 10238 } 10239 10240 /** 10241 * Adds a scanned package to the system. When this method is finished, the package will 10242 * be available for query, resolution, etc... 10243 */ 10244 private void commitPackageSettings(PackageParser.Package pkg, PackageSetting pkgSetting, 10245 UserHandle user, int scanFlags, boolean chatty) throws PackageManagerException { 10246 final String pkgName = pkg.packageName; 10247 if (mCustomResolverComponentName != null && 10248 mCustomResolverComponentName.getPackageName().equals(pkg.packageName)) { 10249 setUpCustomResolverActivity(pkg); 10250 } 10251 10252 if (pkg.packageName.equals("android")) { 10253 synchronized (mPackages) { 10254 if ((scanFlags & SCAN_CHECK_ONLY) == 0) { 10255 // Set up information for our fall-back user intent resolution activity. 10256 mPlatformPackage = pkg; 10257 pkg.mVersionCode = mSdkVersion; 10258 mAndroidApplication = pkg.applicationInfo; 10259 if (!mResolverReplaced) { 10260 mResolveActivity.applicationInfo = mAndroidApplication; 10261 mResolveActivity.name = ResolverActivity.class.getName(); 10262 mResolveActivity.packageName = mAndroidApplication.packageName; 10263 mResolveActivity.processName = "system:ui"; 10264 mResolveActivity.launchMode = ActivityInfo.LAUNCH_MULTIPLE; 10265 mResolveActivity.documentLaunchMode = ActivityInfo.DOCUMENT_LAUNCH_NEVER; 10266 mResolveActivity.flags = ActivityInfo.FLAG_EXCLUDE_FROM_RECENTS; 10267 mResolveActivity.theme = R.style.Theme_Material_Dialog_Alert; 10268 mResolveActivity.exported = true; 10269 mResolveActivity.enabled = true; 10270 mResolveActivity.resizeMode = ActivityInfo.RESIZE_MODE_RESIZEABLE; 10271 mResolveActivity.configChanges = ActivityInfo.CONFIG_SCREEN_SIZE 10272 | ActivityInfo.CONFIG_SMALLEST_SCREEN_SIZE 10273 | ActivityInfo.CONFIG_SCREEN_LAYOUT 10274 | ActivityInfo.CONFIG_ORIENTATION 10275 | ActivityInfo.CONFIG_KEYBOARD 10276 | ActivityInfo.CONFIG_KEYBOARD_HIDDEN; 10277 mResolveInfo.activityInfo = mResolveActivity; 10278 mResolveInfo.priority = 0; 10279 mResolveInfo.preferredOrder = 0; 10280 mResolveInfo.match = 0; 10281 mResolveComponentName = new ComponentName( 10282 mAndroidApplication.packageName, mResolveActivity.name); 10283 } 10284 } 10285 } 10286 } 10287 10288 ArrayList<PackageParser.Package> clientLibPkgs = null; 10289 // writer 10290 synchronized (mPackages) { 10291 boolean hasStaticSharedLibs = false; 10292 10293 // Any app can add new static shared libraries 10294 if (pkg.staticSharedLibName != null) { 10295 // Static shared libs don't allow renaming as they have synthetic package 10296 // names to allow install of multiple versions, so use name from manifest. 10297 if (addSharedLibraryLPw(null, pkg.packageName, pkg.staticSharedLibName, 10298 pkg.staticSharedLibVersion, SharedLibraryInfo.TYPE_STATIC, 10299 pkg.manifestPackageName, pkg.mVersionCode)) { 10300 hasStaticSharedLibs = true; 10301 } else { 10302 Slog.w(TAG, "Package " + pkg.packageName + " library " 10303 + pkg.staticSharedLibName + " already exists; skipping"); 10304 } 10305 // Static shared libs cannot be updated once installed since they 10306 // use synthetic package name which includes the version code, so 10307 // not need to update other packages's shared lib dependencies. 10308 } 10309 10310 if (!hasStaticSharedLibs 10311 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 10312 // Only system apps can add new dynamic shared libraries. 10313 if (pkg.libraryNames != null) { 10314 for (int i = 0; i < pkg.libraryNames.size(); i++) { 10315 String name = pkg.libraryNames.get(i); 10316 boolean allowed = false; 10317 if (pkg.isUpdatedSystemApp()) { 10318 // New library entries can only be added through the 10319 // system image. This is important to get rid of a lot 10320 // of nasty edge cases: for example if we allowed a non- 10321 // system update of the app to add a library, then uninstalling 10322 // the update would make the library go away, and assumptions 10323 // we made such as through app install filtering would now 10324 // have allowed apps on the device which aren't compatible 10325 // with it. Better to just have the restriction here, be 10326 // conservative, and create many fewer cases that can negatively 10327 // impact the user experience. 10328 final PackageSetting sysPs = mSettings 10329 .getDisabledSystemPkgLPr(pkg.packageName); 10330 if (sysPs.pkg != null && sysPs.pkg.libraryNames != null) { 10331 for (int j = 0; j < sysPs.pkg.libraryNames.size(); j++) { 10332 if (name.equals(sysPs.pkg.libraryNames.get(j))) { 10333 allowed = true; 10334 break; 10335 } 10336 } 10337 } 10338 } else { 10339 allowed = true; 10340 } 10341 if (allowed) { 10342 if (!addSharedLibraryLPw(null, pkg.packageName, name, 10343 SharedLibraryInfo.VERSION_UNDEFINED, 10344 SharedLibraryInfo.TYPE_DYNAMIC, 10345 pkg.packageName, pkg.mVersionCode)) { 10346 Slog.w(TAG, "Package " + pkg.packageName + " library " 10347 + name + " already exists; skipping"); 10348 } 10349 } else { 10350 Slog.w(TAG, "Package " + pkg.packageName + " declares lib " 10351 + name + " that is not declared on system image; skipping"); 10352 } 10353 } 10354 10355 if ((scanFlags & SCAN_BOOTING) == 0) { 10356 // If we are not booting, we need to update any applications 10357 // that are clients of our shared library. If we are booting, 10358 // this will all be done once the scan is complete. 10359 clientLibPkgs = updateAllSharedLibrariesLPw(pkg); 10360 } 10361 } 10362 } 10363 } 10364 10365 if ((scanFlags & SCAN_BOOTING) != 0) { 10366 // No apps can run during boot scan, so they don't need to be frozen 10367 } else if ((scanFlags & SCAN_DONT_KILL_APP) != 0) { 10368 // Caller asked to not kill app, so it's probably not frozen 10369 } else if ((scanFlags & SCAN_IGNORE_FROZEN) != 0) { 10370 // Caller asked us to ignore frozen check for some reason; they 10371 // probably didn't know the package name 10372 } else { 10373 // We're doing major surgery on this package, so it better be frozen 10374 // right now to keep it from launching 10375 checkPackageFrozen(pkgName); 10376 } 10377 10378 // Also need to kill any apps that are dependent on the library. 10379 if (clientLibPkgs != null) { 10380 for (int i=0; i<clientLibPkgs.size(); i++) { 10381 PackageParser.Package clientPkg = clientLibPkgs.get(i); 10382 killApplication(clientPkg.applicationInfo.packageName, 10383 clientPkg.applicationInfo.uid, "update lib"); 10384 } 10385 } 10386 10387 // writer 10388 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "updateSettings"); 10389 10390 synchronized (mPackages) { 10391 // We don't expect installation to fail beyond this point 10392 10393 // Add the new setting to mSettings 10394 mSettings.insertPackageSettingLPw(pkgSetting, pkg); 10395 // Add the new setting to mPackages 10396 mPackages.put(pkg.applicationInfo.packageName, pkg); 10397 // Make sure we don't accidentally delete its data. 10398 final Iterator<PackageCleanItem> iter = mSettings.mPackagesToBeCleaned.iterator(); 10399 while (iter.hasNext()) { 10400 PackageCleanItem item = iter.next(); 10401 if (pkgName.equals(item.packageName)) { 10402 iter.remove(); 10403 } 10404 } 10405 10406 // Add the package's KeySets to the global KeySetManagerService 10407 KeySetManagerService ksms = mSettings.mKeySetManagerService; 10408 ksms.addScannedPackageLPw(pkg); 10409 10410 int N = pkg.providers.size(); 10411 StringBuilder r = null; 10412 int i; 10413 for (i=0; i<N; i++) { 10414 PackageParser.Provider p = pkg.providers.get(i); 10415 p.info.processName = fixProcessName(pkg.applicationInfo.processName, 10416 p.info.processName); 10417 mProviders.addProvider(p); 10418 p.syncable = p.info.isSyncable; 10419 if (p.info.authority != null) { 10420 String names[] = p.info.authority.split(";"); 10421 p.info.authority = null; 10422 for (int j = 0; j < names.length; j++) { 10423 if (j == 1 && p.syncable) { 10424 // We only want the first authority for a provider to possibly be 10425 // syncable, so if we already added this provider using a different 10426 // authority clear the syncable flag. We copy the provider before 10427 // changing it because the mProviders object contains a reference 10428 // to a provider that we don't want to change. 10429 // Only do this for the second authority since the resulting provider 10430 // object can be the same for all future authorities for this provider. 10431 p = new PackageParser.Provider(p); 10432 p.syncable = false; 10433 } 10434 if (!mProvidersByAuthority.containsKey(names[j])) { 10435 mProvidersByAuthority.put(names[j], p); 10436 if (p.info.authority == null) { 10437 p.info.authority = names[j]; 10438 } else { 10439 p.info.authority = p.info.authority + ";" + names[j]; 10440 } 10441 if (DEBUG_PACKAGE_SCANNING) { 10442 if (chatty) 10443 Log.d(TAG, "Registered content provider: " + names[j] 10444 + ", className = " + p.info.name + ", isSyncable = " 10445 + p.info.isSyncable); 10446 } 10447 } else { 10448 PackageParser.Provider other = mProvidersByAuthority.get(names[j]); 10449 Slog.w(TAG, "Skipping provider name " + names[j] + 10450 " (in package " + pkg.applicationInfo.packageName + 10451 "): name already used by " 10452 + ((other != null && other.getComponentName() != null) 10453 ? other.getComponentName().getPackageName() : "?")); 10454 } 10455 } 10456 } 10457 if (chatty) { 10458 if (r == null) { 10459 r = new StringBuilder(256); 10460 } else { 10461 r.append(' '); 10462 } 10463 r.append(p.info.name); 10464 } 10465 } 10466 if (r != null) { 10467 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Providers: " + r); 10468 } 10469 10470 N = pkg.services.size(); 10471 r = null; 10472 for (i=0; i<N; i++) { 10473 PackageParser.Service s = pkg.services.get(i); 10474 s.info.processName = fixProcessName(pkg.applicationInfo.processName, 10475 s.info.processName); 10476 mServices.addService(s); 10477 if (chatty) { 10478 if (r == null) { 10479 r = new StringBuilder(256); 10480 } else { 10481 r.append(' '); 10482 } 10483 r.append(s.info.name); 10484 } 10485 } 10486 if (r != null) { 10487 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Services: " + r); 10488 } 10489 10490 N = pkg.receivers.size(); 10491 r = null; 10492 for (i=0; i<N; i++) { 10493 PackageParser.Activity a = pkg.receivers.get(i); 10494 a.info.processName = fixProcessName(pkg.applicationInfo.processName, 10495 a.info.processName); 10496 mReceivers.addActivity(a, "receiver"); 10497 if (chatty) { 10498 if (r == null) { 10499 r = new StringBuilder(256); 10500 } else { 10501 r.append(' '); 10502 } 10503 r.append(a.info.name); 10504 } 10505 } 10506 if (r != null) { 10507 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Receivers: " + r); 10508 } 10509 10510 N = pkg.activities.size(); 10511 r = null; 10512 for (i=0; i<N; i++) { 10513 PackageParser.Activity a = pkg.activities.get(i); 10514 a.info.processName = fixProcessName(pkg.applicationInfo.processName, 10515 a.info.processName); 10516 mActivities.addActivity(a, "activity"); 10517 if (chatty) { 10518 if (r == null) { 10519 r = new StringBuilder(256); 10520 } else { 10521 r.append(' '); 10522 } 10523 r.append(a.info.name); 10524 } 10525 } 10526 if (r != null) { 10527 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Activities: " + r); 10528 } 10529 10530 N = pkg.permissionGroups.size(); 10531 r = null; 10532 for (i=0; i<N; i++) { 10533 PackageParser.PermissionGroup pg = pkg.permissionGroups.get(i); 10534 PackageParser.PermissionGroup cur = mPermissionGroups.get(pg.info.name); 10535 final String curPackageName = cur == null ? null : cur.info.packageName; 10536 // Dont allow ephemeral apps to define new permission groups. 10537 if ((scanFlags & SCAN_AS_INSTANT_APP) != 0) { 10538 Slog.w(TAG, "Permission group " + pg.info.name + " from package " 10539 + pg.info.packageName 10540 + " ignored: instant apps cannot define new permission groups."); 10541 continue; 10542 } 10543 final boolean isPackageUpdate = pg.info.packageName.equals(curPackageName); 10544 if (cur == null || isPackageUpdate) { 10545 mPermissionGroups.put(pg.info.name, pg); 10546 if (chatty) { 10547 if (r == null) { 10548 r = new StringBuilder(256); 10549 } else { 10550 r.append(' '); 10551 } 10552 if (isPackageUpdate) { 10553 r.append("UPD:"); 10554 } 10555 r.append(pg.info.name); 10556 } 10557 } else { 10558 Slog.w(TAG, "Permission group " + pg.info.name + " from package " 10559 + pg.info.packageName + " ignored: original from " 10560 + cur.info.packageName); 10561 if (chatty) { 10562 if (r == null) { 10563 r = new StringBuilder(256); 10564 } else { 10565 r.append(' '); 10566 } 10567 r.append("DUP:"); 10568 r.append(pg.info.name); 10569 } 10570 } 10571 } 10572 if (r != null) { 10573 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Permission Groups: " + r); 10574 } 10575 10576 N = pkg.permissions.size(); 10577 r = null; 10578 for (i=0; i<N; i++) { 10579 PackageParser.Permission p = pkg.permissions.get(i); 10580 10581 // Dont allow ephemeral apps to define new permissions. 10582 if ((scanFlags & SCAN_AS_INSTANT_APP) != 0) { 10583 Slog.w(TAG, "Permission " + p.info.name + " from package " 10584 + p.info.packageName 10585 + " ignored: instant apps cannot define new permissions."); 10586 continue; 10587 } 10588 10589 // Assume by default that we did not install this permission into the system. 10590 p.info.flags &= ~PermissionInfo.FLAG_INSTALLED; 10591 10592 // Now that permission groups have a special meaning, we ignore permission 10593 // groups for legacy apps to prevent unexpected behavior. In particular, 10594 // permissions for one app being granted to someone just becase they happen 10595 // to be in a group defined by another app (before this had no implications). 10596 if (pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1) { 10597 p.group = mPermissionGroups.get(p.info.group); 10598 // Warn for a permission in an unknown group. 10599 if (p.info.group != null && p.group == null) { 10600 Slog.w(TAG, "Permission " + p.info.name + " from package " 10601 + p.info.packageName + " in an unknown group " + p.info.group); 10602 } 10603 } 10604 10605 ArrayMap<String, BasePermission> permissionMap = 10606 p.tree ? mSettings.mPermissionTrees 10607 : mSettings.mPermissions; 10608 BasePermission bp = permissionMap.get(p.info.name); 10609 10610 // Allow system apps to redefine non-system permissions 10611 if (bp != null && !Objects.equals(bp.sourcePackage, p.info.packageName)) { 10612 final boolean currentOwnerIsSystem = (bp.perm != null 10613 && isSystemApp(bp.perm.owner)); 10614 if (isSystemApp(p.owner)) { 10615 if (bp.type == BasePermission.TYPE_BUILTIN && bp.perm == null) { 10616 // It's a built-in permission and no owner, take ownership now 10617 bp.packageSetting = pkgSetting; 10618 bp.perm = p; 10619 bp.uid = pkg.applicationInfo.uid; 10620 bp.sourcePackage = p.info.packageName; 10621 p.info.flags |= PermissionInfo.FLAG_INSTALLED; 10622 } else if (!currentOwnerIsSystem) { 10623 String msg = "New decl " + p.owner + " of permission " 10624 + p.info.name + " is system; overriding " + bp.sourcePackage; 10625 reportSettingsProblem(Log.WARN, msg); 10626 bp = null; 10627 } 10628 } 10629 } 10630 10631 if (bp == null) { 10632 bp = new BasePermission(p.info.name, p.info.packageName, 10633 BasePermission.TYPE_NORMAL); 10634 permissionMap.put(p.info.name, bp); 10635 } 10636 10637 if (bp.perm == null) { 10638 if (bp.sourcePackage == null 10639 || bp.sourcePackage.equals(p.info.packageName)) { 10640 BasePermission tree = findPermissionTreeLP(p.info.name); 10641 if (tree == null 10642 || tree.sourcePackage.equals(p.info.packageName)) { 10643 bp.packageSetting = pkgSetting; 10644 bp.perm = p; 10645 bp.uid = pkg.applicationInfo.uid; 10646 bp.sourcePackage = p.info.packageName; 10647 p.info.flags |= PermissionInfo.FLAG_INSTALLED; 10648 if (chatty) { 10649 if (r == null) { 10650 r = new StringBuilder(256); 10651 } else { 10652 r.append(' '); 10653 } 10654 r.append(p.info.name); 10655 } 10656 } else { 10657 Slog.w(TAG, "Permission " + p.info.name + " from package " 10658 + p.info.packageName + " ignored: base tree " 10659 + tree.name + " is from package " 10660 + tree.sourcePackage); 10661 } 10662 } else { 10663 Slog.w(TAG, "Permission " + p.info.name + " from package " 10664 + p.info.packageName + " ignored: original from " 10665 + bp.sourcePackage); 10666 } 10667 } else if (chatty) { 10668 if (r == null) { 10669 r = new StringBuilder(256); 10670 } else { 10671 r.append(' '); 10672 } 10673 r.append("DUP:"); 10674 r.append(p.info.name); 10675 } 10676 if (bp.perm == p) { 10677 bp.protectionLevel = p.info.protectionLevel; 10678 } 10679 } 10680 10681 if (r != null) { 10682 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Permissions: " + r); 10683 } 10684 10685 N = pkg.instrumentation.size(); 10686 r = null; 10687 for (i=0; i<N; i++) { 10688 PackageParser.Instrumentation a = pkg.instrumentation.get(i); 10689 a.info.packageName = pkg.applicationInfo.packageName; 10690 a.info.sourceDir = pkg.applicationInfo.sourceDir; 10691 a.info.publicSourceDir = pkg.applicationInfo.publicSourceDir; 10692 a.info.splitNames = pkg.splitNames; 10693 a.info.splitSourceDirs = pkg.applicationInfo.splitSourceDirs; 10694 a.info.splitPublicSourceDirs = pkg.applicationInfo.splitPublicSourceDirs; 10695 a.info.splitDependencies = pkg.applicationInfo.splitDependencies; 10696 a.info.dataDir = pkg.applicationInfo.dataDir; 10697 a.info.deviceProtectedDataDir = pkg.applicationInfo.deviceProtectedDataDir; 10698 a.info.credentialProtectedDataDir = pkg.applicationInfo.credentialProtectedDataDir; 10699 a.info.nativeLibraryDir = pkg.applicationInfo.nativeLibraryDir; 10700 a.info.secondaryNativeLibraryDir = pkg.applicationInfo.secondaryNativeLibraryDir; 10701 mInstrumentation.put(a.getComponentName(), a); 10702 if (chatty) { 10703 if (r == null) { 10704 r = new StringBuilder(256); 10705 } else { 10706 r.append(' '); 10707 } 10708 r.append(a.info.name); 10709 } 10710 } 10711 if (r != null) { 10712 if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Instrumentation: " + r); 10713 } 10714 10715 if (pkg.protectedBroadcasts != null) { 10716 N = pkg.protectedBroadcasts.size(); 10717 for (i=0; i<N; i++) { 10718 mProtectedBroadcasts.add(pkg.protectedBroadcasts.get(i)); 10719 } 10720 } 10721 } 10722 10723 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 10724 } 10725 10726 /** 10727 * Derive the ABI of a non-system package located at {@code scanFile}. This information 10728 * is derived purely on the basis of the contents of {@code scanFile} and 10729 * {@code cpuAbiOverride}. 10730 * 10731 * If {@code extractLibs} is true, native libraries are extracted from the app if required. 10732 */ 10733 private static void derivePackageAbi(PackageParser.Package pkg, File scanFile, 10734 String cpuAbiOverride, boolean extractLibs, 10735 File appLib32InstallDir) 10736 throws PackageManagerException { 10737 // Give ourselves some initial paths; we'll come back for another 10738 // pass once we've determined ABI below. 10739 setNativeLibraryPaths(pkg, appLib32InstallDir); 10740 10741 // We would never need to extract libs for forward-locked and external packages, 10742 // since the container service will do it for us. We shouldn't attempt to 10743 // extract libs from system app when it was not updated. 10744 if (pkg.isForwardLocked() || pkg.applicationInfo.isExternalAsec() || 10745 (isSystemApp(pkg) && !pkg.isUpdatedSystemApp())) { 10746 extractLibs = false; 10747 } 10748 10749 final String nativeLibraryRootStr = pkg.applicationInfo.nativeLibraryRootDir; 10750 final boolean useIsaSpecificSubdirs = pkg.applicationInfo.nativeLibraryRootRequiresIsa; 10751 10752 NativeLibraryHelper.Handle handle = null; 10753 try { 10754 handle = NativeLibraryHelper.Handle.create(pkg); 10755 // TODO(multiArch): This can be null for apps that didn't go through the 10756 // usual installation process. We can calculate it again, like we 10757 // do during install time. 10758 // 10759 // TODO(multiArch): Why do we need to rescan ASEC apps again ? It seems totally 10760 // unnecessary. 10761 final File nativeLibraryRoot = new File(nativeLibraryRootStr); 10762 10763 // Null out the abis so that they can be recalculated. 10764 pkg.applicationInfo.primaryCpuAbi = null; 10765 pkg.applicationInfo.secondaryCpuAbi = null; 10766 if (isMultiArch(pkg.applicationInfo)) { 10767 // Warn if we've set an abiOverride for multi-lib packages.. 10768 // By definition, we need to copy both 32 and 64 bit libraries for 10769 // such packages. 10770 if (pkg.cpuAbiOverride != null 10771 && !NativeLibraryHelper.CLEAR_ABI_OVERRIDE.equals(pkg.cpuAbiOverride)) { 10772 Slog.w(TAG, "Ignoring abiOverride for multi arch application."); 10773 } 10774 10775 int abi32 = PackageManager.NO_NATIVE_LIBRARIES; 10776 int abi64 = PackageManager.NO_NATIVE_LIBRARIES; 10777 if (Build.SUPPORTED_32_BIT_ABIS.length > 0) { 10778 if (extractLibs) { 10779 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "copyNativeBinaries"); 10780 abi32 = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, 10781 nativeLibraryRoot, Build.SUPPORTED_32_BIT_ABIS, 10782 useIsaSpecificSubdirs); 10783 } else { 10784 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "findSupportedAbi"); 10785 abi32 = NativeLibraryHelper.findSupportedAbi(handle, Build.SUPPORTED_32_BIT_ABIS); 10786 } 10787 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 10788 } 10789 10790 maybeThrowExceptionForMultiArchCopy( 10791 "Error unpackaging 32 bit native libs for multiarch app.", abi32); 10792 10793 if (Build.SUPPORTED_64_BIT_ABIS.length > 0) { 10794 if (extractLibs) { 10795 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "copyNativeBinaries"); 10796 abi64 = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, 10797 nativeLibraryRoot, Build.SUPPORTED_64_BIT_ABIS, 10798 useIsaSpecificSubdirs); 10799 } else { 10800 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "findSupportedAbi"); 10801 abi64 = NativeLibraryHelper.findSupportedAbi(handle, Build.SUPPORTED_64_BIT_ABIS); 10802 } 10803 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 10804 } 10805 10806 maybeThrowExceptionForMultiArchCopy( 10807 "Error unpackaging 64 bit native libs for multiarch app.", abi64); 10808 10809 if (abi64 >= 0) { 10810 pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[abi64]; 10811 } 10812 10813 if (abi32 >= 0) { 10814 final String abi = Build.SUPPORTED_32_BIT_ABIS[abi32]; 10815 if (abi64 >= 0) { 10816 if (pkg.use32bitAbi) { 10817 pkg.applicationInfo.secondaryCpuAbi = pkg.applicationInfo.primaryCpuAbi; 10818 pkg.applicationInfo.primaryCpuAbi = abi; 10819 } else { 10820 pkg.applicationInfo.secondaryCpuAbi = abi; 10821 } 10822 } else { 10823 pkg.applicationInfo.primaryCpuAbi = abi; 10824 } 10825 } 10826 10827 } else { 10828 String[] abiList = (cpuAbiOverride != null) ? 10829 new String[] { cpuAbiOverride } : Build.SUPPORTED_ABIS; 10830 10831 // Enable gross and lame hacks for apps that are built with old 10832 // SDK tools. We must scan their APKs for renderscript bitcode and 10833 // not launch them if it's present. Don't bother checking on devices 10834 // that don't have 64 bit support. 10835 boolean needsRenderScriptOverride = false; 10836 if (Build.SUPPORTED_64_BIT_ABIS.length > 0 && cpuAbiOverride == null && 10837 NativeLibraryHelper.hasRenderscriptBitcode(handle)) { 10838 abiList = Build.SUPPORTED_32_BIT_ABIS; 10839 needsRenderScriptOverride = true; 10840 } 10841 10842 final int copyRet; 10843 if (extractLibs) { 10844 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "copyNativeBinaries"); 10845 copyRet = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, 10846 nativeLibraryRoot, abiList, useIsaSpecificSubdirs); 10847 } else { 10848 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "findSupportedAbi"); 10849 copyRet = NativeLibraryHelper.findSupportedAbi(handle, abiList); 10850 } 10851 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 10852 10853 if (copyRet < 0 && copyRet != PackageManager.NO_NATIVE_LIBRARIES) { 10854 throw new PackageManagerException(INSTALL_FAILED_INTERNAL_ERROR, 10855 "Error unpackaging native libs for app, errorCode=" + copyRet); 10856 } 10857 10858 if (copyRet >= 0) { 10859 pkg.applicationInfo.primaryCpuAbi = abiList[copyRet]; 10860 } else if (copyRet == PackageManager.NO_NATIVE_LIBRARIES && cpuAbiOverride != null) { 10861 pkg.applicationInfo.primaryCpuAbi = cpuAbiOverride; 10862 } else if (needsRenderScriptOverride) { 10863 pkg.applicationInfo.primaryCpuAbi = abiList[0]; 10864 } 10865 } 10866 } catch (IOException ioe) { 10867 Slog.e(TAG, "Unable to get canonical file " + ioe.toString()); 10868 } finally { 10869 IoUtils.closeQuietly(handle); 10870 } 10871 10872 // Now that we've calculated the ABIs and determined if it's an internal app, 10873 // we will go ahead and populate the nativeLibraryPath. 10874 setNativeLibraryPaths(pkg, appLib32InstallDir); 10875 } 10876 10877 /** 10878 * Adjusts ABIs for a set of packages belonging to a shared user so that they all match. 10879 * i.e, so that all packages can be run inside a single process if required. 10880 * 10881 * Optionally, callers can pass in a parsed package via {@code newPackage} in which case 10882 * this function will either try and make the ABI for all packages in {@code packagesForUser} 10883 * match {@code scannedPackage} or will update the ABI of {@code scannedPackage} to match 10884 * the ABI selected for {@code packagesForUser}. This variant is used when installing or 10885 * updating a package that belongs to a shared user. 10886 * 10887 * NOTE: We currently only match for the primary CPU abi string. Matching the secondary 10888 * adds unnecessary complexity. 10889 */ 10890 private void adjustCpuAbisForSharedUserLPw(Set<PackageSetting> packagesForUser, 10891 PackageParser.Package scannedPackage) { 10892 String requiredInstructionSet = null; 10893 if (scannedPackage != null && scannedPackage.applicationInfo.primaryCpuAbi != null) { 10894 requiredInstructionSet = VMRuntime.getInstructionSet( 10895 scannedPackage.applicationInfo.primaryCpuAbi); 10896 } 10897 10898 PackageSetting requirer = null; 10899 for (PackageSetting ps : packagesForUser) { 10900 // If packagesForUser contains scannedPackage, we skip it. This will happen 10901 // when scannedPackage is an update of an existing package. Without this check, 10902 // we will never be able to change the ABI of any package belonging to a shared 10903 // user, even if it's compatible with other packages. 10904 if (scannedPackage == null || !scannedPackage.packageName.equals(ps.name)) { 10905 if (ps.primaryCpuAbiString == null) { 10906 continue; 10907 } 10908 10909 final String instructionSet = VMRuntime.getInstructionSet(ps.primaryCpuAbiString); 10910 if (requiredInstructionSet != null && !instructionSet.equals(requiredInstructionSet)) { 10911 // We have a mismatch between instruction sets (say arm vs arm64) warn about 10912 // this but there's not much we can do. 10913 String errorMessage = "Instruction set mismatch, " 10914 + ((requirer == null) ? "[caller]" : requirer) 10915 + " requires " + requiredInstructionSet + " whereas " + ps 10916 + " requires " + instructionSet; 10917 Slog.w(TAG, errorMessage); 10918 } 10919 10920 if (requiredInstructionSet == null) { 10921 requiredInstructionSet = instructionSet; 10922 requirer = ps; 10923 } 10924 } 10925 } 10926 10927 if (requiredInstructionSet != null) { 10928 String adjustedAbi; 10929 if (requirer != null) { 10930 // requirer != null implies that either scannedPackage was null or that scannedPackage 10931 // did not require an ABI, in which case we have to adjust scannedPackage to match 10932 // the ABI of the set (which is the same as requirer's ABI) 10933 adjustedAbi = requirer.primaryCpuAbiString; 10934 if (scannedPackage != null) { 10935 scannedPackage.applicationInfo.primaryCpuAbi = adjustedAbi; 10936 } 10937 } else { 10938 // requirer == null implies that we're updating all ABIs in the set to 10939 // match scannedPackage. 10940 adjustedAbi = scannedPackage.applicationInfo.primaryCpuAbi; 10941 } 10942 10943 for (PackageSetting ps : packagesForUser) { 10944 if (scannedPackage == null || !scannedPackage.packageName.equals(ps.name)) { 10945 if (ps.primaryCpuAbiString != null) { 10946 continue; 10947 } 10948 10949 ps.primaryCpuAbiString = adjustedAbi; 10950 if (ps.pkg != null && ps.pkg.applicationInfo != null && 10951 !TextUtils.equals(adjustedAbi, ps.pkg.applicationInfo.primaryCpuAbi)) { 10952 ps.pkg.applicationInfo.primaryCpuAbi = adjustedAbi; 10953 Slog.i(TAG, "Adjusting ABI for " + ps.name + " to " + adjustedAbi 10954 + " (requirer=" 10955 + (requirer != null ? requirer.pkg : "null") 10956 + ", scannedPackage=" 10957 + (scannedPackage != null ? scannedPackage : "null") 10958 + ")"); 10959 try { 10960 mInstaller.rmdex(ps.codePathString, 10961 getDexCodeInstructionSet(getPreferredInstructionSet())); 10962 } catch (InstallerException ignored) { 10963 } 10964 } 10965 } 10966 } 10967 } 10968 } 10969 10970 private void setUpCustomResolverActivity(PackageParser.Package pkg) { 10971 synchronized (mPackages) { 10972 mResolverReplaced = true; 10973 // Set up information for custom user intent resolution activity. 10974 mResolveActivity.applicationInfo = pkg.applicationInfo; 10975 mResolveActivity.name = mCustomResolverComponentName.getClassName(); 10976 mResolveActivity.packageName = pkg.applicationInfo.packageName; 10977 mResolveActivity.processName = pkg.applicationInfo.packageName; 10978 mResolveActivity.launchMode = ActivityInfo.LAUNCH_MULTIPLE; 10979 mResolveActivity.flags = ActivityInfo.FLAG_EXCLUDE_FROM_RECENTS | 10980 ActivityInfo.FLAG_FINISH_ON_CLOSE_SYSTEM_DIALOGS; 10981 mResolveActivity.theme = 0; 10982 mResolveActivity.exported = true; 10983 mResolveActivity.enabled = true; 10984 mResolveInfo.activityInfo = mResolveActivity; 10985 mResolveInfo.priority = 0; 10986 mResolveInfo.preferredOrder = 0; 10987 mResolveInfo.match = 0; 10988 mResolveComponentName = mCustomResolverComponentName; 10989 Slog.i(TAG, "Replacing default ResolverActivity with custom activity: " + 10990 mResolveComponentName); 10991 } 10992 } 10993 10994 private void setUpInstantAppInstallerActivityLP(ActivityInfo installerActivity) { 10995 if (installerActivity == null) { 10996 if (DEBUG_EPHEMERAL) { 10997 Slog.d(TAG, "Clear ephemeral installer activity"); 10998 } 10999 mInstantAppInstallerActivity = null; 11000 return; 11001 } 11002 11003 if (DEBUG_EPHEMERAL) { 11004 Slog.d(TAG, "Set ephemeral installer activity: " 11005 + installerActivity.getComponentName()); 11006 } 11007 // Set up information for ephemeral installer activity 11008 mInstantAppInstallerActivity = installerActivity; 11009 mInstantAppInstallerActivity.flags |= ActivityInfo.FLAG_EXCLUDE_FROM_RECENTS 11010 | ActivityInfo.FLAG_FINISH_ON_CLOSE_SYSTEM_DIALOGS; 11011 mInstantAppInstallerActivity.exported = true; 11012 mInstantAppInstallerActivity.enabled = true; 11013 mInstantAppInstallerInfo.activityInfo = mInstantAppInstallerActivity; 11014 mInstantAppInstallerInfo.priority = 0; 11015 mInstantAppInstallerInfo.preferredOrder = 1; 11016 mInstantAppInstallerInfo.isDefault = true; 11017 mInstantAppInstallerInfo.match = IntentFilter.MATCH_CATEGORY_SCHEME_SPECIFIC_PART 11018 | IntentFilter.MATCH_ADJUSTMENT_NORMAL; 11019 } 11020 11021 private static String calculateBundledApkRoot(final String codePathString) { 11022 final File codePath = new File(codePathString); 11023 final File codeRoot; 11024 if (FileUtils.contains(Environment.getRootDirectory(), codePath)) { 11025 codeRoot = Environment.getRootDirectory(); 11026 } else if (FileUtils.contains(Environment.getOemDirectory(), codePath)) { 11027 codeRoot = Environment.getOemDirectory(); 11028 } else if (FileUtils.contains(Environment.getVendorDirectory(), codePath)) { 11029 codeRoot = Environment.getVendorDirectory(); 11030 } else { 11031 // Unrecognized code path; take its top real segment as the apk root: 11032 // e.g. /something/app/blah.apk => /something 11033 try { 11034 File f = codePath.getCanonicalFile(); 11035 File parent = f.getParentFile(); // non-null because codePath is a file 11036 File tmp; 11037 while ((tmp = parent.getParentFile()) != null) { 11038 f = parent; 11039 parent = tmp; 11040 } 11041 codeRoot = f; 11042 Slog.w(TAG, "Unrecognized code path " 11043 + codePath + " - using " + codeRoot); 11044 } catch (IOException e) { 11045 // Can't canonicalize the code path -- shenanigans? 11046 Slog.w(TAG, "Can't canonicalize code path " + codePath); 11047 return Environment.getRootDirectory().getPath(); 11048 } 11049 } 11050 return codeRoot.getPath(); 11051 } 11052 11053 /** 11054 * Derive and set the location of native libraries for the given package, 11055 * which varies depending on where and how the package was installed. 11056 */ 11057 private static void setNativeLibraryPaths(PackageParser.Package pkg, File appLib32InstallDir) { 11058 final ApplicationInfo info = pkg.applicationInfo; 11059 final String codePath = pkg.codePath; 11060 final File codeFile = new File(codePath); 11061 final boolean bundledApp = info.isSystemApp() && !info.isUpdatedSystemApp(); 11062 final boolean asecApp = info.isForwardLocked() || info.isExternalAsec(); 11063 11064 info.nativeLibraryRootDir = null; 11065 info.nativeLibraryRootRequiresIsa = false; 11066 info.nativeLibraryDir = null; 11067 info.secondaryNativeLibraryDir = null; 11068 11069 if (isApkFile(codeFile)) { 11070 // Monolithic install 11071 if (bundledApp) { 11072 // If "/system/lib64/apkname" exists, assume that is the per-package 11073 // native library directory to use; otherwise use "/system/lib/apkname". 11074 final String apkRoot = calculateBundledApkRoot(info.sourceDir); 11075 final boolean is64Bit = VMRuntime.is64BitInstructionSet( 11076 getPrimaryInstructionSet(info)); 11077 11078 // This is a bundled system app so choose the path based on the ABI. 11079 // if it's a 64 bit abi, use lib64 otherwise use lib32. Note that this 11080 // is just the default path. 11081 final String apkName = deriveCodePathName(codePath); 11082 final String libDir = is64Bit ? LIB64_DIR_NAME : LIB_DIR_NAME; 11083 info.nativeLibraryRootDir = Environment.buildPath(new File(apkRoot), libDir, 11084 apkName).getAbsolutePath(); 11085 11086 if (info.secondaryCpuAbi != null) { 11087 final String secondaryLibDir = is64Bit ? LIB_DIR_NAME : LIB64_DIR_NAME; 11088 info.secondaryNativeLibraryDir = Environment.buildPath(new File(apkRoot), 11089 secondaryLibDir, apkName).getAbsolutePath(); 11090 } 11091 } else if (asecApp) { 11092 info.nativeLibraryRootDir = new File(codeFile.getParentFile(), LIB_DIR_NAME) 11093 .getAbsolutePath(); 11094 } else { 11095 final String apkName = deriveCodePathName(codePath); 11096 info.nativeLibraryRootDir = new File(appLib32InstallDir, apkName) 11097 .getAbsolutePath(); 11098 } 11099 11100 info.nativeLibraryRootRequiresIsa = false; 11101 info.nativeLibraryDir = info.nativeLibraryRootDir; 11102 } else { 11103 // Cluster install 11104 info.nativeLibraryRootDir = new File(codeFile, LIB_DIR_NAME).getAbsolutePath(); 11105 info.nativeLibraryRootRequiresIsa = true; 11106 11107 info.nativeLibraryDir = new File(info.nativeLibraryRootDir, 11108 getPrimaryInstructionSet(info)).getAbsolutePath(); 11109 11110 if (info.secondaryCpuAbi != null) { 11111 info.secondaryNativeLibraryDir = new File(info.nativeLibraryRootDir, 11112 VMRuntime.getInstructionSet(info.secondaryCpuAbi)).getAbsolutePath(); 11113 } 11114 } 11115 } 11116 11117 /** 11118 * Calculate the abis and roots for a bundled app. These can uniquely 11119 * be determined from the contents of the system partition, i.e whether 11120 * it contains 64 or 32 bit shared libraries etc. We do not validate any 11121 * of this information, and instead assume that the system was built 11122 * sensibly. 11123 */ 11124 private static void setBundledAppAbisAndRoots(PackageParser.Package pkg, 11125 PackageSetting pkgSetting) { 11126 final String apkName = deriveCodePathName(pkg.applicationInfo.getCodePath()); 11127 11128 // If "/system/lib64/apkname" exists, assume that is the per-package 11129 // native library directory to use; otherwise use "/system/lib/apkname". 11130 final String apkRoot = calculateBundledApkRoot(pkg.applicationInfo.sourceDir); 11131 setBundledAppAbi(pkg, apkRoot, apkName); 11132 // pkgSetting might be null during rescan following uninstall of updates 11133 // to a bundled app, so accommodate that possibility. The settings in 11134 // that case will be established later from the parsed package. 11135 // 11136 // If the settings aren't null, sync them up with what we've just derived. 11137 // note that apkRoot isn't stored in the package settings. 11138 if (pkgSetting != null) { 11139 pkgSetting.primaryCpuAbiString = pkg.applicationInfo.primaryCpuAbi; 11140 pkgSetting.secondaryCpuAbiString = pkg.applicationInfo.secondaryCpuAbi; 11141 } 11142 } 11143 11144 /** 11145 * Deduces the ABI of a bundled app and sets the relevant fields on the 11146 * parsed pkg object. 11147 * 11148 * @param apkRoot the root of the installed apk, something like {@code /system} or {@code /oem} 11149 * under which system libraries are installed. 11150 * @param apkName the name of the installed package. 11151 */ 11152 private static void setBundledAppAbi(PackageParser.Package pkg, String apkRoot, String apkName) { 11153 final File codeFile = new File(pkg.codePath); 11154 11155 final boolean has64BitLibs; 11156 final boolean has32BitLibs; 11157 if (isApkFile(codeFile)) { 11158 // Monolithic install 11159 has64BitLibs = (new File(apkRoot, new File(LIB64_DIR_NAME, apkName).getPath())).exists(); 11160 has32BitLibs = (new File(apkRoot, new File(LIB_DIR_NAME, apkName).getPath())).exists(); 11161 } else { 11162 // Cluster install 11163 final File rootDir = new File(codeFile, LIB_DIR_NAME); 11164 if (!ArrayUtils.isEmpty(Build.SUPPORTED_64_BIT_ABIS) 11165 && !TextUtils.isEmpty(Build.SUPPORTED_64_BIT_ABIS[0])) { 11166 final String isa = VMRuntime.getInstructionSet(Build.SUPPORTED_64_BIT_ABIS[0]); 11167 has64BitLibs = (new File(rootDir, isa)).exists(); 11168 } else { 11169 has64BitLibs = false; 11170 } 11171 if (!ArrayUtils.isEmpty(Build.SUPPORTED_32_BIT_ABIS) 11172 && !TextUtils.isEmpty(Build.SUPPORTED_32_BIT_ABIS[0])) { 11173 final String isa = VMRuntime.getInstructionSet(Build.SUPPORTED_32_BIT_ABIS[0]); 11174 has32BitLibs = (new File(rootDir, isa)).exists(); 11175 } else { 11176 has32BitLibs = false; 11177 } 11178 } 11179 11180 if (has64BitLibs && !has32BitLibs) { 11181 // The package has 64 bit libs, but not 32 bit libs. Its primary 11182 // ABI should be 64 bit. We can safely assume here that the bundled 11183 // native libraries correspond to the most preferred ABI in the list. 11184 11185 pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; 11186 pkg.applicationInfo.secondaryCpuAbi = null; 11187 } else if (has32BitLibs && !has64BitLibs) { 11188 // The package has 32 bit libs but not 64 bit libs. Its primary 11189 // ABI should be 32 bit. 11190 11191 pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; 11192 pkg.applicationInfo.secondaryCpuAbi = null; 11193 } else if (has32BitLibs && has64BitLibs) { 11194 // The application has both 64 and 32 bit bundled libraries. We check 11195 // here that the app declares multiArch support, and warn if it doesn't. 11196 // 11197 // We will be lenient here and record both ABIs. The primary will be the 11198 // ABI that's higher on the list, i.e, a device that's configured to prefer 11199 // 64 bit apps will see a 64 bit primary ABI, 11200 11201 if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_MULTIARCH) == 0) { 11202 Slog.e(TAG, "Package " + pkg + " has multiple bundled libs, but is not multiarch."); 11203 } 11204 11205 if (VMRuntime.is64BitInstructionSet(getPreferredInstructionSet())) { 11206 pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; 11207 pkg.applicationInfo.secondaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; 11208 } else { 11209 pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; 11210 pkg.applicationInfo.secondaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; 11211 } 11212 } else { 11213 pkg.applicationInfo.primaryCpuAbi = null; 11214 pkg.applicationInfo.secondaryCpuAbi = null; 11215 } 11216 } 11217 11218 private void killApplication(String pkgName, int appId, String reason) { 11219 killApplication(pkgName, appId, UserHandle.USER_ALL, reason); 11220 } 11221 11222 private void killApplication(String pkgName, int appId, int userId, String reason) { 11223 // Request the ActivityManager to kill the process(only for existing packages) 11224 // so that we do not end up in a confused state while the user is still using the older 11225 // version of the application while the new one gets installed. 11226 final long token = Binder.clearCallingIdentity(); 11227 try { 11228 IActivityManager am = ActivityManager.getService(); 11229 if (am != null) { 11230 try { 11231 am.killApplication(pkgName, appId, userId, reason); 11232 } catch (RemoteException e) { 11233 } 11234 } 11235 } finally { 11236 Binder.restoreCallingIdentity(token); 11237 } 11238 } 11239 11240 private void removePackageLI(PackageParser.Package pkg, boolean chatty) { 11241 // Remove the parent package setting 11242 PackageSetting ps = (PackageSetting) pkg.mExtras; 11243 if (ps != null) { 11244 removePackageLI(ps, chatty); 11245 } 11246 // Remove the child package setting 11247 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 11248 for (int i = 0; i < childCount; i++) { 11249 PackageParser.Package childPkg = pkg.childPackages.get(i); 11250 ps = (PackageSetting) childPkg.mExtras; 11251 if (ps != null) { 11252 removePackageLI(ps, chatty); 11253 } 11254 } 11255 } 11256 11257 void removePackageLI(PackageSetting ps, boolean chatty) { 11258 if (DEBUG_INSTALL) { 11259 if (chatty) 11260 Log.d(TAG, "Removing package " + ps.name); 11261 } 11262 11263 // writer 11264 synchronized (mPackages) { 11265 mPackages.remove(ps.name); 11266 final PackageParser.Package pkg = ps.pkg; 11267 if (pkg != null) { 11268 cleanPackageDataStructuresLILPw(pkg, chatty); 11269 } 11270 } 11271 } 11272 11273 void removeInstalledPackageLI(PackageParser.Package pkg, boolean chatty) { 11274 if (DEBUG_INSTALL) { 11275 if (chatty) 11276 Log.d(TAG, "Removing package " + pkg.applicationInfo.packageName); 11277 } 11278 11279 // writer 11280 synchronized (mPackages) { 11281 // Remove the parent package 11282 mPackages.remove(pkg.applicationInfo.packageName); 11283 cleanPackageDataStructuresLILPw(pkg, chatty); 11284 11285 // Remove the child packages 11286 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 11287 for (int i = 0; i < childCount; i++) { 11288 PackageParser.Package childPkg = pkg.childPackages.get(i); 11289 mPackages.remove(childPkg.applicationInfo.packageName); 11290 cleanPackageDataStructuresLILPw(childPkg, chatty); 11291 } 11292 } 11293 } 11294 11295 void cleanPackageDataStructuresLILPw(PackageParser.Package pkg, boolean chatty) { 11296 int N = pkg.providers.size(); 11297 StringBuilder r = null; 11298 int i; 11299 for (i=0; i<N; i++) { 11300 PackageParser.Provider p = pkg.providers.get(i); 11301 mProviders.removeProvider(p); 11302 if (p.info.authority == null) { 11303 11304 /* There was another ContentProvider with this authority when 11305 * this app was installed so this authority is null, 11306 * Ignore it as we don't have to unregister the provider. 11307 */ 11308 continue; 11309 } 11310 String names[] = p.info.authority.split(";"); 11311 for (int j = 0; j < names.length; j++) { 11312 if (mProvidersByAuthority.get(names[j]) == p) { 11313 mProvidersByAuthority.remove(names[j]); 11314 if (DEBUG_REMOVE) { 11315 if (chatty) 11316 Log.d(TAG, "Unregistered content provider: " + names[j] 11317 + ", className = " + p.info.name + ", isSyncable = " 11318 + p.info.isSyncable); 11319 } 11320 } 11321 } 11322 if (DEBUG_REMOVE && chatty) { 11323 if (r == null) { 11324 r = new StringBuilder(256); 11325 } else { 11326 r.append(' '); 11327 } 11328 r.append(p.info.name); 11329 } 11330 } 11331 if (r != null) { 11332 if (DEBUG_REMOVE) Log.d(TAG, " Providers: " + r); 11333 } 11334 11335 N = pkg.services.size(); 11336 r = null; 11337 for (i=0; i<N; i++) { 11338 PackageParser.Service s = pkg.services.get(i); 11339 mServices.removeService(s); 11340 if (chatty) { 11341 if (r == null) { 11342 r = new StringBuilder(256); 11343 } else { 11344 r.append(' '); 11345 } 11346 r.append(s.info.name); 11347 } 11348 } 11349 if (r != null) { 11350 if (DEBUG_REMOVE) Log.d(TAG, " Services: " + r); 11351 } 11352 11353 N = pkg.receivers.size(); 11354 r = null; 11355 for (i=0; i<N; i++) { 11356 PackageParser.Activity a = pkg.receivers.get(i); 11357 mReceivers.removeActivity(a, "receiver"); 11358 if (DEBUG_REMOVE && chatty) { 11359 if (r == null) { 11360 r = new StringBuilder(256); 11361 } else { 11362 r.append(' '); 11363 } 11364 r.append(a.info.name); 11365 } 11366 } 11367 if (r != null) { 11368 if (DEBUG_REMOVE) Log.d(TAG, " Receivers: " + r); 11369 } 11370 11371 N = pkg.activities.size(); 11372 r = null; 11373 for (i=0; i<N; i++) { 11374 PackageParser.Activity a = pkg.activities.get(i); 11375 mActivities.removeActivity(a, "activity"); 11376 if (DEBUG_REMOVE && chatty) { 11377 if (r == null) { 11378 r = new StringBuilder(256); 11379 } else { 11380 r.append(' '); 11381 } 11382 r.append(a.info.name); 11383 } 11384 } 11385 if (r != null) { 11386 if (DEBUG_REMOVE) Log.d(TAG, " Activities: " + r); 11387 } 11388 11389 N = pkg.permissions.size(); 11390 r = null; 11391 for (i=0; i<N; i++) { 11392 PackageParser.Permission p = pkg.permissions.get(i); 11393 BasePermission bp = mSettings.mPermissions.get(p.info.name); 11394 if (bp == null) { 11395 bp = mSettings.mPermissionTrees.get(p.info.name); 11396 } 11397 if (bp != null && bp.perm == p) { 11398 bp.perm = null; 11399 if (DEBUG_REMOVE && chatty) { 11400 if (r == null) { 11401 r = new StringBuilder(256); 11402 } else { 11403 r.append(' '); 11404 } 11405 r.append(p.info.name); 11406 } 11407 } 11408 if ((p.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_APPOP) != 0) { 11409 ArraySet<String> appOpPkgs = mAppOpPermissionPackages.get(p.info.name); 11410 if (appOpPkgs != null) { 11411 appOpPkgs.remove(pkg.packageName); 11412 } 11413 } 11414 } 11415 if (r != null) { 11416 if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); 11417 } 11418 11419 N = pkg.requestedPermissions.size(); 11420 r = null; 11421 for (i=0; i<N; i++) { 11422 String perm = pkg.requestedPermissions.get(i); 11423 BasePermission bp = mSettings.mPermissions.get(perm); 11424 if (bp != null && (bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_APPOP) != 0) { 11425 ArraySet<String> appOpPkgs = mAppOpPermissionPackages.get(perm); 11426 if (appOpPkgs != null) { 11427 appOpPkgs.remove(pkg.packageName); 11428 if (appOpPkgs.isEmpty()) { 11429 mAppOpPermissionPackages.remove(perm); 11430 } 11431 } 11432 } 11433 } 11434 if (r != null) { 11435 if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); 11436 } 11437 11438 N = pkg.instrumentation.size(); 11439 r = null; 11440 for (i=0; i<N; i++) { 11441 PackageParser.Instrumentation a = pkg.instrumentation.get(i); 11442 mInstrumentation.remove(a.getComponentName()); 11443 if (DEBUG_REMOVE && chatty) { 11444 if (r == null) { 11445 r = new StringBuilder(256); 11446 } else { 11447 r.append(' '); 11448 } 11449 r.append(a.info.name); 11450 } 11451 } 11452 if (r != null) { 11453 if (DEBUG_REMOVE) Log.d(TAG, " Instrumentation: " + r); 11454 } 11455 11456 r = null; 11457 if ((pkg.applicationInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) { 11458 // Only system apps can hold shared libraries. 11459 if (pkg.libraryNames != null) { 11460 for (i = 0; i < pkg.libraryNames.size(); i++) { 11461 String name = pkg.libraryNames.get(i); 11462 if (removeSharedLibraryLPw(name, 0)) { 11463 if (DEBUG_REMOVE && chatty) { 11464 if (r == null) { 11465 r = new StringBuilder(256); 11466 } else { 11467 r.append(' '); 11468 } 11469 r.append(name); 11470 } 11471 } 11472 } 11473 } 11474 } 11475 11476 r = null; 11477 11478 // Any package can hold static shared libraries. 11479 if (pkg.staticSharedLibName != null) { 11480 if (removeSharedLibraryLPw(pkg.staticSharedLibName, pkg.staticSharedLibVersion)) { 11481 if (DEBUG_REMOVE && chatty) { 11482 if (r == null) { 11483 r = new StringBuilder(256); 11484 } else { 11485 r.append(' '); 11486 } 11487 r.append(pkg.staticSharedLibName); 11488 } 11489 } 11490 } 11491 11492 if (r != null) { 11493 if (DEBUG_REMOVE) Log.d(TAG, " Libraries: " + r); 11494 } 11495 } 11496 11497 private static boolean hasPermission(PackageParser.Package pkgInfo, String perm) { 11498 for (int i=pkgInfo.permissions.size()-1; i>=0; i--) { 11499 if (pkgInfo.permissions.get(i).info.name.equals(perm)) { 11500 return true; 11501 } 11502 } 11503 return false; 11504 } 11505 11506 static final int UPDATE_PERMISSIONS_ALL = 1<<0; 11507 static final int UPDATE_PERMISSIONS_REPLACE_PKG = 1<<1; 11508 static final int UPDATE_PERMISSIONS_REPLACE_ALL = 1<<2; 11509 11510 private void updatePermissionsLPw(PackageParser.Package pkg, int flags) { 11511 // Update the parent permissions 11512 updatePermissionsLPw(pkg.packageName, pkg, flags); 11513 // Update the child permissions 11514 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 11515 for (int i = 0; i < childCount; i++) { 11516 PackageParser.Package childPkg = pkg.childPackages.get(i); 11517 updatePermissionsLPw(childPkg.packageName, childPkg, flags); 11518 } 11519 } 11520 11521 private void updatePermissionsLPw(String changingPkg, PackageParser.Package pkgInfo, 11522 int flags) { 11523 final String volumeUuid = (pkgInfo != null) ? getVolumeUuidForPackage(pkgInfo) : null; 11524 updatePermissionsLPw(changingPkg, pkgInfo, volumeUuid, flags); 11525 } 11526 11527 private void updatePermissionsLPw(String changingPkg, 11528 PackageParser.Package pkgInfo, String replaceVolumeUuid, int flags) { 11529 // Make sure there are no dangling permission trees. 11530 Iterator<BasePermission> it = mSettings.mPermissionTrees.values().iterator(); 11531 while (it.hasNext()) { 11532 final BasePermission bp = it.next(); 11533 if (bp.packageSetting == null) { 11534 // We may not yet have parsed the package, so just see if 11535 // we still know about its settings. 11536 bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); 11537 } 11538 if (bp.packageSetting == null) { 11539 Slog.w(TAG, "Removing dangling permission tree: " + bp.name 11540 + " from package " + bp.sourcePackage); 11541 it.remove(); 11542 } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { 11543 if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { 11544 Slog.i(TAG, "Removing old permission tree: " + bp.name 11545 + " from package " + bp.sourcePackage); 11546 flags |= UPDATE_PERMISSIONS_ALL; 11547 it.remove(); 11548 } 11549 } 11550 } 11551 11552 // Make sure all dynamic permissions have been assigned to a package, 11553 // and make sure there are no dangling permissions. 11554 it = mSettings.mPermissions.values().iterator(); 11555 while (it.hasNext()) { 11556 final BasePermission bp = it.next(); 11557 if (bp.type == BasePermission.TYPE_DYNAMIC) { 11558 if (DEBUG_SETTINGS) Log.v(TAG, "Dynamic permission: name=" 11559 + bp.name + " pkg=" + bp.sourcePackage 11560 + " info=" + bp.pendingInfo); 11561 if (bp.packageSetting == null && bp.pendingInfo != null) { 11562 final BasePermission tree = findPermissionTreeLP(bp.name); 11563 if (tree != null && tree.perm != null) { 11564 bp.packageSetting = tree.packageSetting; 11565 bp.perm = new PackageParser.Permission(tree.perm.owner, 11566 new PermissionInfo(bp.pendingInfo)); 11567 bp.perm.info.packageName = tree.perm.info.packageName; 11568 bp.perm.info.name = bp.name; 11569 bp.uid = tree.uid; 11570 } 11571 } 11572 } 11573 if (bp.packageSetting == null) { 11574 // We may not yet have parsed the package, so just see if 11575 // we still know about its settings. 11576 bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); 11577 } 11578 if (bp.packageSetting == null) { 11579 Slog.w(TAG, "Removing dangling permission: " + bp.name 11580 + " from package " + bp.sourcePackage); 11581 it.remove(); 11582 } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { 11583 if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { 11584 Slog.i(TAG, "Removing old permission: " + bp.name 11585 + " from package " + bp.sourcePackage); 11586 flags |= UPDATE_PERMISSIONS_ALL; 11587 it.remove(); 11588 } 11589 } 11590 } 11591 11592 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "grantPermissions"); 11593 // Now update the permissions for all packages, in particular 11594 // replace the granted permissions of the system packages. 11595 if ((flags&UPDATE_PERMISSIONS_ALL) != 0) { 11596 for (PackageParser.Package pkg : mPackages.values()) { 11597 if (pkg != pkgInfo) { 11598 // Only replace for packages on requested volume 11599 final String volumeUuid = getVolumeUuidForPackage(pkg); 11600 final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_ALL) != 0) 11601 && Objects.equals(replaceVolumeUuid, volumeUuid); 11602 grantPermissionsLPw(pkg, replace, changingPkg); 11603 } 11604 } 11605 } 11606 11607 if (pkgInfo != null) { 11608 // Only replace for packages on requested volume 11609 final String volumeUuid = getVolumeUuidForPackage(pkgInfo); 11610 final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_PKG) != 0) 11611 && Objects.equals(replaceVolumeUuid, volumeUuid); 11612 grantPermissionsLPw(pkgInfo, replace, changingPkg); 11613 } 11614 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 11615 } 11616 11617 private void grantPermissionsLPw(PackageParser.Package pkg, boolean replace, 11618 String packageOfInterest) { 11619 // IMPORTANT: There are two types of permissions: install and runtime. 11620 // Install time permissions are granted when the app is installed to 11621 // all device users and users added in the future. Runtime permissions 11622 // are granted at runtime explicitly to specific users. Normal and signature 11623 // protected permissions are install time permissions. Dangerous permissions 11624 // are install permissions if the app's target SDK is Lollipop MR1 or older, 11625 // otherwise they are runtime permissions. This function does not manage 11626 // runtime permissions except for the case an app targeting Lollipop MR1 11627 // being upgraded to target a newer SDK, in which case dangerous permissions 11628 // are transformed from install time to runtime ones. 11629 11630 final PackageSetting ps = (PackageSetting) pkg.mExtras; 11631 if (ps == null) { 11632 return; 11633 } 11634 11635 PermissionsState permissionsState = ps.getPermissionsState(); 11636 PermissionsState origPermissions = permissionsState; 11637 11638 final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); 11639 11640 boolean runtimePermissionsRevoked = false; 11641 int[] changedRuntimePermissionUserIds = EMPTY_INT_ARRAY; 11642 11643 boolean changedInstallPermission = false; 11644 11645 if (replace) { 11646 ps.installPermissionsFixed = false; 11647 if (!ps.isSharedUser()) { 11648 origPermissions = new PermissionsState(permissionsState); 11649 permissionsState.reset(); 11650 } else { 11651 // We need to know only about runtime permission changes since the 11652 // calling code always writes the install permissions state but 11653 // the runtime ones are written only if changed. The only cases of 11654 // changed runtime permissions here are promotion of an install to 11655 // runtime and revocation of a runtime from a shared user. 11656 changedRuntimePermissionUserIds = revokeUnusedSharedUserPermissionsLPw( 11657 ps.sharedUser, UserManagerService.getInstance().getUserIds()); 11658 if (!ArrayUtils.isEmpty(changedRuntimePermissionUserIds)) { 11659 runtimePermissionsRevoked = true; 11660 } 11661 } 11662 } 11663 11664 permissionsState.setGlobalGids(mGlobalGids); 11665 11666 final int N = pkg.requestedPermissions.size(); 11667 for (int i=0; i<N; i++) { 11668 final String name = pkg.requestedPermissions.get(i); 11669 final BasePermission bp = mSettings.mPermissions.get(name); 11670 final boolean appSupportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion 11671 >= Build.VERSION_CODES.M; 11672 11673 if (DEBUG_INSTALL) { 11674 Log.i(TAG, "Package " + pkg.packageName + " checking " + name + ": " + bp); 11675 } 11676 11677 if (bp == null || bp.packageSetting == null) { 11678 if (packageOfInterest == null || packageOfInterest.equals(pkg.packageName)) { 11679 Slog.w(TAG, "Unknown permission " + name 11680 + " in package " + pkg.packageName); 11681 } 11682 continue; 11683 } 11684 11685 11686 // Limit ephemeral apps to ephemeral allowed permissions. 11687 if (pkg.applicationInfo.isInstantApp() && !bp.isInstant()) { 11688 Log.i(TAG, "Denying non-ephemeral permission " + bp.name + " for package " 11689 + pkg.packageName); 11690 continue; 11691 } 11692 11693 if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions) { 11694 Log.i(TAG, "Denying runtime-only permission " + bp.name + " for package " 11695 + pkg.packageName); 11696 continue; 11697 } 11698 11699 final String perm = bp.name; 11700 boolean allowedSig = false; 11701 int grant = GRANT_DENIED; 11702 11703 // Keep track of app op permissions. 11704 if ((bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0) { 11705 ArraySet<String> pkgs = mAppOpPermissionPackages.get(bp.name); 11706 if (pkgs == null) { 11707 pkgs = new ArraySet<>(); 11708 mAppOpPermissionPackages.put(bp.name, pkgs); 11709 } 11710 pkgs.add(pkg.packageName); 11711 } 11712 11713 final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE; 11714 switch (level) { 11715 case PermissionInfo.PROTECTION_NORMAL: { 11716 // For all apps normal permissions are install time ones. 11717 grant = GRANT_INSTALL; 11718 } break; 11719 11720 case PermissionInfo.PROTECTION_DANGEROUS: { 11721 // If a permission review is required for legacy apps we represent 11722 // their permissions as always granted runtime ones since we need 11723 // to keep the review required permission flag per user while an 11724 // install permission's state is shared across all users. 11725 if (!appSupportsRuntimePermissions && !mPermissionReviewRequired) { 11726 // For legacy apps dangerous permissions are install time ones. 11727 grant = GRANT_INSTALL; 11728 } else if (origPermissions.hasInstallPermission(bp.name)) { 11729 // For legacy apps that became modern, install becomes runtime. 11730 grant = GRANT_UPGRADE; 11731 } else if (mPromoteSystemApps 11732 && isSystemApp(ps) 11733 && mExistingSystemPackages.contains(ps.name)) { 11734 // For legacy system apps, install becomes runtime. 11735 // We cannot check hasInstallPermission() for system apps since those 11736 // permissions were granted implicitly and not persisted pre-M. 11737 grant = GRANT_UPGRADE; 11738 } else { 11739 // For modern apps keep runtime permissions unchanged. 11740 grant = GRANT_RUNTIME; 11741 } 11742 } break; 11743 11744 case PermissionInfo.PROTECTION_SIGNATURE: { 11745 // For all apps signature permissions are install time ones. 11746 allowedSig = grantSignaturePermission(perm, pkg, bp, origPermissions); 11747 if (allowedSig) { 11748 grant = GRANT_INSTALL; 11749 } 11750 } break; 11751 } 11752 11753 if (DEBUG_INSTALL) { 11754 Log.i(TAG, "Package " + pkg.packageName + " granting " + perm); 11755 } 11756 11757 if (grant != GRANT_DENIED) { 11758 if (!isSystemApp(ps) && ps.installPermissionsFixed) { 11759 // If this is an existing, non-system package, then 11760 // we can't add any new permissions to it. 11761 if (!allowedSig && !origPermissions.hasInstallPermission(perm)) { 11762 // Except... if this is a permission that was added 11763 // to the platform (note: need to only do this when 11764 // updating the platform). 11765 if (!isNewPlatformPermissionForPackage(perm, pkg)) { 11766 grant = GRANT_DENIED; 11767 } 11768 } 11769 } 11770 11771 switch (grant) { 11772 case GRANT_INSTALL: { 11773 // Revoke this as runtime permission to handle the case of 11774 // a runtime permission being downgraded to an install one. 11775 // Also in permission review mode we keep dangerous permissions 11776 // for legacy apps 11777 for (int userId : UserManagerService.getInstance().getUserIds()) { 11778 if (origPermissions.getRuntimePermissionState( 11779 bp.name, userId) != null) { 11780 // Revoke the runtime permission and clear the flags. 11781 origPermissions.revokeRuntimePermission(bp, userId); 11782 origPermissions.updatePermissionFlags(bp, userId, 11783 PackageManager.MASK_PERMISSION_FLAGS, 0); 11784 // If we revoked a permission permission, we have to write. 11785 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11786 changedRuntimePermissionUserIds, userId); 11787 } 11788 } 11789 // Grant an install permission. 11790 if (permissionsState.grantInstallPermission(bp) != 11791 PermissionsState.PERMISSION_OPERATION_FAILURE) { 11792 changedInstallPermission = true; 11793 } 11794 } break; 11795 11796 case GRANT_RUNTIME: { 11797 // Grant previously granted runtime permissions. 11798 for (int userId : UserManagerService.getInstance().getUserIds()) { 11799 PermissionState permissionState = origPermissions 11800 .getRuntimePermissionState(bp.name, userId); 11801 int flags = permissionState != null 11802 ? permissionState.getFlags() : 0; 11803 if (origPermissions.hasRuntimePermission(bp.name, userId)) { 11804 // Don't propagate the permission in a permission review mode if 11805 // the former was revoked, i.e. marked to not propagate on upgrade. 11806 // Note that in a permission review mode install permissions are 11807 // represented as constantly granted runtime ones since we need to 11808 // keep a per user state associated with the permission. Also the 11809 // revoke on upgrade flag is no longer applicable and is reset. 11810 final boolean revokeOnUpgrade = (flags & PackageManager 11811 .FLAG_PERMISSION_REVOKE_ON_UPGRADE) != 0; 11812 if (revokeOnUpgrade) { 11813 flags &= ~PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE; 11814 // Since we changed the flags, we have to write. 11815 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11816 changedRuntimePermissionUserIds, userId); 11817 } 11818 if (!mPermissionReviewRequired || !revokeOnUpgrade) { 11819 if (permissionsState.grantRuntimePermission(bp, userId) == 11820 PermissionsState.PERMISSION_OPERATION_FAILURE) { 11821 // If we cannot put the permission as it was, 11822 // we have to write. 11823 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11824 changedRuntimePermissionUserIds, userId); 11825 } 11826 } 11827 11828 // If the app supports runtime permissions no need for a review. 11829 if (mPermissionReviewRequired 11830 && appSupportsRuntimePermissions 11831 && (flags & PackageManager 11832 .FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { 11833 flags &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 11834 // Since we changed the flags, we have to write. 11835 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11836 changedRuntimePermissionUserIds, userId); 11837 } 11838 } else if (mPermissionReviewRequired 11839 && !appSupportsRuntimePermissions) { 11840 // For legacy apps that need a permission review, every new 11841 // runtime permission is granted but it is pending a review. 11842 // We also need to review only platform defined runtime 11843 // permissions as these are the only ones the platform knows 11844 // how to disable the API to simulate revocation as legacy 11845 // apps don't expect to run with revoked permissions. 11846 if (PLATFORM_PACKAGE_NAME.equals(bp.sourcePackage)) { 11847 if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) { 11848 flags |= FLAG_PERMISSION_REVIEW_REQUIRED; 11849 // We changed the flags, hence have to write. 11850 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11851 changedRuntimePermissionUserIds, userId); 11852 } 11853 } 11854 if (permissionsState.grantRuntimePermission(bp, userId) 11855 != PermissionsState.PERMISSION_OPERATION_FAILURE) { 11856 // We changed the permission, hence have to write. 11857 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11858 changedRuntimePermissionUserIds, userId); 11859 } 11860 } 11861 // Propagate the permission flags. 11862 permissionsState.updatePermissionFlags(bp, userId, flags, flags); 11863 } 11864 } break; 11865 11866 case GRANT_UPGRADE: { 11867 // Grant runtime permissions for a previously held install permission. 11868 PermissionState permissionState = origPermissions 11869 .getInstallPermissionState(bp.name); 11870 final int flags = permissionState != null ? permissionState.getFlags() : 0; 11871 11872 if (origPermissions.revokeInstallPermission(bp) 11873 != PermissionsState.PERMISSION_OPERATION_FAILURE) { 11874 // We will be transferring the permission flags, so clear them. 11875 origPermissions.updatePermissionFlags(bp, UserHandle.USER_ALL, 11876 PackageManager.MASK_PERMISSION_FLAGS, 0); 11877 changedInstallPermission = true; 11878 } 11879 11880 // If the permission is not to be promoted to runtime we ignore it and 11881 // also its other flags as they are not applicable to install permissions. 11882 if ((flags & PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE) == 0) { 11883 for (int userId : currentUserIds) { 11884 if (permissionsState.grantRuntimePermission(bp, userId) != 11885 PermissionsState.PERMISSION_OPERATION_FAILURE) { 11886 // Transfer the permission flags. 11887 permissionsState.updatePermissionFlags(bp, userId, 11888 flags, flags); 11889 // If we granted the permission, we have to write. 11890 changedRuntimePermissionUserIds = ArrayUtils.appendInt( 11891 changedRuntimePermissionUserIds, userId); 11892 } 11893 } 11894 } 11895 } break; 11896 11897 default: { 11898 if (packageOfInterest == null 11899 || packageOfInterest.equals(pkg.packageName)) { 11900 Slog.w(TAG, "Not granting permission " + perm 11901 + " to package " + pkg.packageName 11902 + " because it was previously installed without"); 11903 } 11904 } break; 11905 } 11906 } else { 11907 if (permissionsState.revokeInstallPermission(bp) != 11908 PermissionsState.PERMISSION_OPERATION_FAILURE) { 11909 // Also drop the permission flags. 11910 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL, 11911 PackageManager.MASK_PERMISSION_FLAGS, 0); 11912 changedInstallPermission = true; 11913 Slog.i(TAG, "Un-granting permission " + perm 11914 + " from package " + pkg.packageName 11915 + " (protectionLevel=" + bp.protectionLevel 11916 + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags) 11917 + ")"); 11918 } else if ((bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_APPOP) == 0) { 11919 // Don't print warning for app op permissions, since it is fine for them 11920 // not to be granted, there is a UI for the user to decide. 11921 if (packageOfInterest == null || packageOfInterest.equals(pkg.packageName)) { 11922 Slog.w(TAG, "Not granting permission " + perm 11923 + " to package " + pkg.packageName 11924 + " (protectionLevel=" + bp.protectionLevel 11925 + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags) 11926 + ")"); 11927 } 11928 } 11929 } 11930 } 11931 11932 if ((changedInstallPermission || replace) && !ps.installPermissionsFixed && 11933 !isSystemApp(ps) || isUpdatedSystemApp(ps)){ 11934 // This is the first that we have heard about this package, so the 11935 // permissions we have now selected are fixed until explicitly 11936 // changed. 11937 ps.installPermissionsFixed = true; 11938 } 11939 11940 // Persist the runtime permissions state for users with changes. If permissions 11941 // were revoked because no app in the shared user declares them we have to 11942 // write synchronously to avoid losing runtime permissions state. 11943 for (int userId : changedRuntimePermissionUserIds) { 11944 mSettings.writeRuntimePermissionsForUserLPr(userId, runtimePermissionsRevoked); 11945 } 11946 } 11947 11948 private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) { 11949 boolean allowed = false; 11950 final int NP = PackageParser.NEW_PERMISSIONS.length; 11951 for (int ip=0; ip<NP; ip++) { 11952 final PackageParser.NewPermissionInfo npi 11953 = PackageParser.NEW_PERMISSIONS[ip]; 11954 if (npi.name.equals(perm) 11955 && pkg.applicationInfo.targetSdkVersion < npi.sdkVersion) { 11956 allowed = true; 11957 Log.i(TAG, "Auto-granting " + perm + " to old pkg " 11958 + pkg.packageName); 11959 break; 11960 } 11961 } 11962 return allowed; 11963 } 11964 11965 private boolean grantSignaturePermission(String perm, PackageParser.Package pkg, 11966 BasePermission bp, PermissionsState origPermissions) { 11967 boolean privilegedPermission = (bp.protectionLevel 11968 & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0; 11969 boolean privappPermissionsDisable = 11970 RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_DISABLE; 11971 boolean platformPermission = PLATFORM_PACKAGE_NAME.equals(bp.sourcePackage); 11972 boolean platformPackage = PLATFORM_PACKAGE_NAME.equals(pkg.packageName); 11973 if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivilegedApp() 11974 && !platformPackage && platformPermission) { 11975 ArraySet<String> wlPermissions = SystemConfig.getInstance() 11976 .getPrivAppPermissions(pkg.packageName); 11977 boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm); 11978 if (!whitelisted) { 11979 Slog.w(TAG, "Privileged permission " + perm + " for package " 11980 + pkg.packageName + " - not in privapp-permissions whitelist"); 11981 // Only report violations for apps on system image 11982 if (!mSystemReady && !pkg.isUpdatedSystemApp()) { 11983 if (mPrivappPermissionsViolations == null) { 11984 mPrivappPermissionsViolations = new ArraySet<>(); 11985 } 11986 mPrivappPermissionsViolations.add(pkg.packageName + ": " + perm); 11987 } 11988 if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) { 11989 return false; 11990 } 11991 } 11992 } 11993 boolean allowed = (compareSignatures( 11994 bp.packageSetting.signatures.mSignatures, pkg.mSignatures) 11995 == PackageManager.SIGNATURE_MATCH) 11996 || (compareSignatures(mPlatformPackage.mSignatures, pkg.mSignatures) 11997 == PackageManager.SIGNATURE_MATCH); 11998 if (!allowed && privilegedPermission) { 11999 if (isSystemApp(pkg)) { 12000 // For updated system applications, a system permission 12001 // is granted only if it had been defined by the original application. 12002 if (pkg.isUpdatedSystemApp()) { 12003 final PackageSetting sysPs = mSettings 12004 .getDisabledSystemPkgLPr(pkg.packageName); 12005 if (sysPs != null && sysPs.getPermissionsState().hasInstallPermission(perm)) { 12006 // If the original was granted this permission, we take 12007 // that grant decision as read and propagate it to the 12008 // update. 12009 if (sysPs.isPrivileged()) { 12010 allowed = true; 12011 } 12012 } else { 12013 // The system apk may have been updated with an older 12014 // version of the one on the data partition, but which 12015 // granted a new system permission that it didn't have 12016 // before. In this case we do want to allow the app to 12017 // now get the new permission if the ancestral apk is 12018 // privileged to get it. 12019 if (sysPs != null && sysPs.pkg != null && sysPs.isPrivileged()) { 12020 for (int j = 0; j < sysPs.pkg.requestedPermissions.size(); j++) { 12021 if (perm.equals(sysPs.pkg.requestedPermissions.get(j))) { 12022 allowed = true; 12023 break; 12024 } 12025 } 12026 } 12027 // Also if a privileged parent package on the system image or any of 12028 // its children requested a privileged permission, the updated child 12029 // packages can also get the permission. 12030 if (pkg.parentPackage != null) { 12031 final PackageSetting disabledSysParentPs = mSettings 12032 .getDisabledSystemPkgLPr(pkg.parentPackage.packageName); 12033 if (disabledSysParentPs != null && disabledSysParentPs.pkg != null 12034 && disabledSysParentPs.isPrivileged()) { 12035 if (isPackageRequestingPermission(disabledSysParentPs.pkg, perm)) { 12036 allowed = true; 12037 } else if (disabledSysParentPs.pkg.childPackages != null) { 12038 final int count = disabledSysParentPs.pkg.childPackages.size(); 12039 for (int i = 0; i < count; i++) { 12040 PackageParser.Package disabledSysChildPkg = 12041 disabledSysParentPs.pkg.childPackages.get(i); 12042 if (isPackageRequestingPermission(disabledSysChildPkg, 12043 perm)) { 12044 allowed = true; 12045 break; 12046 } 12047 } 12048 } 12049 } 12050 } 12051 } 12052 } else { 12053 allowed = isPrivilegedApp(pkg); 12054 } 12055 } 12056 } 12057 if (!allowed) { 12058 if (!allowed && (bp.protectionLevel 12059 & PermissionInfo.PROTECTION_FLAG_PRE23) != 0 12060 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) { 12061 // If this was a previously normal/dangerous permission that got moved 12062 // to a system permission as part of the runtime permission redesign, then 12063 // we still want to blindly grant it to old apps. 12064 allowed = true; 12065 } 12066 if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0 12067 && pkg.packageName.equals(mRequiredInstallerPackage)) { 12068 // If this permission is to be granted to the system installer and 12069 // this app is an installer, then it gets the permission. 12070 allowed = true; 12071 } 12072 if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0 12073 && pkg.packageName.equals(mRequiredVerifierPackage)) { 12074 // If this permission is to be granted to the system verifier and 12075 // this app is a verifier, then it gets the permission. 12076 allowed = true; 12077 } 12078 if (!allowed && (bp.protectionLevel 12079 & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0 12080 && isSystemApp(pkg)) { 12081 // Any pre-installed system app is allowed to get this permission. 12082 allowed = true; 12083 } 12084 if (!allowed && (bp.protectionLevel 12085 & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) { 12086 // For development permissions, a development permission 12087 // is granted only if it was already granted. 12088 allowed = origPermissions.hasInstallPermission(perm); 12089 } 12090 if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_SETUP) != 0 12091 && pkg.packageName.equals(mSetupWizardPackage)) { 12092 // If this permission is to be granted to the system setup wizard and 12093 // this app is a setup wizard, then it gets the permission. 12094 allowed = true; 12095 } 12096 } 12097 return allowed; 12098 } 12099 12100 private boolean isPackageRequestingPermission(PackageParser.Package pkg, String permission) { 12101 final int permCount = pkg.requestedPermissions.size(); 12102 for (int j = 0; j < permCount; j++) { 12103 String requestedPermission = pkg.requestedPermissions.get(j); 12104 if (permission.equals(requestedPermission)) { 12105 return true; 12106 } 12107 } 12108 return false; 12109 } 12110 12111 final class ActivityIntentResolver 12112 extends IntentResolver<PackageParser.ActivityIntentInfo, ResolveInfo> { 12113 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, 12114 boolean defaultOnly, int userId) { 12115 if (!sUserManager.exists(userId)) return null; 12116 mFlags = (defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0); 12117 return super.queryIntent(intent, resolvedType, defaultOnly, userId); 12118 } 12119 12120 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, int flags, 12121 int userId) { 12122 if (!sUserManager.exists(userId)) return null; 12123 mFlags = flags; 12124 return super.queryIntent(intent, resolvedType, 12125 (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, 12126 userId); 12127 } 12128 12129 public List<ResolveInfo> queryIntentForPackage(Intent intent, String resolvedType, 12130 int flags, ArrayList<PackageParser.Activity> packageActivities, int userId) { 12131 if (!sUserManager.exists(userId)) return null; 12132 if (packageActivities == null) { 12133 return null; 12134 } 12135 mFlags = flags; 12136 final boolean defaultOnly = (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0; 12137 final int N = packageActivities.size(); 12138 ArrayList<PackageParser.ActivityIntentInfo[]> listCut = 12139 new ArrayList<PackageParser.ActivityIntentInfo[]>(N); 12140 12141 ArrayList<PackageParser.ActivityIntentInfo> intentFilters; 12142 for (int i = 0; i < N; ++i) { 12143 intentFilters = packageActivities.get(i).intents; 12144 if (intentFilters != null && intentFilters.size() > 0) { 12145 PackageParser.ActivityIntentInfo[] array = 12146 new PackageParser.ActivityIntentInfo[intentFilters.size()]; 12147 intentFilters.toArray(array); 12148 listCut.add(array); 12149 } 12150 } 12151 return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); 12152 } 12153 12154 /** 12155 * Finds a privileged activity that matches the specified activity names. 12156 */ 12157 private PackageParser.Activity findMatchingActivity( 12158 List<PackageParser.Activity> activityList, ActivityInfo activityInfo) { 12159 for (PackageParser.Activity sysActivity : activityList) { 12160 if (sysActivity.info.name.equals(activityInfo.name)) { 12161 return sysActivity; 12162 } 12163 if (sysActivity.info.name.equals(activityInfo.targetActivity)) { 12164 return sysActivity; 12165 } 12166 if (sysActivity.info.targetActivity != null) { 12167 if (sysActivity.info.targetActivity.equals(activityInfo.name)) { 12168 return sysActivity; 12169 } 12170 if (sysActivity.info.targetActivity.equals(activityInfo.targetActivity)) { 12171 return sysActivity; 12172 } 12173 } 12174 } 12175 return null; 12176 } 12177 12178 public class IterGenerator<E> { 12179 public Iterator<E> generate(ActivityIntentInfo info) { 12180 return null; 12181 } 12182 } 12183 12184 public class ActionIterGenerator extends IterGenerator<String> { 12185 @Override 12186 public Iterator<String> generate(ActivityIntentInfo info) { 12187 return info.actionsIterator(); 12188 } 12189 } 12190 12191 public class CategoriesIterGenerator extends IterGenerator<String> { 12192 @Override 12193 public Iterator<String> generate(ActivityIntentInfo info) { 12194 return info.categoriesIterator(); 12195 } 12196 } 12197 12198 public class SchemesIterGenerator extends IterGenerator<String> { 12199 @Override 12200 public Iterator<String> generate(ActivityIntentInfo info) { 12201 return info.schemesIterator(); 12202 } 12203 } 12204 12205 public class AuthoritiesIterGenerator extends IterGenerator<IntentFilter.AuthorityEntry> { 12206 @Override 12207 public Iterator<IntentFilter.AuthorityEntry> generate(ActivityIntentInfo info) { 12208 return info.authoritiesIterator(); 12209 } 12210 } 12211 12212 /** 12213 * <em>WARNING</em> for performance reasons, the passed in intentList WILL BE 12214 * MODIFIED. Do not pass in a list that should not be changed. 12215 */ 12216 private <T> void getIntentListSubset(List<ActivityIntentInfo> intentList, 12217 IterGenerator<T> generator, Iterator<T> searchIterator) { 12218 // loop through the set of actions; every one must be found in the intent filter 12219 while (searchIterator.hasNext()) { 12220 // we must have at least one filter in the list to consider a match 12221 if (intentList.size() == 0) { 12222 break; 12223 } 12224 12225 final T searchAction = searchIterator.next(); 12226 12227 // loop through the set of intent filters 12228 final Iterator<ActivityIntentInfo> intentIter = intentList.iterator(); 12229 while (intentIter.hasNext()) { 12230 final ActivityIntentInfo intentInfo = intentIter.next(); 12231 boolean selectionFound = false; 12232 12233 // loop through the intent filter's selection criteria; at least one 12234 // of them must match the searched criteria 12235 final Iterator<T> intentSelectionIter = generator.generate(intentInfo); 12236 while (intentSelectionIter != null && intentSelectionIter.hasNext()) { 12237 final T intentSelection = intentSelectionIter.next(); 12238 if (intentSelection != null && intentSelection.equals(searchAction)) { 12239 selectionFound = true; 12240 break; 12241 } 12242 } 12243 12244 // the selection criteria wasn't found in this filter's set; this filter 12245 // is not a potential match 12246 if (!selectionFound) { 12247 intentIter.remove(); 12248 } 12249 } 12250 } 12251 } 12252 12253 private boolean isProtectedAction(ActivityIntentInfo filter) { 12254 final Iterator<String> actionsIter = filter.actionsIterator(); 12255 while (actionsIter != null && actionsIter.hasNext()) { 12256 final String filterAction = actionsIter.next(); 12257 if (PROTECTED_ACTIONS.contains(filterAction)) { 12258 return true; 12259 } 12260 } 12261 return false; 12262 } 12263 12264 /** 12265 * Adjusts the priority of the given intent filter according to policy. 12266 * <p> 12267 * <ul> 12268 * <li>The priority for non privileged applications is capped to '0'</li> 12269 * <li>The priority for protected actions on privileged applications is capped to '0'</li> 12270 * <li>The priority for unbundled updates to privileged applications is capped to the 12271 * priority defined on the system partition</li> 12272 * </ul> 12273 * <p> 12274 * <em>NOTE:</em> There is one exception. For security reasons, the setup wizard is 12275 * allowed to obtain any priority on any action. 12276 */ 12277 private void adjustPriority( 12278 List<PackageParser.Activity> systemActivities, ActivityIntentInfo intent) { 12279 // nothing to do; priority is fine as-is 12280 if (intent.getPriority() <= 0) { 12281 return; 12282 } 12283 12284 final ActivityInfo activityInfo = intent.activity.info; 12285 final ApplicationInfo applicationInfo = activityInfo.applicationInfo; 12286 12287 final boolean privilegedApp = 12288 ((applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0); 12289 if (!privilegedApp) { 12290 // non-privileged applications can never define a priority >0 12291 Slog.w(TAG, "Non-privileged app; cap priority to 0;" 12292 + " package: " + applicationInfo.packageName 12293 + " activity: " + intent.activity.className 12294 + " origPrio: " + intent.getPriority()); 12295 intent.setPriority(0); 12296 return; 12297 } 12298 12299 if (systemActivities == null) { 12300 // the system package is not disabled; we're parsing the system partition 12301 if (isProtectedAction(intent)) { 12302 if (mDeferProtectedFilters) { 12303 // We can't deal with these just yet. No component should ever obtain a 12304 // >0 priority for a protected actions, with ONE exception -- the setup 12305 // wizard. The setup wizard, however, cannot be known until we're able to 12306 // query it for the category CATEGORY_SETUP_WIZARD. Which we can't do 12307 // until all intent filters have been processed. Chicken, meet egg. 12308 // Let the filter temporarily have a high priority and rectify the 12309 // priorities after all system packages have been scanned. 12310 mProtectedFilters.add(intent); 12311 if (DEBUG_FILTERS) { 12312 Slog.i(TAG, "Protected action; save for later;" 12313 + " package: " + applicationInfo.packageName 12314 + " activity: " + intent.activity.className 12315 + " origPrio: " + intent.getPriority()); 12316 } 12317 return; 12318 } else { 12319 if (DEBUG_FILTERS && mSetupWizardPackage == null) { 12320 Slog.i(TAG, "No setup wizard;" 12321 + " All protected intents capped to priority 0"); 12322 } 12323 if (intent.activity.info.packageName.equals(mSetupWizardPackage)) { 12324 if (DEBUG_FILTERS) { 12325 Slog.i(TAG, "Found setup wizard;" 12326 + " allow priority " + intent.getPriority() + ";" 12327 + " package: " + intent.activity.info.packageName 12328 + " activity: " + intent.activity.className 12329 + " priority: " + intent.getPriority()); 12330 } 12331 // setup wizard gets whatever it wants 12332 return; 12333 } 12334 Slog.w(TAG, "Protected action; cap priority to 0;" 12335 + " package: " + intent.activity.info.packageName 12336 + " activity: " + intent.activity.className 12337 + " origPrio: " + intent.getPriority()); 12338 intent.setPriority(0); 12339 return; 12340 } 12341 } 12342 // privileged apps on the system image get whatever priority they request 12343 return; 12344 } 12345 12346 // privileged app unbundled update ... try to find the same activity 12347 final PackageParser.Activity foundActivity = 12348 findMatchingActivity(systemActivities, activityInfo); 12349 if (foundActivity == null) { 12350 // this is a new activity; it cannot obtain >0 priority 12351 if (DEBUG_FILTERS) { 12352 Slog.i(TAG, "New activity; cap priority to 0;" 12353 + " package: " + applicationInfo.packageName 12354 + " activity: " + intent.activity.className 12355 + " origPrio: " + intent.getPriority()); 12356 } 12357 intent.setPriority(0); 12358 return; 12359 } 12360 12361 // found activity, now check for filter equivalence 12362 12363 // a shallow copy is enough; we modify the list, not its contents 12364 final List<ActivityIntentInfo> intentListCopy = 12365 new ArrayList<>(foundActivity.intents); 12366 final List<ActivityIntentInfo> foundFilters = findFilters(intent); 12367 12368 // find matching action subsets 12369 final Iterator<String> actionsIterator = intent.actionsIterator(); 12370 if (actionsIterator != null) { 12371 getIntentListSubset( 12372 intentListCopy, new ActionIterGenerator(), actionsIterator); 12373 if (intentListCopy.size() == 0) { 12374 // no more intents to match; we're not equivalent 12375 if (DEBUG_FILTERS) { 12376 Slog.i(TAG, "Mismatched action; cap priority to 0;" 12377 + " package: " + applicationInfo.packageName 12378 + " activity: " + intent.activity.className 12379 + " origPrio: " + intent.getPriority()); 12380 } 12381 intent.setPriority(0); 12382 return; 12383 } 12384 } 12385 12386 // find matching category subsets 12387 final Iterator<String> categoriesIterator = intent.categoriesIterator(); 12388 if (categoriesIterator != null) { 12389 getIntentListSubset(intentListCopy, new CategoriesIterGenerator(), 12390 categoriesIterator); 12391 if (intentListCopy.size() == 0) { 12392 // no more intents to match; we're not equivalent 12393 if (DEBUG_FILTERS) { 12394 Slog.i(TAG, "Mismatched category; cap priority to 0;" 12395 + " package: " + applicationInfo.packageName 12396 + " activity: " + intent.activity.className 12397 + " origPrio: " + intent.getPriority()); 12398 } 12399 intent.setPriority(0); 12400 return; 12401 } 12402 } 12403 12404 // find matching schemes subsets 12405 final Iterator<String> schemesIterator = intent.schemesIterator(); 12406 if (schemesIterator != null) { 12407 getIntentListSubset(intentListCopy, new SchemesIterGenerator(), 12408 schemesIterator); 12409 if (intentListCopy.size() == 0) { 12410 // no more intents to match; we're not equivalent 12411 if (DEBUG_FILTERS) { 12412 Slog.i(TAG, "Mismatched scheme; cap priority to 0;" 12413 + " package: " + applicationInfo.packageName 12414 + " activity: " + intent.activity.className 12415 + " origPrio: " + intent.getPriority()); 12416 } 12417 intent.setPriority(0); 12418 return; 12419 } 12420 } 12421 12422 // find matching authorities subsets 12423 final Iterator<IntentFilter.AuthorityEntry> 12424 authoritiesIterator = intent.authoritiesIterator(); 12425 if (authoritiesIterator != null) { 12426 getIntentListSubset(intentListCopy, 12427 new AuthoritiesIterGenerator(), 12428 authoritiesIterator); 12429 if (intentListCopy.size() == 0) { 12430 // no more intents to match; we're not equivalent 12431 if (DEBUG_FILTERS) { 12432 Slog.i(TAG, "Mismatched authority; cap priority to 0;" 12433 + " package: " + applicationInfo.packageName 12434 + " activity: " + intent.activity.className 12435 + " origPrio: " + intent.getPriority()); 12436 } 12437 intent.setPriority(0); 12438 return; 12439 } 12440 } 12441 12442 // we found matching filter(s); app gets the max priority of all intents 12443 int cappedPriority = 0; 12444 for (int i = intentListCopy.size() - 1; i >= 0; --i) { 12445 cappedPriority = Math.max(cappedPriority, intentListCopy.get(i).getPriority()); 12446 } 12447 if (intent.getPriority() > cappedPriority) { 12448 if (DEBUG_FILTERS) { 12449 Slog.i(TAG, "Found matching filter(s);" 12450 + " cap priority to " + cappedPriority + ";" 12451 + " package: " + applicationInfo.packageName 12452 + " activity: " + intent.activity.className 12453 + " origPrio: " + intent.getPriority()); 12454 } 12455 intent.setPriority(cappedPriority); 12456 return; 12457 } 12458 // all this for nothing; the requested priority was <= what was on the system 12459 } 12460 12461 public final void addActivity(PackageParser.Activity a, String type) { 12462 mActivities.put(a.getComponentName(), a); 12463 if (DEBUG_SHOW_INFO) 12464 Log.v( 12465 TAG, " " + type + " " + 12466 (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel : a.info.name) + ":"); 12467 if (DEBUG_SHOW_INFO) 12468 Log.v(TAG, " Class=" + a.info.name); 12469 final int NI = a.intents.size(); 12470 for (int j=0; j<NI; j++) { 12471 PackageParser.ActivityIntentInfo intent = a.intents.get(j); 12472 if ("activity".equals(type)) { 12473 final PackageSetting ps = 12474 mSettings.getDisabledSystemPkgLPr(intent.activity.info.packageName); 12475 final List<PackageParser.Activity> systemActivities = 12476 ps != null && ps.pkg != null ? ps.pkg.activities : null; 12477 adjustPriority(systemActivities, intent); 12478 } 12479 if (DEBUG_SHOW_INFO) { 12480 Log.v(TAG, " IntentFilter:"); 12481 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12482 } 12483 if (!intent.debugCheck()) { 12484 Log.w(TAG, "==> For Activity " + a.info.name); 12485 } 12486 addFilter(intent); 12487 } 12488 } 12489 12490 public final void removeActivity(PackageParser.Activity a, String type) { 12491 mActivities.remove(a.getComponentName()); 12492 if (DEBUG_SHOW_INFO) { 12493 Log.v(TAG, " " + type + " " 12494 + (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel 12495 : a.info.name) + ":"); 12496 Log.v(TAG, " Class=" + a.info.name); 12497 } 12498 final int NI = a.intents.size(); 12499 for (int j=0; j<NI; j++) { 12500 PackageParser.ActivityIntentInfo intent = a.intents.get(j); 12501 if (DEBUG_SHOW_INFO) { 12502 Log.v(TAG, " IntentFilter:"); 12503 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12504 } 12505 removeFilter(intent); 12506 } 12507 } 12508 12509 @Override 12510 protected boolean allowFilterResult( 12511 PackageParser.ActivityIntentInfo filter, List<ResolveInfo> dest) { 12512 ActivityInfo filterAi = filter.activity.info; 12513 for (int i=dest.size()-1; i>=0; i--) { 12514 ActivityInfo destAi = dest.get(i).activityInfo; 12515 if (destAi.name == filterAi.name 12516 && destAi.packageName == filterAi.packageName) { 12517 return false; 12518 } 12519 } 12520 return true; 12521 } 12522 12523 @Override 12524 protected ActivityIntentInfo[] newArray(int size) { 12525 return new ActivityIntentInfo[size]; 12526 } 12527 12528 @Override 12529 protected boolean isFilterStopped(PackageParser.ActivityIntentInfo filter, int userId) { 12530 if (!sUserManager.exists(userId)) return true; 12531 PackageParser.Package p = filter.activity.owner; 12532 if (p != null) { 12533 PackageSetting ps = (PackageSetting)p.mExtras; 12534 if (ps != null) { 12535 // System apps are never considered stopped for purposes of 12536 // filtering, because there may be no way for the user to 12537 // actually re-launch them. 12538 return (ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0 12539 && ps.getStopped(userId); 12540 } 12541 } 12542 return false; 12543 } 12544 12545 @Override 12546 protected boolean isPackageForFilter(String packageName, 12547 PackageParser.ActivityIntentInfo info) { 12548 return packageName.equals(info.activity.owner.packageName); 12549 } 12550 12551 @Override 12552 protected ResolveInfo newResult(PackageParser.ActivityIntentInfo info, 12553 int match, int userId) { 12554 if (!sUserManager.exists(userId)) return null; 12555 if (!mSettings.isEnabledAndMatchLPr(info.activity.info, mFlags, userId)) { 12556 return null; 12557 } 12558 final PackageParser.Activity activity = info.activity; 12559 PackageSetting ps = (PackageSetting) activity.owner.mExtras; 12560 if (ps == null) { 12561 return null; 12562 } 12563 final PackageUserState userState = ps.readUserState(userId); 12564 ActivityInfo ai = generateActivityInfo(activity, mFlags, userState, userId); 12565 if (ai == null) { 12566 return null; 12567 } 12568 final boolean matchExplicitlyVisibleOnly = 12569 (mFlags & PackageManager.MATCH_EXPLICITLY_VISIBLE_ONLY) != 0; 12570 final boolean matchVisibleToInstantApp = 12571 (mFlags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 12572 final boolean componentVisible = 12573 matchVisibleToInstantApp 12574 && info.isVisibleToInstantApp() 12575 && (!matchExplicitlyVisibleOnly || info.isExplicitlyVisibleToInstantApp()); 12576 final boolean matchInstantApp = (mFlags & PackageManager.MATCH_INSTANT) != 0; 12577 // throw out filters that aren't visible to ephemeral apps 12578 if (matchVisibleToInstantApp && !(componentVisible || userState.instantApp)) { 12579 return null; 12580 } 12581 // throw out instant app filters if we're not explicitly requesting them 12582 if (!matchInstantApp && userState.instantApp) { 12583 return null; 12584 } 12585 // throw out instant app filters if updates are available; will trigger 12586 // instant app resolution 12587 if (userState.instantApp && ps.isUpdateAvailable()) { 12588 return null; 12589 } 12590 final ResolveInfo res = new ResolveInfo(); 12591 res.activityInfo = ai; 12592 if ((mFlags&PackageManager.GET_RESOLVED_FILTER) != 0) { 12593 res.filter = info; 12594 } 12595 if (info != null) { 12596 res.handleAllWebDataURI = info.handleAllWebDataURI(); 12597 } 12598 res.priority = info.getPriority(); 12599 res.preferredOrder = activity.owner.mPreferredOrder; 12600 //System.out.println("Result: " + res.activityInfo.className + 12601 // " = " + res.priority); 12602 res.match = match; 12603 res.isDefault = info.hasDefault; 12604 res.labelRes = info.labelRes; 12605 res.nonLocalizedLabel = info.nonLocalizedLabel; 12606 if (userNeedsBadging(userId)) { 12607 res.noResourceId = true; 12608 } else { 12609 res.icon = info.icon; 12610 } 12611 res.iconResourceId = info.icon; 12612 res.system = res.activityInfo.applicationInfo.isSystemApp(); 12613 res.isInstantAppAvailable = userState.instantApp; 12614 return res; 12615 } 12616 12617 @Override 12618 protected void sortResults(List<ResolveInfo> results) { 12619 Collections.sort(results, mResolvePrioritySorter); 12620 } 12621 12622 @Override 12623 protected void dumpFilter(PrintWriter out, String prefix, 12624 PackageParser.ActivityIntentInfo filter) { 12625 out.print(prefix); out.print( 12626 Integer.toHexString(System.identityHashCode(filter.activity))); 12627 out.print(' '); 12628 filter.activity.printComponentShortName(out); 12629 out.print(" filter "); 12630 out.println(Integer.toHexString(System.identityHashCode(filter))); 12631 } 12632 12633 @Override 12634 protected Object filterToLabel(PackageParser.ActivityIntentInfo filter) { 12635 return filter.activity; 12636 } 12637 12638 protected void dumpFilterLabel(PrintWriter out, String prefix, Object label, int count) { 12639 PackageParser.Activity activity = (PackageParser.Activity)label; 12640 out.print(prefix); out.print( 12641 Integer.toHexString(System.identityHashCode(activity))); 12642 out.print(' '); 12643 activity.printComponentShortName(out); 12644 if (count > 1) { 12645 out.print(" ("); out.print(count); out.print(" filters)"); 12646 } 12647 out.println(); 12648 } 12649 12650 // Keys are String (activity class name), values are Activity. 12651 private final ArrayMap<ComponentName, PackageParser.Activity> mActivities 12652 = new ArrayMap<ComponentName, PackageParser.Activity>(); 12653 private int mFlags; 12654 } 12655 12656 private final class ServiceIntentResolver 12657 extends IntentResolver<PackageParser.ServiceIntentInfo, ResolveInfo> { 12658 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, 12659 boolean defaultOnly, int userId) { 12660 mFlags = defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0; 12661 return super.queryIntent(intent, resolvedType, defaultOnly, userId); 12662 } 12663 12664 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, int flags, 12665 int userId) { 12666 if (!sUserManager.exists(userId)) return null; 12667 mFlags = flags; 12668 return super.queryIntent(intent, resolvedType, 12669 (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, 12670 userId); 12671 } 12672 12673 public List<ResolveInfo> queryIntentForPackage(Intent intent, String resolvedType, 12674 int flags, ArrayList<PackageParser.Service> packageServices, int userId) { 12675 if (!sUserManager.exists(userId)) return null; 12676 if (packageServices == null) { 12677 return null; 12678 } 12679 mFlags = flags; 12680 final boolean defaultOnly = (flags&PackageManager.MATCH_DEFAULT_ONLY) != 0; 12681 final int N = packageServices.size(); 12682 ArrayList<PackageParser.ServiceIntentInfo[]> listCut = 12683 new ArrayList<PackageParser.ServiceIntentInfo[]>(N); 12684 12685 ArrayList<PackageParser.ServiceIntentInfo> intentFilters; 12686 for (int i = 0; i < N; ++i) { 12687 intentFilters = packageServices.get(i).intents; 12688 if (intentFilters != null && intentFilters.size() > 0) { 12689 PackageParser.ServiceIntentInfo[] array = 12690 new PackageParser.ServiceIntentInfo[intentFilters.size()]; 12691 intentFilters.toArray(array); 12692 listCut.add(array); 12693 } 12694 } 12695 return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); 12696 } 12697 12698 public final void addService(PackageParser.Service s) { 12699 mServices.put(s.getComponentName(), s); 12700 if (DEBUG_SHOW_INFO) { 12701 Log.v(TAG, " " 12702 + (s.info.nonLocalizedLabel != null 12703 ? s.info.nonLocalizedLabel : s.info.name) + ":"); 12704 Log.v(TAG, " Class=" + s.info.name); 12705 } 12706 final int NI = s.intents.size(); 12707 int j; 12708 for (j=0; j<NI; j++) { 12709 PackageParser.ServiceIntentInfo intent = s.intents.get(j); 12710 if (DEBUG_SHOW_INFO) { 12711 Log.v(TAG, " IntentFilter:"); 12712 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12713 } 12714 if (!intent.debugCheck()) { 12715 Log.w(TAG, "==> For Service " + s.info.name); 12716 } 12717 addFilter(intent); 12718 } 12719 } 12720 12721 public final void removeService(PackageParser.Service s) { 12722 mServices.remove(s.getComponentName()); 12723 if (DEBUG_SHOW_INFO) { 12724 Log.v(TAG, " " + (s.info.nonLocalizedLabel != null 12725 ? s.info.nonLocalizedLabel : s.info.name) + ":"); 12726 Log.v(TAG, " Class=" + s.info.name); 12727 } 12728 final int NI = s.intents.size(); 12729 int j; 12730 for (j=0; j<NI; j++) { 12731 PackageParser.ServiceIntentInfo intent = s.intents.get(j); 12732 if (DEBUG_SHOW_INFO) { 12733 Log.v(TAG, " IntentFilter:"); 12734 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12735 } 12736 removeFilter(intent); 12737 } 12738 } 12739 12740 @Override 12741 protected boolean allowFilterResult( 12742 PackageParser.ServiceIntentInfo filter, List<ResolveInfo> dest) { 12743 ServiceInfo filterSi = filter.service.info; 12744 for (int i=dest.size()-1; i>=0; i--) { 12745 ServiceInfo destAi = dest.get(i).serviceInfo; 12746 if (destAi.name == filterSi.name 12747 && destAi.packageName == filterSi.packageName) { 12748 return false; 12749 } 12750 } 12751 return true; 12752 } 12753 12754 @Override 12755 protected PackageParser.ServiceIntentInfo[] newArray(int size) { 12756 return new PackageParser.ServiceIntentInfo[size]; 12757 } 12758 12759 @Override 12760 protected boolean isFilterStopped(PackageParser.ServiceIntentInfo filter, int userId) { 12761 if (!sUserManager.exists(userId)) return true; 12762 PackageParser.Package p = filter.service.owner; 12763 if (p != null) { 12764 PackageSetting ps = (PackageSetting)p.mExtras; 12765 if (ps != null) { 12766 // System apps are never considered stopped for purposes of 12767 // filtering, because there may be no way for the user to 12768 // actually re-launch them. 12769 return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0 12770 && ps.getStopped(userId); 12771 } 12772 } 12773 return false; 12774 } 12775 12776 @Override 12777 protected boolean isPackageForFilter(String packageName, 12778 PackageParser.ServiceIntentInfo info) { 12779 return packageName.equals(info.service.owner.packageName); 12780 } 12781 12782 @Override 12783 protected ResolveInfo newResult(PackageParser.ServiceIntentInfo filter, 12784 int match, int userId) { 12785 if (!sUserManager.exists(userId)) return null; 12786 final PackageParser.ServiceIntentInfo info = (PackageParser.ServiceIntentInfo)filter; 12787 if (!mSettings.isEnabledAndMatchLPr(info.service.info, mFlags, userId)) { 12788 return null; 12789 } 12790 final PackageParser.Service service = info.service; 12791 PackageSetting ps = (PackageSetting) service.owner.mExtras; 12792 if (ps == null) { 12793 return null; 12794 } 12795 final PackageUserState userState = ps.readUserState(userId); 12796 ServiceInfo si = PackageParser.generateServiceInfo(service, mFlags, 12797 userState, userId); 12798 if (si == null) { 12799 return null; 12800 } 12801 final boolean matchVisibleToInstantApp = 12802 (mFlags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 12803 final boolean isInstantApp = (mFlags & PackageManager.MATCH_INSTANT) != 0; 12804 // throw out filters that aren't visible to ephemeral apps 12805 if (matchVisibleToInstantApp 12806 && !(info.isVisibleToInstantApp() || userState.instantApp)) { 12807 return null; 12808 } 12809 // throw out ephemeral filters if we're not explicitly requesting them 12810 if (!isInstantApp && userState.instantApp) { 12811 return null; 12812 } 12813 // throw out instant app filters if updates are available; will trigger 12814 // instant app resolution 12815 if (userState.instantApp && ps.isUpdateAvailable()) { 12816 return null; 12817 } 12818 final ResolveInfo res = new ResolveInfo(); 12819 res.serviceInfo = si; 12820 if ((mFlags&PackageManager.GET_RESOLVED_FILTER) != 0) { 12821 res.filter = filter; 12822 } 12823 res.priority = info.getPriority(); 12824 res.preferredOrder = service.owner.mPreferredOrder; 12825 res.match = match; 12826 res.isDefault = info.hasDefault; 12827 res.labelRes = info.labelRes; 12828 res.nonLocalizedLabel = info.nonLocalizedLabel; 12829 res.icon = info.icon; 12830 res.system = res.serviceInfo.applicationInfo.isSystemApp(); 12831 return res; 12832 } 12833 12834 @Override 12835 protected void sortResults(List<ResolveInfo> results) { 12836 Collections.sort(results, mResolvePrioritySorter); 12837 } 12838 12839 @Override 12840 protected void dumpFilter(PrintWriter out, String prefix, 12841 PackageParser.ServiceIntentInfo filter) { 12842 out.print(prefix); out.print( 12843 Integer.toHexString(System.identityHashCode(filter.service))); 12844 out.print(' '); 12845 filter.service.printComponentShortName(out); 12846 out.print(" filter "); 12847 out.println(Integer.toHexString(System.identityHashCode(filter))); 12848 } 12849 12850 @Override 12851 protected Object filterToLabel(PackageParser.ServiceIntentInfo filter) { 12852 return filter.service; 12853 } 12854 12855 protected void dumpFilterLabel(PrintWriter out, String prefix, Object label, int count) { 12856 PackageParser.Service service = (PackageParser.Service)label; 12857 out.print(prefix); out.print( 12858 Integer.toHexString(System.identityHashCode(service))); 12859 out.print(' '); 12860 service.printComponentShortName(out); 12861 if (count > 1) { 12862 out.print(" ("); out.print(count); out.print(" filters)"); 12863 } 12864 out.println(); 12865 } 12866 12867// List<ResolveInfo> filterEnabled(List<ResolveInfo> resolveInfoList) { 12868// final Iterator<ResolveInfo> i = resolveInfoList.iterator(); 12869// final List<ResolveInfo> retList = Lists.newArrayList(); 12870// while (i.hasNext()) { 12871// final ResolveInfo resolveInfo = (ResolveInfo) i; 12872// if (isEnabledLP(resolveInfo.serviceInfo)) { 12873// retList.add(resolveInfo); 12874// } 12875// } 12876// return retList; 12877// } 12878 12879 // Keys are String (activity class name), values are Activity. 12880 private final ArrayMap<ComponentName, PackageParser.Service> mServices 12881 = new ArrayMap<ComponentName, PackageParser.Service>(); 12882 private int mFlags; 12883 } 12884 12885 private final class ProviderIntentResolver 12886 extends IntentResolver<PackageParser.ProviderIntentInfo, ResolveInfo> { 12887 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, 12888 boolean defaultOnly, int userId) { 12889 mFlags = defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0; 12890 return super.queryIntent(intent, resolvedType, defaultOnly, userId); 12891 } 12892 12893 public List<ResolveInfo> queryIntent(Intent intent, String resolvedType, int flags, 12894 int userId) { 12895 if (!sUserManager.exists(userId)) 12896 return null; 12897 mFlags = flags; 12898 return super.queryIntent(intent, resolvedType, 12899 (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, 12900 userId); 12901 } 12902 12903 public List<ResolveInfo> queryIntentForPackage(Intent intent, String resolvedType, 12904 int flags, ArrayList<PackageParser.Provider> packageProviders, int userId) { 12905 if (!sUserManager.exists(userId)) 12906 return null; 12907 if (packageProviders == null) { 12908 return null; 12909 } 12910 mFlags = flags; 12911 final boolean defaultOnly = (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0; 12912 final int N = packageProviders.size(); 12913 ArrayList<PackageParser.ProviderIntentInfo[]> listCut = 12914 new ArrayList<PackageParser.ProviderIntentInfo[]>(N); 12915 12916 ArrayList<PackageParser.ProviderIntentInfo> intentFilters; 12917 for (int i = 0; i < N; ++i) { 12918 intentFilters = packageProviders.get(i).intents; 12919 if (intentFilters != null && intentFilters.size() > 0) { 12920 PackageParser.ProviderIntentInfo[] array = 12921 new PackageParser.ProviderIntentInfo[intentFilters.size()]; 12922 intentFilters.toArray(array); 12923 listCut.add(array); 12924 } 12925 } 12926 return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); 12927 } 12928 12929 public final void addProvider(PackageParser.Provider p) { 12930 if (mProviders.containsKey(p.getComponentName())) { 12931 Slog.w(TAG, "Provider " + p.getComponentName() + " already defined; ignoring"); 12932 return; 12933 } 12934 12935 mProviders.put(p.getComponentName(), p); 12936 if (DEBUG_SHOW_INFO) { 12937 Log.v(TAG, " " 12938 + (p.info.nonLocalizedLabel != null 12939 ? p.info.nonLocalizedLabel : p.info.name) + ":"); 12940 Log.v(TAG, " Class=" + p.info.name); 12941 } 12942 final int NI = p.intents.size(); 12943 int j; 12944 for (j = 0; j < NI; j++) { 12945 PackageParser.ProviderIntentInfo intent = p.intents.get(j); 12946 if (DEBUG_SHOW_INFO) { 12947 Log.v(TAG, " IntentFilter:"); 12948 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12949 } 12950 if (!intent.debugCheck()) { 12951 Log.w(TAG, "==> For Provider " + p.info.name); 12952 } 12953 addFilter(intent); 12954 } 12955 } 12956 12957 public final void removeProvider(PackageParser.Provider p) { 12958 mProviders.remove(p.getComponentName()); 12959 if (DEBUG_SHOW_INFO) { 12960 Log.v(TAG, " " + (p.info.nonLocalizedLabel != null 12961 ? p.info.nonLocalizedLabel : p.info.name) + ":"); 12962 Log.v(TAG, " Class=" + p.info.name); 12963 } 12964 final int NI = p.intents.size(); 12965 int j; 12966 for (j = 0; j < NI; j++) { 12967 PackageParser.ProviderIntentInfo intent = p.intents.get(j); 12968 if (DEBUG_SHOW_INFO) { 12969 Log.v(TAG, " IntentFilter:"); 12970 intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); 12971 } 12972 removeFilter(intent); 12973 } 12974 } 12975 12976 @Override 12977 protected boolean allowFilterResult( 12978 PackageParser.ProviderIntentInfo filter, List<ResolveInfo> dest) { 12979 ProviderInfo filterPi = filter.provider.info; 12980 for (int i = dest.size() - 1; i >= 0; i--) { 12981 ProviderInfo destPi = dest.get(i).providerInfo; 12982 if (destPi.name == filterPi.name 12983 && destPi.packageName == filterPi.packageName) { 12984 return false; 12985 } 12986 } 12987 return true; 12988 } 12989 12990 @Override 12991 protected PackageParser.ProviderIntentInfo[] newArray(int size) { 12992 return new PackageParser.ProviderIntentInfo[size]; 12993 } 12994 12995 @Override 12996 protected boolean isFilterStopped(PackageParser.ProviderIntentInfo filter, int userId) { 12997 if (!sUserManager.exists(userId)) 12998 return true; 12999 PackageParser.Package p = filter.provider.owner; 13000 if (p != null) { 13001 PackageSetting ps = (PackageSetting) p.mExtras; 13002 if (ps != null) { 13003 // System apps are never considered stopped for purposes of 13004 // filtering, because there may be no way for the user to 13005 // actually re-launch them. 13006 return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0 13007 && ps.getStopped(userId); 13008 } 13009 } 13010 return false; 13011 } 13012 13013 @Override 13014 protected boolean isPackageForFilter(String packageName, 13015 PackageParser.ProviderIntentInfo info) { 13016 return packageName.equals(info.provider.owner.packageName); 13017 } 13018 13019 @Override 13020 protected ResolveInfo newResult(PackageParser.ProviderIntentInfo filter, 13021 int match, int userId) { 13022 if (!sUserManager.exists(userId)) 13023 return null; 13024 final PackageParser.ProviderIntentInfo info = filter; 13025 if (!mSettings.isEnabledAndMatchLPr(info.provider.info, mFlags, userId)) { 13026 return null; 13027 } 13028 final PackageParser.Provider provider = info.provider; 13029 PackageSetting ps = (PackageSetting) provider.owner.mExtras; 13030 if (ps == null) { 13031 return null; 13032 } 13033 final PackageUserState userState = ps.readUserState(userId); 13034 final boolean matchVisibleToInstantApp = 13035 (mFlags & PackageManager.MATCH_VISIBLE_TO_INSTANT_APP_ONLY) != 0; 13036 final boolean isInstantApp = (mFlags & PackageManager.MATCH_INSTANT) != 0; 13037 // throw out filters that aren't visible to instant applications 13038 if (matchVisibleToInstantApp 13039 && !(info.isVisibleToInstantApp() || userState.instantApp)) { 13040 return null; 13041 } 13042 // throw out instant application filters if we're not explicitly requesting them 13043 if (!isInstantApp && userState.instantApp) { 13044 return null; 13045 } 13046 // throw out instant application filters if updates are available; will trigger 13047 // instant application resolution 13048 if (userState.instantApp && ps.isUpdateAvailable()) { 13049 return null; 13050 } 13051 ProviderInfo pi = PackageParser.generateProviderInfo(provider, mFlags, 13052 userState, userId); 13053 if (pi == null) { 13054 return null; 13055 } 13056 final ResolveInfo res = new ResolveInfo(); 13057 res.providerInfo = pi; 13058 if ((mFlags & PackageManager.GET_RESOLVED_FILTER) != 0) { 13059 res.filter = filter; 13060 } 13061 res.priority = info.getPriority(); 13062 res.preferredOrder = provider.owner.mPreferredOrder; 13063 res.match = match; 13064 res.isDefault = info.hasDefault; 13065 res.labelRes = info.labelRes; 13066 res.nonLocalizedLabel = info.nonLocalizedLabel; 13067 res.icon = info.icon; 13068 res.system = res.providerInfo.applicationInfo.isSystemApp(); 13069 return res; 13070 } 13071 13072 @Override 13073 protected void sortResults(List<ResolveInfo> results) { 13074 Collections.sort(results, mResolvePrioritySorter); 13075 } 13076 13077 @Override 13078 protected void dumpFilter(PrintWriter out, String prefix, 13079 PackageParser.ProviderIntentInfo filter) { 13080 out.print(prefix); 13081 out.print( 13082 Integer.toHexString(System.identityHashCode(filter.provider))); 13083 out.print(' '); 13084 filter.provider.printComponentShortName(out); 13085 out.print(" filter "); 13086 out.println(Integer.toHexString(System.identityHashCode(filter))); 13087 } 13088 13089 @Override 13090 protected Object filterToLabel(PackageParser.ProviderIntentInfo filter) { 13091 return filter.provider; 13092 } 13093 13094 protected void dumpFilterLabel(PrintWriter out, String prefix, Object label, int count) { 13095 PackageParser.Provider provider = (PackageParser.Provider)label; 13096 out.print(prefix); out.print( 13097 Integer.toHexString(System.identityHashCode(provider))); 13098 out.print(' '); 13099 provider.printComponentShortName(out); 13100 if (count > 1) { 13101 out.print(" ("); out.print(count); out.print(" filters)"); 13102 } 13103 out.println(); 13104 } 13105 13106 private final ArrayMap<ComponentName, PackageParser.Provider> mProviders 13107 = new ArrayMap<ComponentName, PackageParser.Provider>(); 13108 private int mFlags; 13109 } 13110 13111 static final class EphemeralIntentResolver 13112 extends IntentResolver<AuxiliaryResolveInfo, AuxiliaryResolveInfo> { 13113 /** 13114 * The result that has the highest defined order. Ordering applies on a 13115 * per-package basis. Mapping is from package name to Pair of order and 13116 * EphemeralResolveInfo. 13117 * <p> 13118 * NOTE: This is implemented as a field variable for convenience and efficiency. 13119 * By having a field variable, we're able to track filter ordering as soon as 13120 * a non-zero order is defined. Otherwise, multiple loops across the result set 13121 * would be needed to apply ordering. If the intent resolver becomes re-entrant, 13122 * this needs to be contained entirely within {@link #filterResults}. 13123 */ 13124 final ArrayMap<String, Pair<Integer, InstantAppResolveInfo>> mOrderResult = new ArrayMap<>(); 13125 13126 @Override 13127 protected AuxiliaryResolveInfo[] newArray(int size) { 13128 return new AuxiliaryResolveInfo[size]; 13129 } 13130 13131 @Override 13132 protected boolean isPackageForFilter(String packageName, AuxiliaryResolveInfo responseObj) { 13133 return true; 13134 } 13135 13136 @Override 13137 protected AuxiliaryResolveInfo newResult(AuxiliaryResolveInfo responseObj, int match, 13138 int userId) { 13139 if (!sUserManager.exists(userId)) { 13140 return null; 13141 } 13142 final String packageName = responseObj.resolveInfo.getPackageName(); 13143 final Integer order = responseObj.getOrder(); 13144 final Pair<Integer, InstantAppResolveInfo> lastOrderResult = 13145 mOrderResult.get(packageName); 13146 // ordering is enabled and this item's order isn't high enough 13147 if (lastOrderResult != null && lastOrderResult.first >= order) { 13148 return null; 13149 } 13150 final InstantAppResolveInfo res = responseObj.resolveInfo; 13151 if (order > 0) { 13152 // non-zero order, enable ordering 13153 mOrderResult.put(packageName, new Pair<>(order, res)); 13154 } 13155 return responseObj; 13156 } 13157 13158 @Override 13159 protected void filterResults(List<AuxiliaryResolveInfo> results) { 13160 // only do work if ordering is enabled [most of the time it won't be] 13161 if (mOrderResult.size() == 0) { 13162 return; 13163 } 13164 int resultSize = results.size(); 13165 for (int i = 0; i < resultSize; i++) { 13166 final InstantAppResolveInfo info = results.get(i).resolveInfo; 13167 final String packageName = info.getPackageName(); 13168 final Pair<Integer, InstantAppResolveInfo> savedInfo = mOrderResult.get(packageName); 13169 if (savedInfo == null) { 13170 // package doesn't having ordering 13171 continue; 13172 } 13173 if (savedInfo.second == info) { 13174 // circled back to the highest ordered item; remove from order list 13175 mOrderResult.remove(savedInfo); 13176 if (mOrderResult.size() == 0) { 13177 // no more ordered items 13178 break; 13179 } 13180 continue; 13181 } 13182 // item has a worse order, remove it from the result list 13183 results.remove(i); 13184 resultSize--; 13185 i--; 13186 } 13187 } 13188 } 13189 13190 private static final Comparator<ResolveInfo> mResolvePrioritySorter = 13191 new Comparator<ResolveInfo>() { 13192 public int compare(ResolveInfo r1, ResolveInfo r2) { 13193 int v1 = r1.priority; 13194 int v2 = r2.priority; 13195 //System.out.println("Comparing: q1=" + q1 + " q2=" + q2); 13196 if (v1 != v2) { 13197 return (v1 > v2) ? -1 : 1; 13198 } 13199 v1 = r1.preferredOrder; 13200 v2 = r2.preferredOrder; 13201 if (v1 != v2) { 13202 return (v1 > v2) ? -1 : 1; 13203 } 13204 if (r1.isDefault != r2.isDefault) { 13205 return r1.isDefault ? -1 : 1; 13206 } 13207 v1 = r1.match; 13208 v2 = r2.match; 13209 //System.out.println("Comparing: m1=" + m1 + " m2=" + m2); 13210 if (v1 != v2) { 13211 return (v1 > v2) ? -1 : 1; 13212 } 13213 if (r1.system != r2.system) { 13214 return r1.system ? -1 : 1; 13215 } 13216 if (r1.activityInfo != null) { 13217 return r1.activityInfo.packageName.compareTo(r2.activityInfo.packageName); 13218 } 13219 if (r1.serviceInfo != null) { 13220 return r1.serviceInfo.packageName.compareTo(r2.serviceInfo.packageName); 13221 } 13222 if (r1.providerInfo != null) { 13223 return r1.providerInfo.packageName.compareTo(r2.providerInfo.packageName); 13224 } 13225 return 0; 13226 } 13227 }; 13228 13229 private static final Comparator<ProviderInfo> mProviderInitOrderSorter = 13230 new Comparator<ProviderInfo>() { 13231 public int compare(ProviderInfo p1, ProviderInfo p2) { 13232 final int v1 = p1.initOrder; 13233 final int v2 = p2.initOrder; 13234 return (v1 > v2) ? -1 : ((v1 < v2) ? 1 : 0); 13235 } 13236 }; 13237 13238 public void sendPackageBroadcast(final String action, final String pkg, final Bundle extras, 13239 final int flags, final String targetPkg, final IIntentReceiver finishedReceiver, 13240 final int[] userIds) { 13241 mHandler.post(new Runnable() { 13242 @Override 13243 public void run() { 13244 try { 13245 final IActivityManager am = ActivityManager.getService(); 13246 if (am == null) return; 13247 final int[] resolvedUserIds; 13248 if (userIds == null) { 13249 resolvedUserIds = am.getRunningUserIds(); 13250 } else { 13251 resolvedUserIds = userIds; 13252 } 13253 for (int id : resolvedUserIds) { 13254 final Intent intent = new Intent(action, 13255 pkg != null ? Uri.fromParts(PACKAGE_SCHEME, pkg, null) : null); 13256 if (extras != null) { 13257 intent.putExtras(extras); 13258 } 13259 if (targetPkg != null) { 13260 intent.setPackage(targetPkg); 13261 } 13262 // Modify the UID when posting to other users 13263 int uid = intent.getIntExtra(Intent.EXTRA_UID, -1); 13264 if (uid > 0 && UserHandle.getUserId(uid) != id) { 13265 uid = UserHandle.getUid(id, UserHandle.getAppId(uid)); 13266 intent.putExtra(Intent.EXTRA_UID, uid); 13267 } 13268 intent.putExtra(Intent.EXTRA_USER_HANDLE, id); 13269 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT | flags); 13270 if (DEBUG_BROADCASTS) { 13271 RuntimeException here = new RuntimeException("here"); 13272 here.fillInStackTrace(); 13273 Slog.d(TAG, "Sending to user " + id + ": " 13274 + intent.toShortString(false, true, false, false) 13275 + " " + intent.getExtras(), here); 13276 } 13277 am.broadcastIntent(null, intent, null, finishedReceiver, 13278 0, null, null, null, android.app.AppOpsManager.OP_NONE, 13279 null, finishedReceiver != null, false, id); 13280 } 13281 } catch (RemoteException ex) { 13282 } 13283 } 13284 }); 13285 } 13286 13287 /** 13288 * Check if the external storage media is available. This is true if there 13289 * is a mounted external storage medium or if the external storage is 13290 * emulated. 13291 */ 13292 private boolean isExternalMediaAvailable() { 13293 return mMediaMounted || Environment.isExternalStorageEmulated(); 13294 } 13295 13296 @Override 13297 public PackageCleanItem nextPackageToClean(PackageCleanItem lastPackage) { 13298 // writer 13299 synchronized (mPackages) { 13300 if (!isExternalMediaAvailable()) { 13301 // If the external storage is no longer mounted at this point, 13302 // the caller may not have been able to delete all of this 13303 // packages files and can not delete any more. Bail. 13304 return null; 13305 } 13306 final ArrayList<PackageCleanItem> pkgs = mSettings.mPackagesToBeCleaned; 13307 if (lastPackage != null) { 13308 pkgs.remove(lastPackage); 13309 } 13310 if (pkgs.size() > 0) { 13311 return pkgs.get(0); 13312 } 13313 } 13314 return null; 13315 } 13316 13317 void schedulePackageCleaning(String packageName, int userId, boolean andCode) { 13318 final Message msg = mHandler.obtainMessage(START_CLEANING_PACKAGE, 13319 userId, andCode ? 1 : 0, packageName); 13320 if (mSystemReady) { 13321 msg.sendToTarget(); 13322 } else { 13323 if (mPostSystemReadyMessages == null) { 13324 mPostSystemReadyMessages = new ArrayList<>(); 13325 } 13326 mPostSystemReadyMessages.add(msg); 13327 } 13328 } 13329 13330 void startCleaningPackages() { 13331 // reader 13332 if (!isExternalMediaAvailable()) { 13333 return; 13334 } 13335 synchronized (mPackages) { 13336 if (mSettings.mPackagesToBeCleaned.isEmpty()) { 13337 return; 13338 } 13339 } 13340 Intent intent = new Intent(PackageManager.ACTION_CLEAN_EXTERNAL_STORAGE); 13341 intent.setComponent(DEFAULT_CONTAINER_COMPONENT); 13342 IActivityManager am = ActivityManager.getService(); 13343 if (am != null) { 13344 int dcsUid = -1; 13345 synchronized (mPackages) { 13346 if (!mDefaultContainerWhitelisted) { 13347 mDefaultContainerWhitelisted = true; 13348 PackageSetting ps = mSettings.mPackages.get(DEFAULT_CONTAINER_PACKAGE); 13349 dcsUid = UserHandle.getUid(UserHandle.USER_SYSTEM, ps.appId); 13350 } 13351 } 13352 try { 13353 if (dcsUid > 0) { 13354 am.backgroundWhitelistUid(dcsUid); 13355 } 13356 am.startService(null, intent, null, false, mContext.getOpPackageName(), 13357 UserHandle.USER_SYSTEM); 13358 } catch (RemoteException e) { 13359 } 13360 } 13361 } 13362 13363 @Override 13364 public void installPackageAsUser(String originPath, IPackageInstallObserver2 observer, 13365 int installFlags, String installerPackageName, int userId) { 13366 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null); 13367 13368 final int callingUid = Binder.getCallingUid(); 13369 enforceCrossUserPermission(callingUid, userId, 13370 true /* requireFullPermission */, true /* checkShell */, "installPackageAsUser"); 13371 13372 if (isUserRestricted(userId, UserManager.DISALLOW_INSTALL_APPS)) { 13373 try { 13374 if (observer != null) { 13375 observer.onPackageInstalled("", INSTALL_FAILED_USER_RESTRICTED, null, null); 13376 } 13377 } catch (RemoteException re) { 13378 } 13379 return; 13380 } 13381 13382 if ((callingUid == Process.SHELL_UID) || (callingUid == Process.ROOT_UID)) { 13383 installFlags |= PackageManager.INSTALL_FROM_ADB; 13384 13385 } else { 13386 // Caller holds INSTALL_PACKAGES permission, so we're less strict 13387 // about installerPackageName. 13388 13389 installFlags &= ~PackageManager.INSTALL_FROM_ADB; 13390 installFlags &= ~PackageManager.INSTALL_ALL_USERS; 13391 } 13392 13393 UserHandle user; 13394 if ((installFlags & PackageManager.INSTALL_ALL_USERS) != 0) { 13395 user = UserHandle.ALL; 13396 } else { 13397 user = new UserHandle(userId); 13398 } 13399 13400 // Only system components can circumvent runtime permissions when installing. 13401 if ((installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0 13402 && mContext.checkCallingOrSelfPermission(Manifest.permission 13403 .INSTALL_GRANT_RUNTIME_PERMISSIONS) == PackageManager.PERMISSION_DENIED) { 13404 throw new SecurityException("You need the " 13405 + "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS permission " 13406 + "to use the PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS flag"); 13407 } 13408 13409 if ((installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0 13410 || (installFlags & PackageManager.INSTALL_EXTERNAL) != 0) { 13411 throw new IllegalArgumentException( 13412 "New installs into ASEC containers no longer supported"); 13413 } 13414 13415 final File originFile = new File(originPath); 13416 final OriginInfo origin = OriginInfo.fromUntrustedFile(originFile); 13417 13418 final Message msg = mHandler.obtainMessage(INIT_COPY); 13419 final VerificationInfo verificationInfo = new VerificationInfo( 13420 null /*originatingUri*/, null /*referrer*/, -1 /*originatingUid*/, callingUid); 13421 final InstallParams params = new InstallParams(origin, null /*moveInfo*/, observer, 13422 installFlags, installerPackageName, null /*volumeUuid*/, verificationInfo, user, 13423 null /*packageAbiOverride*/, null /*grantedPermissions*/, 13424 null /*certificates*/, PackageManager.INSTALL_REASON_UNKNOWN); 13425 params.setTraceMethod("installAsUser").setTraceCookie(System.identityHashCode(params)); 13426 msg.obj = params; 13427 13428 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "installAsUser", 13429 System.identityHashCode(msg.obj)); 13430 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 13431 System.identityHashCode(msg.obj)); 13432 13433 mHandler.sendMessage(msg); 13434 } 13435 13436 13437 /** 13438 * Ensure that the install reason matches what we know about the package installer (e.g. whether 13439 * it is acting on behalf on an enterprise or the user). 13440 * 13441 * Note that the ordering of the conditionals in this method is important. The checks we perform 13442 * are as follows, in this order: 13443 * 13444 * 1) If the install is being performed by a system app, we can trust the app to have set the 13445 * install reason correctly. Thus, we pass through the install reason unchanged, no matter 13446 * what it is. 13447 * 2) If the install is being performed by a device or profile owner app, the install reason 13448 * should be enterprise policy. However, we cannot be sure that the device or profile owner 13449 * set the install reason correctly. If the app targets an older SDK version where install 13450 * reasons did not exist yet, or if the app author simply forgot, the install reason may be 13451 * unset or wrong. Thus, we force the install reason to be enterprise policy. 13452 * 3) In all other cases, the install is being performed by a regular app that is neither part 13453 * of the system nor a device or profile owner. We have no reason to believe that this app is 13454 * acting on behalf of the enterprise admin. Thus, we check whether the install reason was 13455 * set to enterprise policy and if so, change it to unknown instead. 13456 */ 13457 private int fixUpInstallReason(String installerPackageName, int installerUid, 13458 int installReason) { 13459 if (checkUidPermission(android.Manifest.permission.INSTALL_PACKAGES, installerUid) 13460 == PERMISSION_GRANTED) { 13461 // If the install is being performed by a system app, we trust that app to have set the 13462 // install reason correctly. 13463 return installReason; 13464 } 13465 13466 final IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface( 13467 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 13468 if (dpm != null) { 13469 ComponentName owner = null; 13470 try { 13471 owner = dpm.getDeviceOwnerComponent(true /* callingUserOnly */); 13472 if (owner == null) { 13473 owner = dpm.getProfileOwner(UserHandle.getUserId(installerUid)); 13474 } 13475 } catch (RemoteException e) { 13476 } 13477 if (owner != null && owner.getPackageName().equals(installerPackageName)) { 13478 // If the install is being performed by a device or profile owner, the install 13479 // reason should be enterprise policy. 13480 return PackageManager.INSTALL_REASON_POLICY; 13481 } 13482 } 13483 13484 if (installReason == PackageManager.INSTALL_REASON_POLICY) { 13485 // If the install is being performed by a regular app (i.e. neither system app nor 13486 // device or profile owner), we have no reason to believe that the app is acting on 13487 // behalf of an enterprise. If the app set the install reason to enterprise policy, 13488 // change it to unknown instead. 13489 return PackageManager.INSTALL_REASON_UNKNOWN; 13490 } 13491 13492 // If the install is being performed by a regular app and the install reason was set to any 13493 // value but enterprise policy, leave the install reason unchanged. 13494 return installReason; 13495 } 13496 13497 void installStage(String packageName, File stagedDir, String stagedCid, 13498 IPackageInstallObserver2 observer, PackageInstaller.SessionParams sessionParams, 13499 String installerPackageName, int installerUid, UserHandle user, 13500 Certificate[][] certificates) { 13501 if (DEBUG_EPHEMERAL) { 13502 if ((sessionParams.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) { 13503 Slog.d(TAG, "Ephemeral install of " + packageName); 13504 } 13505 } 13506 final VerificationInfo verificationInfo = new VerificationInfo( 13507 sessionParams.originatingUri, sessionParams.referrerUri, 13508 sessionParams.originatingUid, installerUid); 13509 13510 final OriginInfo origin; 13511 if (stagedDir != null) { 13512 origin = OriginInfo.fromStagedFile(stagedDir); 13513 } else { 13514 origin = OriginInfo.fromStagedContainer(stagedCid); 13515 } 13516 13517 final Message msg = mHandler.obtainMessage(INIT_COPY); 13518 final int installReason = fixUpInstallReason(installerPackageName, installerUid, 13519 sessionParams.installReason); 13520 final InstallParams params = new InstallParams(origin, null, observer, 13521 sessionParams.installFlags, installerPackageName, sessionParams.volumeUuid, 13522 verificationInfo, user, sessionParams.abiOverride, 13523 sessionParams.grantedRuntimePermissions, certificates, installReason); 13524 params.setTraceMethod("installStage").setTraceCookie(System.identityHashCode(params)); 13525 msg.obj = params; 13526 13527 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "installStage", 13528 System.identityHashCode(msg.obj)); 13529 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 13530 System.identityHashCode(msg.obj)); 13531 13532 mHandler.sendMessage(msg); 13533 } 13534 13535 private void sendPackageAddedForUser(String packageName, PackageSetting pkgSetting, 13536 int userId) { 13537 final boolean isSystem = isSystemApp(pkgSetting) || isUpdatedSystemApp(pkgSetting); 13538 sendPackageAddedForNewUsers(packageName, isSystem, pkgSetting.appId, userId); 13539 } 13540 13541 public void sendPackageAddedForNewUsers(String packageName, boolean isSystem, int appId, int... userIds) { 13542 if (ArrayUtils.isEmpty(userIds)) { 13543 return; 13544 } 13545 Bundle extras = new Bundle(1); 13546 // Set to UID of the first user, EXTRA_UID is automatically updated in sendPackageBroadcast 13547 extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userIds[0], appId)); 13548 13549 sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, 13550 packageName, extras, 0, null, null, userIds); 13551 if (isSystem) { 13552 mHandler.post(() -> { 13553 for (int userId : userIds) { 13554 sendBootCompletedBroadcastToSystemApp(packageName, userId); 13555 } 13556 } 13557 ); 13558 } 13559 } 13560 13561 /** 13562 * The just-installed/enabled app is bundled on the system, so presumed to be able to run 13563 * automatically without needing an explicit launch. 13564 * Send it a LOCKED_BOOT_COMPLETED/BOOT_COMPLETED if it would ordinarily have gotten ones. 13565 */ 13566 private void sendBootCompletedBroadcastToSystemApp(String packageName, int userId) { 13567 // If user is not running, the app didn't miss any broadcast 13568 if (!mUserManagerInternal.isUserRunning(userId)) { 13569 return; 13570 } 13571 final IActivityManager am = ActivityManager.getService(); 13572 try { 13573 // Deliver LOCKED_BOOT_COMPLETED first 13574 Intent lockedBcIntent = new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED) 13575 .setPackage(packageName); 13576 final String[] requiredPermissions = {Manifest.permission.RECEIVE_BOOT_COMPLETED}; 13577 am.broadcastIntent(null, lockedBcIntent, null, null, 0, null, null, requiredPermissions, 13578 android.app.AppOpsManager.OP_NONE, null, false, false, userId); 13579 13580 // Deliver BOOT_COMPLETED only if user is unlocked 13581 if (mUserManagerInternal.isUserUnlockingOrUnlocked(userId)) { 13582 Intent bcIntent = new Intent(Intent.ACTION_BOOT_COMPLETED).setPackage(packageName); 13583 am.broadcastIntent(null, bcIntent, null, null, 0, null, null, requiredPermissions, 13584 android.app.AppOpsManager.OP_NONE, null, false, false, userId); 13585 } 13586 } catch (RemoteException e) { 13587 throw e.rethrowFromSystemServer(); 13588 } 13589 } 13590 13591 @Override 13592 public boolean setApplicationHiddenSettingAsUser(String packageName, boolean hidden, 13593 int userId) { 13594 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 13595 PackageSetting pkgSetting; 13596 final int uid = Binder.getCallingUid(); 13597 enforceCrossUserPermission(uid, userId, 13598 true /* requireFullPermission */, true /* checkShell */, 13599 "setApplicationHiddenSetting for user " + userId); 13600 13601 if (hidden && isPackageDeviceAdmin(packageName, userId)) { 13602 Slog.w(TAG, "Not hiding package " + packageName + ": has active device admin"); 13603 return false; 13604 } 13605 13606 long callingId = Binder.clearCallingIdentity(); 13607 try { 13608 boolean sendAdded = false; 13609 boolean sendRemoved = false; 13610 // writer 13611 synchronized (mPackages) { 13612 pkgSetting = mSettings.mPackages.get(packageName); 13613 if (pkgSetting == null) { 13614 return false; 13615 } 13616 // Do not allow "android" is being disabled 13617 if ("android".equals(packageName)) { 13618 Slog.w(TAG, "Cannot hide package: android"); 13619 return false; 13620 } 13621 // Cannot hide static shared libs as they are considered 13622 // a part of the using app (emulating static linking). Also 13623 // static libs are installed always on internal storage. 13624 PackageParser.Package pkg = mPackages.get(packageName); 13625 if (pkg != null && pkg.staticSharedLibName != null) { 13626 Slog.w(TAG, "Cannot hide package: " + packageName 13627 + " providing static shared library: " 13628 + pkg.staticSharedLibName); 13629 return false; 13630 } 13631 // Only allow protected packages to hide themselves. 13632 if (hidden && !UserHandle.isSameApp(uid, pkgSetting.appId) 13633 && mProtectedPackages.isPackageStateProtected(userId, packageName)) { 13634 Slog.w(TAG, "Not hiding protected package: " + packageName); 13635 return false; 13636 } 13637 13638 if (pkgSetting.getHidden(userId) != hidden) { 13639 pkgSetting.setHidden(hidden, userId); 13640 mSettings.writePackageRestrictionsLPr(userId); 13641 if (hidden) { 13642 sendRemoved = true; 13643 } else { 13644 sendAdded = true; 13645 } 13646 } 13647 } 13648 if (sendAdded) { 13649 sendPackageAddedForUser(packageName, pkgSetting, userId); 13650 return true; 13651 } 13652 if (sendRemoved) { 13653 killApplication(packageName, UserHandle.getUid(userId, pkgSetting.appId), 13654 "hiding pkg"); 13655 sendApplicationHiddenForUser(packageName, pkgSetting, userId); 13656 return true; 13657 } 13658 } finally { 13659 Binder.restoreCallingIdentity(callingId); 13660 } 13661 return false; 13662 } 13663 13664 private void sendApplicationHiddenForUser(String packageName, PackageSetting pkgSetting, 13665 int userId) { 13666 final PackageRemovedInfo info = new PackageRemovedInfo(this); 13667 info.removedPackage = packageName; 13668 info.installerPackageName = pkgSetting.installerPackageName; 13669 info.removedUsers = new int[] {userId}; 13670 info.broadcastUsers = new int[] {userId}; 13671 info.uid = UserHandle.getUid(userId, pkgSetting.appId); 13672 info.sendPackageRemovedBroadcasts(true /*killApp*/); 13673 } 13674 13675 private void sendPackagesSuspendedForUser(String[] pkgList, int userId, boolean suspended) { 13676 if (pkgList.length > 0) { 13677 Bundle extras = new Bundle(1); 13678 extras.putStringArray(Intent.EXTRA_CHANGED_PACKAGE_LIST, pkgList); 13679 13680 sendPackageBroadcast( 13681 suspended ? Intent.ACTION_PACKAGES_SUSPENDED 13682 : Intent.ACTION_PACKAGES_UNSUSPENDED, 13683 null, extras, Intent.FLAG_RECEIVER_REGISTERED_ONLY, null, null, 13684 new int[] {userId}); 13685 } 13686 } 13687 13688 /** 13689 * Returns true if application is not found or there was an error. Otherwise it returns 13690 * the hidden state of the package for the given user. 13691 */ 13692 @Override 13693 public boolean getApplicationHiddenSettingAsUser(String packageName, int userId) { 13694 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 13695 enforceCrossUserPermission(Binder.getCallingUid(), userId, 13696 true /* requireFullPermission */, false /* checkShell */, 13697 "getApplicationHidden for user " + userId); 13698 PackageSetting pkgSetting; 13699 long callingId = Binder.clearCallingIdentity(); 13700 try { 13701 // writer 13702 synchronized (mPackages) { 13703 pkgSetting = mSettings.mPackages.get(packageName); 13704 if (pkgSetting == null) { 13705 return true; 13706 } 13707 return pkgSetting.getHidden(userId); 13708 } 13709 } finally { 13710 Binder.restoreCallingIdentity(callingId); 13711 } 13712 } 13713 13714 /** 13715 * @hide 13716 */ 13717 @Override 13718 public int installExistingPackageAsUser(String packageName, int userId, int installFlags, 13719 int installReason) { 13720 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, 13721 null); 13722 PackageSetting pkgSetting; 13723 final int uid = Binder.getCallingUid(); 13724 enforceCrossUserPermission(uid, userId, 13725 true /* requireFullPermission */, true /* checkShell */, 13726 "installExistingPackage for user " + userId); 13727 if (isUserRestricted(userId, UserManager.DISALLOW_INSTALL_APPS)) { 13728 return PackageManager.INSTALL_FAILED_USER_RESTRICTED; 13729 } 13730 13731 long callingId = Binder.clearCallingIdentity(); 13732 try { 13733 boolean installed = false; 13734 final boolean instantApp = 13735 (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; 13736 final boolean fullApp = 13737 (installFlags & PackageManager.INSTALL_FULL_APP) != 0; 13738 13739 // writer 13740 synchronized (mPackages) { 13741 pkgSetting = mSettings.mPackages.get(packageName); 13742 if (pkgSetting == null) { 13743 return PackageManager.INSTALL_FAILED_INVALID_URI; 13744 } 13745 if (!pkgSetting.getInstalled(userId)) { 13746 pkgSetting.setInstalled(true, userId); 13747 pkgSetting.setHidden(false, userId); 13748 pkgSetting.setInstallReason(installReason, userId); 13749 mSettings.writePackageRestrictionsLPr(userId); 13750 mSettings.writeKernelMappingLPr(pkgSetting); 13751 installed = true; 13752 } else if (fullApp && pkgSetting.getInstantApp(userId)) { 13753 // upgrade app from instant to full; we don't allow app downgrade 13754 installed = true; 13755 } 13756 setInstantAppForUser(pkgSetting, userId, instantApp, fullApp); 13757 } 13758 13759 if (installed) { 13760 if (pkgSetting.pkg != null) { 13761 synchronized (mInstallLock) { 13762 // We don't need to freeze for a brand new install 13763 prepareAppDataAfterInstallLIF(pkgSetting.pkg); 13764 } 13765 } 13766 sendPackageAddedForUser(packageName, pkgSetting, userId); 13767 synchronized (mPackages) { 13768 updateSequenceNumberLP(packageName, new int[]{ userId }); 13769 } 13770 } 13771 } finally { 13772 Binder.restoreCallingIdentity(callingId); 13773 } 13774 13775 return PackageManager.INSTALL_SUCCEEDED; 13776 } 13777 13778 void setInstantAppForUser(PackageSetting pkgSetting, int userId, 13779 boolean instantApp, boolean fullApp) { 13780 // no state specified; do nothing 13781 if (!instantApp && !fullApp) { 13782 return; 13783 } 13784 if (userId != UserHandle.USER_ALL) { 13785 if (instantApp && !pkgSetting.getInstantApp(userId)) { 13786 pkgSetting.setInstantApp(true /*instantApp*/, userId); 13787 } else if (fullApp && pkgSetting.getInstantApp(userId)) { 13788 pkgSetting.setInstantApp(false /*instantApp*/, userId); 13789 } 13790 } else { 13791 for (int currentUserId : sUserManager.getUserIds()) { 13792 if (instantApp && !pkgSetting.getInstantApp(currentUserId)) { 13793 pkgSetting.setInstantApp(true /*instantApp*/, currentUserId); 13794 } else if (fullApp && pkgSetting.getInstantApp(currentUserId)) { 13795 pkgSetting.setInstantApp(false /*instantApp*/, currentUserId); 13796 } 13797 } 13798 } 13799 } 13800 13801 boolean isUserRestricted(int userId, String restrictionKey) { 13802 Bundle restrictions = sUserManager.getUserRestrictions(userId); 13803 if (restrictions.getBoolean(restrictionKey, false)) { 13804 Log.w(TAG, "User is restricted: " + restrictionKey); 13805 return true; 13806 } 13807 return false; 13808 } 13809 13810 @Override 13811 public String[] setPackagesSuspendedAsUser(String[] packageNames, boolean suspended, 13812 int userId) { 13813 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 13814 enforceCrossUserPermission(Binder.getCallingUid(), userId, 13815 true /* requireFullPermission */, true /* checkShell */, 13816 "setPackagesSuspended for user " + userId); 13817 13818 if (ArrayUtils.isEmpty(packageNames)) { 13819 return packageNames; 13820 } 13821 13822 // List of package names for whom the suspended state has changed. 13823 List<String> changedPackages = new ArrayList<>(packageNames.length); 13824 // List of package names for whom the suspended state is not set as requested in this 13825 // method. 13826 List<String> unactionedPackages = new ArrayList<>(packageNames.length); 13827 long callingId = Binder.clearCallingIdentity(); 13828 try { 13829 for (int i = 0; i < packageNames.length; i++) { 13830 String packageName = packageNames[i]; 13831 boolean changed = false; 13832 final int appId; 13833 synchronized (mPackages) { 13834 final PackageSetting pkgSetting = mSettings.mPackages.get(packageName); 13835 if (pkgSetting == null) { 13836 Slog.w(TAG, "Could not find package setting for package \"" + packageName 13837 + "\". Skipping suspending/un-suspending."); 13838 unactionedPackages.add(packageName); 13839 continue; 13840 } 13841 appId = pkgSetting.appId; 13842 if (pkgSetting.getSuspended(userId) != suspended) { 13843 if (!canSuspendPackageForUserLocked(packageName, userId)) { 13844 unactionedPackages.add(packageName); 13845 continue; 13846 } 13847 pkgSetting.setSuspended(suspended, userId); 13848 mSettings.writePackageRestrictionsLPr(userId); 13849 changed = true; 13850 changedPackages.add(packageName); 13851 } 13852 } 13853 13854 if (changed && suspended) { 13855 killApplication(packageName, UserHandle.getUid(userId, appId), 13856 "suspending package"); 13857 } 13858 } 13859 } finally { 13860 Binder.restoreCallingIdentity(callingId); 13861 } 13862 13863 if (!changedPackages.isEmpty()) { 13864 sendPackagesSuspendedForUser(changedPackages.toArray( 13865 new String[changedPackages.size()]), userId, suspended); 13866 } 13867 13868 return unactionedPackages.toArray(new String[unactionedPackages.size()]); 13869 } 13870 13871 @Override 13872 public boolean isPackageSuspendedForUser(String packageName, int userId) { 13873 enforceCrossUserPermission(Binder.getCallingUid(), userId, 13874 true /* requireFullPermission */, false /* checkShell */, 13875 "isPackageSuspendedForUser for user " + userId); 13876 synchronized (mPackages) { 13877 final PackageSetting pkgSetting = mSettings.mPackages.get(packageName); 13878 if (pkgSetting == null) { 13879 throw new IllegalArgumentException("Unknown target package: " + packageName); 13880 } 13881 return pkgSetting.getSuspended(userId); 13882 } 13883 } 13884 13885 private boolean canSuspendPackageForUserLocked(String packageName, int userId) { 13886 if (isPackageDeviceAdmin(packageName, userId)) { 13887 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13888 + "\": has an active device admin"); 13889 return false; 13890 } 13891 13892 String activeLauncherPackageName = getActiveLauncherPackageName(userId); 13893 if (packageName.equals(activeLauncherPackageName)) { 13894 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13895 + "\": contains the active launcher"); 13896 return false; 13897 } 13898 13899 if (packageName.equals(mRequiredInstallerPackage)) { 13900 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13901 + "\": required for package installation"); 13902 return false; 13903 } 13904 13905 if (packageName.equals(mRequiredUninstallerPackage)) { 13906 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13907 + "\": required for package uninstallation"); 13908 return false; 13909 } 13910 13911 if (packageName.equals(mRequiredVerifierPackage)) { 13912 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13913 + "\": required for package verification"); 13914 return false; 13915 } 13916 13917 if (packageName.equals(getDefaultDialerPackageName(userId))) { 13918 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13919 + "\": is the default dialer"); 13920 return false; 13921 } 13922 13923 if (mProtectedPackages.isPackageStateProtected(userId, packageName)) { 13924 Slog.w(TAG, "Cannot suspend/un-suspend package \"" + packageName 13925 + "\": protected package"); 13926 return false; 13927 } 13928 13929 // Cannot suspend static shared libs as they are considered 13930 // a part of the using app (emulating static linking). Also 13931 // static libs are installed always on internal storage. 13932 PackageParser.Package pkg = mPackages.get(packageName); 13933 if (pkg != null && pkg.applicationInfo.isStaticSharedLibrary()) { 13934 Slog.w(TAG, "Cannot suspend package: " + packageName 13935 + " providing static shared library: " 13936 + pkg.staticSharedLibName); 13937 return false; 13938 } 13939 13940 return true; 13941 } 13942 13943 private String getActiveLauncherPackageName(int userId) { 13944 Intent intent = new Intent(Intent.ACTION_MAIN); 13945 intent.addCategory(Intent.CATEGORY_HOME); 13946 ResolveInfo resolveInfo = resolveIntent( 13947 intent, 13948 intent.resolveTypeIfNeeded(mContext.getContentResolver()), 13949 PackageManager.MATCH_DEFAULT_ONLY, 13950 userId); 13951 13952 return resolveInfo == null ? null : resolveInfo.activityInfo.packageName; 13953 } 13954 13955 private String getDefaultDialerPackageName(int userId) { 13956 synchronized (mPackages) { 13957 return mSettings.getDefaultDialerPackageNameLPw(userId); 13958 } 13959 } 13960 13961 @Override 13962 public void verifyPendingInstall(int id, int verificationCode) throws RemoteException { 13963 mContext.enforceCallingOrSelfPermission( 13964 android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, 13965 "Only package verification agents can verify applications"); 13966 13967 final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED); 13968 final PackageVerificationResponse response = new PackageVerificationResponse( 13969 verificationCode, Binder.getCallingUid()); 13970 msg.arg1 = id; 13971 msg.obj = response; 13972 mHandler.sendMessage(msg); 13973 } 13974 13975 @Override 13976 public void extendVerificationTimeout(int id, int verificationCodeAtTimeout, 13977 long millisecondsToDelay) { 13978 mContext.enforceCallingOrSelfPermission( 13979 android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, 13980 "Only package verification agents can extend verification timeouts"); 13981 13982 final PackageVerificationState state = mPendingVerification.get(id); 13983 final PackageVerificationResponse response = new PackageVerificationResponse( 13984 verificationCodeAtTimeout, Binder.getCallingUid()); 13985 13986 if (millisecondsToDelay > PackageManager.MAXIMUM_VERIFICATION_TIMEOUT) { 13987 millisecondsToDelay = PackageManager.MAXIMUM_VERIFICATION_TIMEOUT; 13988 } 13989 if (millisecondsToDelay < 0) { 13990 millisecondsToDelay = 0; 13991 } 13992 if ((verificationCodeAtTimeout != PackageManager.VERIFICATION_ALLOW) 13993 && (verificationCodeAtTimeout != PackageManager.VERIFICATION_REJECT)) { 13994 verificationCodeAtTimeout = PackageManager.VERIFICATION_REJECT; 13995 } 13996 13997 if ((state != null) && !state.timeoutExtended()) { 13998 state.extendTimeout(); 13999 14000 final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED); 14001 msg.arg1 = id; 14002 msg.obj = response; 14003 mHandler.sendMessageDelayed(msg, millisecondsToDelay); 14004 } 14005 } 14006 14007 private void broadcastPackageVerified(int verificationId, Uri packageUri, 14008 int verificationCode, UserHandle user) { 14009 final Intent intent = new Intent(Intent.ACTION_PACKAGE_VERIFIED); 14010 intent.setDataAndType(packageUri, PACKAGE_MIME_TYPE); 14011 intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 14012 intent.putExtra(PackageManager.EXTRA_VERIFICATION_ID, verificationId); 14013 intent.putExtra(PackageManager.EXTRA_VERIFICATION_RESULT, verificationCode); 14014 14015 mContext.sendBroadcastAsUser(intent, user, 14016 android.Manifest.permission.PACKAGE_VERIFICATION_AGENT); 14017 } 14018 14019 private ComponentName matchComponentForVerifier(String packageName, 14020 List<ResolveInfo> receivers) { 14021 ActivityInfo targetReceiver = null; 14022 14023 final int NR = receivers.size(); 14024 for (int i = 0; i < NR; i++) { 14025 final ResolveInfo info = receivers.get(i); 14026 if (info.activityInfo == null) { 14027 continue; 14028 } 14029 14030 if (packageName.equals(info.activityInfo.packageName)) { 14031 targetReceiver = info.activityInfo; 14032 break; 14033 } 14034 } 14035 14036 if (targetReceiver == null) { 14037 return null; 14038 } 14039 14040 return new ComponentName(targetReceiver.packageName, targetReceiver.name); 14041 } 14042 14043 private List<ComponentName> matchVerifiers(PackageInfoLite pkgInfo, 14044 List<ResolveInfo> receivers, final PackageVerificationState verificationState) { 14045 if (pkgInfo.verifiers.length == 0) { 14046 return null; 14047 } 14048 14049 final int N = pkgInfo.verifiers.length; 14050 final List<ComponentName> sufficientVerifiers = new ArrayList<ComponentName>(N + 1); 14051 for (int i = 0; i < N; i++) { 14052 final VerifierInfo verifierInfo = pkgInfo.verifiers[i]; 14053 14054 final ComponentName comp = matchComponentForVerifier(verifierInfo.packageName, 14055 receivers); 14056 if (comp == null) { 14057 continue; 14058 } 14059 14060 final int verifierUid = getUidForVerifier(verifierInfo); 14061 if (verifierUid == -1) { 14062 continue; 14063 } 14064 14065 if (DEBUG_VERIFY) { 14066 Slog.d(TAG, "Added sufficient verifier " + verifierInfo.packageName 14067 + " with the correct signature"); 14068 } 14069 sufficientVerifiers.add(comp); 14070 verificationState.addSufficientVerifier(verifierUid); 14071 } 14072 14073 return sufficientVerifiers; 14074 } 14075 14076 private int getUidForVerifier(VerifierInfo verifierInfo) { 14077 synchronized (mPackages) { 14078 final PackageParser.Package pkg = mPackages.get(verifierInfo.packageName); 14079 if (pkg == null) { 14080 return -1; 14081 } else if (pkg.mSignatures.length != 1) { 14082 Slog.i(TAG, "Verifier package " + verifierInfo.packageName 14083 + " has more than one signature; ignoring"); 14084 return -1; 14085 } 14086 14087 /* 14088 * If the public key of the package's signature does not match 14089 * our expected public key, then this is a different package and 14090 * we should skip. 14091 */ 14092 14093 final byte[] expectedPublicKey; 14094 try { 14095 final Signature verifierSig = pkg.mSignatures[0]; 14096 final PublicKey publicKey = verifierSig.getPublicKey(); 14097 expectedPublicKey = publicKey.getEncoded(); 14098 } catch (CertificateException e) { 14099 return -1; 14100 } 14101 14102 final byte[] actualPublicKey = verifierInfo.publicKey.getEncoded(); 14103 14104 if (!Arrays.equals(actualPublicKey, expectedPublicKey)) { 14105 Slog.i(TAG, "Verifier package " + verifierInfo.packageName 14106 + " does not have the expected public key; ignoring"); 14107 return -1; 14108 } 14109 14110 return pkg.applicationInfo.uid; 14111 } 14112 } 14113 14114 @Override 14115 public void finishPackageInstall(int token, boolean didLaunch) { 14116 enforceSystemOrRoot("Only the system is allowed to finish installs"); 14117 14118 if (DEBUG_INSTALL) { 14119 Slog.v(TAG, "BM finishing package install for " + token); 14120 } 14121 Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "restore", token); 14122 14123 final Message msg = mHandler.obtainMessage(POST_INSTALL, token, didLaunch ? 1 : 0); 14124 mHandler.sendMessage(msg); 14125 } 14126 14127 /** 14128 * Get the verification agent timeout. Used for both the APK verifier and the 14129 * intent filter verifier. 14130 * 14131 * @return verification timeout in milliseconds 14132 */ 14133 private long getVerificationTimeout() { 14134 return android.provider.Settings.Global.getLong(mContext.getContentResolver(), 14135 android.provider.Settings.Global.PACKAGE_VERIFIER_TIMEOUT, 14136 DEFAULT_VERIFICATION_TIMEOUT); 14137 } 14138 14139 /** 14140 * Get the default verification agent response code. 14141 * 14142 * @return default verification response code 14143 */ 14144 private int getDefaultVerificationResponse() { 14145 return android.provider.Settings.Global.getInt(mContext.getContentResolver(), 14146 android.provider.Settings.Global.PACKAGE_VERIFIER_DEFAULT_RESPONSE, 14147 DEFAULT_VERIFICATION_RESPONSE); 14148 } 14149 14150 /** 14151 * Check whether or not package verification has been enabled. 14152 * 14153 * @return true if verification should be performed 14154 */ 14155 private boolean isVerificationEnabled(int userId, int installFlags) { 14156 if (!DEFAULT_VERIFY_ENABLE) { 14157 return false; 14158 } 14159 14160 boolean ensureVerifyAppsEnabled = isUserRestricted(userId, UserManager.ENSURE_VERIFY_APPS); 14161 14162 // Check if installing from ADB 14163 if ((installFlags & PackageManager.INSTALL_FROM_ADB) != 0) { 14164 // Do not run verification in a test harness environment 14165 if (ActivityManager.isRunningInTestHarness()) { 14166 return false; 14167 } 14168 if (ensureVerifyAppsEnabled) { 14169 return true; 14170 } 14171 // Check if the developer does not want package verification for ADB installs 14172 if (android.provider.Settings.Global.getInt(mContext.getContentResolver(), 14173 android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, 1) == 0) { 14174 return false; 14175 } 14176 } 14177 14178 if (ensureVerifyAppsEnabled) { 14179 return true; 14180 } 14181 14182 return android.provider.Settings.Global.getInt(mContext.getContentResolver(), 14183 android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, 1) == 1; 14184 } 14185 14186 @Override 14187 public void verifyIntentFilter(int id, int verificationCode, List<String> failedDomains) 14188 throws RemoteException { 14189 mContext.enforceCallingOrSelfPermission( 14190 Manifest.permission.INTENT_FILTER_VERIFICATION_AGENT, 14191 "Only intentfilter verification agents can verify applications"); 14192 14193 final Message msg = mHandler.obtainMessage(INTENT_FILTER_VERIFIED); 14194 final IntentFilterVerificationResponse response = new IntentFilterVerificationResponse( 14195 Binder.getCallingUid(), verificationCode, failedDomains); 14196 msg.arg1 = id; 14197 msg.obj = response; 14198 mHandler.sendMessage(msg); 14199 } 14200 14201 @Override 14202 public int getIntentVerificationStatus(String packageName, int userId) { 14203 synchronized (mPackages) { 14204 return mSettings.getIntentFilterVerificationStatusLPr(packageName, userId); 14205 } 14206 } 14207 14208 @Override 14209 public boolean updateIntentVerificationStatus(String packageName, int status, int userId) { 14210 mContext.enforceCallingOrSelfPermission( 14211 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 14212 14213 boolean result = false; 14214 synchronized (mPackages) { 14215 result = mSettings.updateIntentFilterVerificationStatusLPw(packageName, status, userId); 14216 } 14217 if (result) { 14218 scheduleWritePackageRestrictionsLocked(userId); 14219 } 14220 return result; 14221 } 14222 14223 @Override 14224 public @NonNull ParceledListSlice<IntentFilterVerificationInfo> getIntentFilterVerifications( 14225 String packageName) { 14226 synchronized (mPackages) { 14227 return new ParceledListSlice<>(mSettings.getIntentFilterVerificationsLPr(packageName)); 14228 } 14229 } 14230 14231 @Override 14232 public @NonNull ParceledListSlice<IntentFilter> getAllIntentFilters(String packageName) { 14233 if (TextUtils.isEmpty(packageName)) { 14234 return ParceledListSlice.emptyList(); 14235 } 14236 synchronized (mPackages) { 14237 PackageParser.Package pkg = mPackages.get(packageName); 14238 if (pkg == null || pkg.activities == null) { 14239 return ParceledListSlice.emptyList(); 14240 } 14241 final int count = pkg.activities.size(); 14242 ArrayList<IntentFilter> result = new ArrayList<>(); 14243 for (int n=0; n<count; n++) { 14244 PackageParser.Activity activity = pkg.activities.get(n); 14245 if (activity.intents != null && activity.intents.size() > 0) { 14246 result.addAll(activity.intents); 14247 } 14248 } 14249 return new ParceledListSlice<>(result); 14250 } 14251 } 14252 14253 @Override 14254 public boolean setDefaultBrowserPackageName(String packageName, int userId) { 14255 mContext.enforceCallingOrSelfPermission( 14256 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 14257 14258 synchronized (mPackages) { 14259 boolean result = mSettings.setDefaultBrowserPackageNameLPw(packageName, userId); 14260 if (packageName != null) { 14261 mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultBrowserLPr( 14262 packageName, userId); 14263 } 14264 return result; 14265 } 14266 } 14267 14268 @Override 14269 public String getDefaultBrowserPackageName(int userId) { 14270 synchronized (mPackages) { 14271 return mSettings.getDefaultBrowserPackageNameLPw(userId); 14272 } 14273 } 14274 14275 /** 14276 * Get the "allow unknown sources" setting. 14277 * 14278 * @return the current "allow unknown sources" setting 14279 */ 14280 private int getUnknownSourcesSettings() { 14281 return android.provider.Settings.Secure.getInt(mContext.getContentResolver(), 14282 android.provider.Settings.Secure.INSTALL_NON_MARKET_APPS, 14283 -1); 14284 } 14285 14286 @Override 14287 public void setInstallerPackageName(String targetPackage, String installerPackageName) { 14288 final int uid = Binder.getCallingUid(); 14289 // writer 14290 synchronized (mPackages) { 14291 PackageSetting targetPackageSetting = mSettings.mPackages.get(targetPackage); 14292 if (targetPackageSetting == null) { 14293 throw new IllegalArgumentException("Unknown target package: " + targetPackage); 14294 } 14295 14296 PackageSetting installerPackageSetting; 14297 if (installerPackageName != null) { 14298 installerPackageSetting = mSettings.mPackages.get(installerPackageName); 14299 if (installerPackageSetting == null) { 14300 throw new IllegalArgumentException("Unknown installer package: " 14301 + installerPackageName); 14302 } 14303 } else { 14304 installerPackageSetting = null; 14305 } 14306 14307 Signature[] callerSignature; 14308 Object obj = mSettings.getUserIdLPr(uid); 14309 if (obj != null) { 14310 if (obj instanceof SharedUserSetting) { 14311 callerSignature = ((SharedUserSetting)obj).signatures.mSignatures; 14312 } else if (obj instanceof PackageSetting) { 14313 callerSignature = ((PackageSetting)obj).signatures.mSignatures; 14314 } else { 14315 throw new SecurityException("Bad object " + obj + " for uid " + uid); 14316 } 14317 } else { 14318 throw new SecurityException("Unknown calling UID: " + uid); 14319 } 14320 14321 // Verify: can't set installerPackageName to a package that is 14322 // not signed with the same cert as the caller. 14323 if (installerPackageSetting != null) { 14324 if (compareSignatures(callerSignature, 14325 installerPackageSetting.signatures.mSignatures) 14326 != PackageManager.SIGNATURE_MATCH) { 14327 throw new SecurityException( 14328 "Caller does not have same cert as new installer package " 14329 + installerPackageName); 14330 } 14331 } 14332 14333 // Verify: if target already has an installer package, it must 14334 // be signed with the same cert as the caller. 14335 if (targetPackageSetting.installerPackageName != null) { 14336 PackageSetting setting = mSettings.mPackages.get( 14337 targetPackageSetting.installerPackageName); 14338 // If the currently set package isn't valid, then it's always 14339 // okay to change it. 14340 if (setting != null) { 14341 if (compareSignatures(callerSignature, 14342 setting.signatures.mSignatures) 14343 != PackageManager.SIGNATURE_MATCH) { 14344 throw new SecurityException( 14345 "Caller does not have same cert as old installer package " 14346 + targetPackageSetting.installerPackageName); 14347 } 14348 } 14349 } 14350 14351 // Okay! 14352 targetPackageSetting.installerPackageName = installerPackageName; 14353 if (installerPackageName != null) { 14354 mSettings.mInstallerPackages.add(installerPackageName); 14355 } 14356 scheduleWriteSettingsLocked(); 14357 } 14358 } 14359 14360 @Override 14361 public void setApplicationCategoryHint(String packageName, int categoryHint, 14362 String callerPackageName) { 14363 mContext.getSystemService(AppOpsManager.class).checkPackage(Binder.getCallingUid(), 14364 callerPackageName); 14365 synchronized (mPackages) { 14366 PackageSetting ps = mSettings.mPackages.get(packageName); 14367 if (ps == null) { 14368 throw new IllegalArgumentException("Unknown target package " + packageName); 14369 } 14370 14371 if (!Objects.equals(callerPackageName, ps.installerPackageName)) { 14372 throw new IllegalArgumentException("Calling package " + callerPackageName 14373 + " is not installer for " + packageName); 14374 } 14375 14376 if (ps.categoryHint != categoryHint) { 14377 ps.categoryHint = categoryHint; 14378 scheduleWriteSettingsLocked(); 14379 } 14380 } 14381 } 14382 14383 private void processPendingInstall(final InstallArgs args, final int currentStatus) { 14384 // Queue up an async operation since the package installation may take a little while. 14385 mHandler.post(new Runnable() { 14386 public void run() { 14387 mHandler.removeCallbacks(this); 14388 // Result object to be returned 14389 PackageInstalledInfo res = new PackageInstalledInfo(); 14390 res.setReturnCode(currentStatus); 14391 res.uid = -1; 14392 res.pkg = null; 14393 res.removedInfo = null; 14394 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { 14395 args.doPreInstall(res.returnCode); 14396 synchronized (mInstallLock) { 14397 installPackageTracedLI(args, res); 14398 } 14399 args.doPostInstall(res.returnCode, res.uid); 14400 } 14401 14402 // A restore should be performed at this point if (a) the install 14403 // succeeded, (b) the operation is not an update, and (c) the new 14404 // package has not opted out of backup participation. 14405 final boolean update = res.removedInfo != null 14406 && res.removedInfo.removedPackage != null; 14407 final int flags = (res.pkg == null) ? 0 : res.pkg.applicationInfo.flags; 14408 boolean doRestore = !update 14409 && ((flags & ApplicationInfo.FLAG_ALLOW_BACKUP) != 0); 14410 14411 // Set up the post-install work request bookkeeping. This will be used 14412 // and cleaned up by the post-install event handling regardless of whether 14413 // there's a restore pass performed. Token values are >= 1. 14414 int token; 14415 if (mNextInstallToken < 0) mNextInstallToken = 1; 14416 token = mNextInstallToken++; 14417 14418 PostInstallData data = new PostInstallData(args, res); 14419 mRunningInstalls.put(token, data); 14420 if (DEBUG_INSTALL) Log.v(TAG, "+ starting restore round-trip " + token); 14421 14422 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED && doRestore) { 14423 // Pass responsibility to the Backup Manager. It will perform a 14424 // restore if appropriate, then pass responsibility back to the 14425 // Package Manager to run the post-install observer callbacks 14426 // and broadcasts. 14427 IBackupManager bm = IBackupManager.Stub.asInterface( 14428 ServiceManager.getService(Context.BACKUP_SERVICE)); 14429 if (bm != null) { 14430 if (DEBUG_INSTALL) Log.v(TAG, "token " + token 14431 + " to BM for possible restore"); 14432 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "restore", token); 14433 try { 14434 // TODO: http://b/22388012 14435 if (bm.isBackupServiceActive(UserHandle.USER_SYSTEM)) { 14436 bm.restoreAtInstall(res.pkg.applicationInfo.packageName, token); 14437 } else { 14438 doRestore = false; 14439 } 14440 } catch (RemoteException e) { 14441 // can't happen; the backup manager is local 14442 } catch (Exception e) { 14443 Slog.e(TAG, "Exception trying to enqueue restore", e); 14444 doRestore = false; 14445 } 14446 } else { 14447 Slog.e(TAG, "Backup Manager not found!"); 14448 doRestore = false; 14449 } 14450 } 14451 14452 if (!doRestore) { 14453 // No restore possible, or the Backup Manager was mysteriously not 14454 // available -- just fire the post-install work request directly. 14455 if (DEBUG_INSTALL) Log.v(TAG, "No restore - queue post-install for " + token); 14456 14457 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "postInstall", token); 14458 14459 Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0); 14460 mHandler.sendMessage(msg); 14461 } 14462 } 14463 }); 14464 } 14465 14466 /** 14467 * Callback from PackageSettings whenever an app is first transitioned out of the 14468 * 'stopped' state. Normally we just issue the broadcast, but we can't do that if 14469 * the app was "launched" for a restoreAtInstall operation. Therefore we check 14470 * here whether the app is the target of an ongoing install, and only send the 14471 * broadcast immediately if it is not in that state. If it *is* undergoing a restore, 14472 * the first-launch broadcast will be sent implicitly on that basis in POST_INSTALL 14473 * handling. 14474 */ 14475 void notifyFirstLaunch(final String pkgName, final String installerPackage, final int userId) { 14476 // Serialize this with the rest of the install-process message chain. In the 14477 // restore-at-install case, this Runnable will necessarily run before the 14478 // POST_INSTALL message is processed, so the contents of mRunningInstalls 14479 // are coherent. In the non-restore case, the app has already completed install 14480 // and been launched through some other means, so it is not in a problematic 14481 // state for observers to see the FIRST_LAUNCH signal. 14482 mHandler.post(new Runnable() { 14483 @Override 14484 public void run() { 14485 for (int i = 0; i < mRunningInstalls.size(); i++) { 14486 final PostInstallData data = mRunningInstalls.valueAt(i); 14487 if (data.res.returnCode != PackageManager.INSTALL_SUCCEEDED) { 14488 continue; 14489 } 14490 if (pkgName.equals(data.res.pkg.applicationInfo.packageName)) { 14491 // right package; but is it for the right user? 14492 for (int uIndex = 0; uIndex < data.res.newUsers.length; uIndex++) { 14493 if (userId == data.res.newUsers[uIndex]) { 14494 if (DEBUG_BACKUP) { 14495 Slog.i(TAG, "Package " + pkgName 14496 + " being restored so deferring FIRST_LAUNCH"); 14497 } 14498 return; 14499 } 14500 } 14501 } 14502 } 14503 // didn't find it, so not being restored 14504 if (DEBUG_BACKUP) { 14505 Slog.i(TAG, "Package " + pkgName + " sending normal FIRST_LAUNCH"); 14506 } 14507 sendFirstLaunchBroadcast(pkgName, installerPackage, new int[] {userId}); 14508 } 14509 }); 14510 } 14511 14512 private void sendFirstLaunchBroadcast(String pkgName, String installerPkg, int[] userIds) { 14513 sendPackageBroadcast(Intent.ACTION_PACKAGE_FIRST_LAUNCH, pkgName, null, 0, 14514 installerPkg, null, userIds); 14515 } 14516 14517 private abstract class HandlerParams { 14518 private static final int MAX_RETRIES = 4; 14519 14520 /** 14521 * Number of times startCopy() has been attempted and had a non-fatal 14522 * error. 14523 */ 14524 private int mRetries = 0; 14525 14526 /** User handle for the user requesting the information or installation. */ 14527 private final UserHandle mUser; 14528 String traceMethod; 14529 int traceCookie; 14530 14531 HandlerParams(UserHandle user) { 14532 mUser = user; 14533 } 14534 14535 UserHandle getUser() { 14536 return mUser; 14537 } 14538 14539 HandlerParams setTraceMethod(String traceMethod) { 14540 this.traceMethod = traceMethod; 14541 return this; 14542 } 14543 14544 HandlerParams setTraceCookie(int traceCookie) { 14545 this.traceCookie = traceCookie; 14546 return this; 14547 } 14548 14549 final boolean startCopy() { 14550 boolean res; 14551 try { 14552 if (DEBUG_INSTALL) Slog.i(TAG, "startCopy " + mUser + ": " + this); 14553 14554 if (++mRetries > MAX_RETRIES) { 14555 Slog.w(TAG, "Failed to invoke remote methods on default container service. Giving up"); 14556 mHandler.sendEmptyMessage(MCS_GIVE_UP); 14557 handleServiceError(); 14558 return false; 14559 } else { 14560 handleStartCopy(); 14561 res = true; 14562 } 14563 } catch (RemoteException e) { 14564 if (DEBUG_INSTALL) Slog.i(TAG, "Posting install MCS_RECONNECT"); 14565 mHandler.sendEmptyMessage(MCS_RECONNECT); 14566 res = false; 14567 } 14568 handleReturnCode(); 14569 return res; 14570 } 14571 14572 final void serviceError() { 14573 if (DEBUG_INSTALL) Slog.i(TAG, "serviceError"); 14574 handleServiceError(); 14575 handleReturnCode(); 14576 } 14577 14578 abstract void handleStartCopy() throws RemoteException; 14579 abstract void handleServiceError(); 14580 abstract void handleReturnCode(); 14581 } 14582 14583 private static void clearDirectory(IMediaContainerService mcs, File[] paths) { 14584 for (File path : paths) { 14585 try { 14586 mcs.clearDirectory(path.getAbsolutePath()); 14587 } catch (RemoteException e) { 14588 } 14589 } 14590 } 14591 14592 static class OriginInfo { 14593 /** 14594 * Location where install is coming from, before it has been 14595 * copied/renamed into place. This could be a single monolithic APK 14596 * file, or a cluster directory. This location may be untrusted. 14597 */ 14598 final File file; 14599 final String cid; 14600 14601 /** 14602 * Flag indicating that {@link #file} or {@link #cid} has already been 14603 * staged, meaning downstream users don't need to defensively copy the 14604 * contents. 14605 */ 14606 final boolean staged; 14607 14608 /** 14609 * Flag indicating that {@link #file} or {@link #cid} is an already 14610 * installed app that is being moved. 14611 */ 14612 final boolean existing; 14613 14614 final String resolvedPath; 14615 final File resolvedFile; 14616 14617 static OriginInfo fromNothing() { 14618 return new OriginInfo(null, null, false, false); 14619 } 14620 14621 static OriginInfo fromUntrustedFile(File file) { 14622 return new OriginInfo(file, null, false, false); 14623 } 14624 14625 static OriginInfo fromExistingFile(File file) { 14626 return new OriginInfo(file, null, false, true); 14627 } 14628 14629 static OriginInfo fromStagedFile(File file) { 14630 return new OriginInfo(file, null, true, false); 14631 } 14632 14633 static OriginInfo fromStagedContainer(String cid) { 14634 return new OriginInfo(null, cid, true, false); 14635 } 14636 14637 private OriginInfo(File file, String cid, boolean staged, boolean existing) { 14638 this.file = file; 14639 this.cid = cid; 14640 this.staged = staged; 14641 this.existing = existing; 14642 14643 if (cid != null) { 14644 resolvedPath = PackageHelper.getSdDir(cid); 14645 resolvedFile = new File(resolvedPath); 14646 } else if (file != null) { 14647 resolvedPath = file.getAbsolutePath(); 14648 resolvedFile = file; 14649 } else { 14650 resolvedPath = null; 14651 resolvedFile = null; 14652 } 14653 } 14654 } 14655 14656 static class MoveInfo { 14657 final int moveId; 14658 final String fromUuid; 14659 final String toUuid; 14660 final String packageName; 14661 final String dataAppName; 14662 final int appId; 14663 final String seinfo; 14664 final int targetSdkVersion; 14665 14666 public MoveInfo(int moveId, String fromUuid, String toUuid, String packageName, 14667 String dataAppName, int appId, String seinfo, int targetSdkVersion) { 14668 this.moveId = moveId; 14669 this.fromUuid = fromUuid; 14670 this.toUuid = toUuid; 14671 this.packageName = packageName; 14672 this.dataAppName = dataAppName; 14673 this.appId = appId; 14674 this.seinfo = seinfo; 14675 this.targetSdkVersion = targetSdkVersion; 14676 } 14677 } 14678 14679 static class VerificationInfo { 14680 /** A constant used to indicate that a uid value is not present. */ 14681 public static final int NO_UID = -1; 14682 14683 /** URI referencing where the package was downloaded from. */ 14684 final Uri originatingUri; 14685 14686 /** HTTP referrer URI associated with the originatingURI. */ 14687 final Uri referrer; 14688 14689 /** UID of the application that the install request originated from. */ 14690 final int originatingUid; 14691 14692 /** UID of application requesting the install */ 14693 final int installerUid; 14694 14695 VerificationInfo(Uri originatingUri, Uri referrer, int originatingUid, int installerUid) { 14696 this.originatingUri = originatingUri; 14697 this.referrer = referrer; 14698 this.originatingUid = originatingUid; 14699 this.installerUid = installerUid; 14700 } 14701 } 14702 14703 class InstallParams extends HandlerParams { 14704 final OriginInfo origin; 14705 final MoveInfo move; 14706 final IPackageInstallObserver2 observer; 14707 int installFlags; 14708 final String installerPackageName; 14709 final String volumeUuid; 14710 private InstallArgs mArgs; 14711 private int mRet; 14712 final String packageAbiOverride; 14713 final String[] grantedRuntimePermissions; 14714 final VerificationInfo verificationInfo; 14715 final Certificate[][] certificates; 14716 final int installReason; 14717 14718 InstallParams(OriginInfo origin, MoveInfo move, IPackageInstallObserver2 observer, 14719 int installFlags, String installerPackageName, String volumeUuid, 14720 VerificationInfo verificationInfo, UserHandle user, String packageAbiOverride, 14721 String[] grantedPermissions, Certificate[][] certificates, int installReason) { 14722 super(user); 14723 this.origin = origin; 14724 this.move = move; 14725 this.observer = observer; 14726 this.installFlags = installFlags; 14727 this.installerPackageName = installerPackageName; 14728 this.volumeUuid = volumeUuid; 14729 this.verificationInfo = verificationInfo; 14730 this.packageAbiOverride = packageAbiOverride; 14731 this.grantedRuntimePermissions = grantedPermissions; 14732 this.certificates = certificates; 14733 this.installReason = installReason; 14734 } 14735 14736 @Override 14737 public String toString() { 14738 return "InstallParams{" + Integer.toHexString(System.identityHashCode(this)) 14739 + " file=" + origin.file + " cid=" + origin.cid + "}"; 14740 } 14741 14742 private int installLocationPolicy(PackageInfoLite pkgLite) { 14743 String packageName = pkgLite.packageName; 14744 int installLocation = pkgLite.installLocation; 14745 boolean onSd = (installFlags & PackageManager.INSTALL_EXTERNAL) != 0; 14746 // reader 14747 synchronized (mPackages) { 14748 // Currently installed package which the new package is attempting to replace or 14749 // null if no such package is installed. 14750 PackageParser.Package installedPkg = mPackages.get(packageName); 14751 // Package which currently owns the data which the new package will own if installed. 14752 // If an app is unstalled while keeping data (e.g., adb uninstall -k), installedPkg 14753 // will be null whereas dataOwnerPkg will contain information about the package 14754 // which was uninstalled while keeping its data. 14755 PackageParser.Package dataOwnerPkg = installedPkg; 14756 if (dataOwnerPkg == null) { 14757 PackageSetting ps = mSettings.mPackages.get(packageName); 14758 if (ps != null) { 14759 dataOwnerPkg = ps.pkg; 14760 } 14761 } 14762 14763 if (dataOwnerPkg != null) { 14764 // If installed, the package will get access to data left on the device by its 14765 // predecessor. As a security measure, this is permited only if this is not a 14766 // version downgrade or if the predecessor package is marked as debuggable and 14767 // a downgrade is explicitly requested. 14768 // 14769 // On debuggable platform builds, downgrades are permitted even for 14770 // non-debuggable packages to make testing easier. Debuggable platform builds do 14771 // not offer security guarantees and thus it's OK to disable some security 14772 // mechanisms to make debugging/testing easier on those builds. However, even on 14773 // debuggable builds downgrades of packages are permitted only if requested via 14774 // installFlags. This is because we aim to keep the behavior of debuggable 14775 // platform builds as close as possible to the behavior of non-debuggable 14776 // platform builds. 14777 final boolean downgradeRequested = 14778 (installFlags & PackageManager.INSTALL_ALLOW_DOWNGRADE) != 0; 14779 final boolean packageDebuggable = 14780 (dataOwnerPkg.applicationInfo.flags 14781 & ApplicationInfo.FLAG_DEBUGGABLE) != 0; 14782 final boolean downgradePermitted = 14783 (downgradeRequested) && ((Build.IS_DEBUGGABLE) || (packageDebuggable)); 14784 if (!downgradePermitted) { 14785 try { 14786 checkDowngrade(dataOwnerPkg, pkgLite); 14787 } catch (PackageManagerException e) { 14788 Slog.w(TAG, "Downgrade detected: " + e.getMessage()); 14789 return PackageHelper.RECOMMEND_FAILED_VERSION_DOWNGRADE; 14790 } 14791 } 14792 } 14793 14794 if (installedPkg != null) { 14795 if ((installFlags & PackageManager.INSTALL_REPLACE_EXISTING) != 0) { 14796 // Check for updated system application. 14797 if ((installedPkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 14798 if (onSd) { 14799 Slog.w(TAG, "Cannot install update to system app on sdcard"); 14800 return PackageHelper.RECOMMEND_FAILED_INVALID_LOCATION; 14801 } 14802 return PackageHelper.RECOMMEND_INSTALL_INTERNAL; 14803 } else { 14804 if (onSd) { 14805 // Install flag overrides everything. 14806 return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; 14807 } 14808 // If current upgrade specifies particular preference 14809 if (installLocation == PackageInfo.INSTALL_LOCATION_INTERNAL_ONLY) { 14810 // Application explicitly specified internal. 14811 return PackageHelper.RECOMMEND_INSTALL_INTERNAL; 14812 } else if (installLocation == PackageInfo.INSTALL_LOCATION_PREFER_EXTERNAL) { 14813 // App explictly prefers external. Let policy decide 14814 } else { 14815 // Prefer previous location 14816 if (isExternal(installedPkg)) { 14817 return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; 14818 } 14819 return PackageHelper.RECOMMEND_INSTALL_INTERNAL; 14820 } 14821 } 14822 } else { 14823 // Invalid install. Return error code 14824 return PackageHelper.RECOMMEND_FAILED_ALREADY_EXISTS; 14825 } 14826 } 14827 } 14828 // All the special cases have been taken care of. 14829 // Return result based on recommended install location. 14830 if (onSd) { 14831 return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; 14832 } 14833 return pkgLite.recommendedInstallLocation; 14834 } 14835 14836 /* 14837 * Invoke remote method to get package information and install 14838 * location values. Override install location based on default 14839 * policy if needed and then create install arguments based 14840 * on the install location. 14841 */ 14842 public void handleStartCopy() throws RemoteException { 14843 int ret = PackageManager.INSTALL_SUCCEEDED; 14844 14845 // If we're already staged, we've firmly committed to an install location 14846 if (origin.staged) { 14847 if (origin.file != null) { 14848 installFlags |= PackageManager.INSTALL_INTERNAL; 14849 installFlags &= ~PackageManager.INSTALL_EXTERNAL; 14850 } else if (origin.cid != null) { 14851 installFlags |= PackageManager.INSTALL_EXTERNAL; 14852 installFlags &= ~PackageManager.INSTALL_INTERNAL; 14853 } else { 14854 throw new IllegalStateException("Invalid stage location"); 14855 } 14856 } 14857 14858 final boolean onSd = (installFlags & PackageManager.INSTALL_EXTERNAL) != 0; 14859 final boolean onInt = (installFlags & PackageManager.INSTALL_INTERNAL) != 0; 14860 final boolean ephemeral = (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; 14861 PackageInfoLite pkgLite = null; 14862 14863 if (onInt && onSd) { 14864 // Check if both bits are set. 14865 Slog.w(TAG, "Conflicting flags specified for installing on both internal and external"); 14866 ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; 14867 } else if (onSd && ephemeral) { 14868 Slog.w(TAG, "Conflicting flags specified for installing ephemeral on external"); 14869 ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; 14870 } else { 14871 pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath, installFlags, 14872 packageAbiOverride); 14873 14874 if (DEBUG_EPHEMERAL && ephemeral) { 14875 Slog.v(TAG, "pkgLite for install: " + pkgLite); 14876 } 14877 14878 /* 14879 * If we have too little free space, try to free cache 14880 * before giving up. 14881 */ 14882 if (!origin.staged && pkgLite.recommendedInstallLocation 14883 == PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE) { 14884 // TODO: focus freeing disk space on the target device 14885 final StorageManager storage = StorageManager.from(mContext); 14886 final long lowThreshold = storage.getStorageLowBytes( 14887 Environment.getDataDirectory()); 14888 14889 final long sizeBytes = mContainerService.calculateInstalledSize( 14890 origin.resolvedPath, isForwardLocked(), packageAbiOverride); 14891 14892 try { 14893 mInstaller.freeCache(null, sizeBytes + lowThreshold, 0); 14894 pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath, 14895 installFlags, packageAbiOverride); 14896 } catch (InstallerException e) { 14897 Slog.w(TAG, "Failed to free cache", e); 14898 } 14899 14900 /* 14901 * The cache free must have deleted the file we 14902 * downloaded to install. 14903 * 14904 * TODO: fix the "freeCache" call to not delete 14905 * the file we care about. 14906 */ 14907 if (pkgLite.recommendedInstallLocation 14908 == PackageHelper.RECOMMEND_FAILED_INVALID_URI) { 14909 pkgLite.recommendedInstallLocation 14910 = PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE; 14911 } 14912 } 14913 } 14914 14915 if (ret == PackageManager.INSTALL_SUCCEEDED) { 14916 int loc = pkgLite.recommendedInstallLocation; 14917 if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_LOCATION) { 14918 ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; 14919 } else if (loc == PackageHelper.RECOMMEND_FAILED_ALREADY_EXISTS) { 14920 ret = PackageManager.INSTALL_FAILED_ALREADY_EXISTS; 14921 } else if (loc == PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE) { 14922 ret = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; 14923 } else if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_APK) { 14924 ret = PackageManager.INSTALL_FAILED_INVALID_APK; 14925 } else if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_URI) { 14926 ret = PackageManager.INSTALL_FAILED_INVALID_URI; 14927 } else if (loc == PackageHelper.RECOMMEND_MEDIA_UNAVAILABLE) { 14928 ret = PackageManager.INSTALL_FAILED_MEDIA_UNAVAILABLE; 14929 } else { 14930 // Override with defaults if needed. 14931 loc = installLocationPolicy(pkgLite); 14932 if (loc == PackageHelper.RECOMMEND_FAILED_VERSION_DOWNGRADE) { 14933 ret = PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE; 14934 } else if (!onSd && !onInt) { 14935 // Override install location with flags 14936 if (loc == PackageHelper.RECOMMEND_INSTALL_EXTERNAL) { 14937 // Set the flag to install on external media. 14938 installFlags |= PackageManager.INSTALL_EXTERNAL; 14939 installFlags &= ~PackageManager.INSTALL_INTERNAL; 14940 } else if (loc == PackageHelper.RECOMMEND_INSTALL_EPHEMERAL) { 14941 if (DEBUG_EPHEMERAL) { 14942 Slog.v(TAG, "...setting INSTALL_EPHEMERAL install flag"); 14943 } 14944 installFlags |= PackageManager.INSTALL_INSTANT_APP; 14945 installFlags &= ~(PackageManager.INSTALL_EXTERNAL 14946 |PackageManager.INSTALL_INTERNAL); 14947 } else { 14948 // Make sure the flag for installing on external 14949 // media is unset 14950 installFlags |= PackageManager.INSTALL_INTERNAL; 14951 installFlags &= ~PackageManager.INSTALL_EXTERNAL; 14952 } 14953 } 14954 } 14955 } 14956 14957 final InstallArgs args = createInstallArgs(this); 14958 mArgs = args; 14959 14960 if (ret == PackageManager.INSTALL_SUCCEEDED) { 14961 // TODO: http://b/22976637 14962 // Apps installed for "all" users use the device owner to verify the app 14963 UserHandle verifierUser = getUser(); 14964 if (verifierUser == UserHandle.ALL) { 14965 verifierUser = UserHandle.SYSTEM; 14966 } 14967 14968 /* 14969 * Determine if we have any installed package verifiers. If we 14970 * do, then we'll defer to them to verify the packages. 14971 */ 14972 final int requiredUid = mRequiredVerifierPackage == null ? -1 14973 : getPackageUid(mRequiredVerifierPackage, MATCH_DEBUG_TRIAGED_MISSING, 14974 verifierUser.getIdentifier()); 14975 if (!origin.existing && requiredUid != -1 14976 && isVerificationEnabled(verifierUser.getIdentifier(), installFlags)) { 14977 final Intent verification = new Intent( 14978 Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 14979 verification.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 14980 verification.setDataAndType(Uri.fromFile(new File(origin.resolvedPath)), 14981 PACKAGE_MIME_TYPE); 14982 verification.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 14983 14984 // Query all live verifiers based on current user state 14985 final List<ResolveInfo> receivers = queryIntentReceiversInternal(verification, 14986 PACKAGE_MIME_TYPE, 0, verifierUser.getIdentifier()); 14987 14988 if (DEBUG_VERIFY) { 14989 Slog.d(TAG, "Found " + receivers.size() + " verifiers for intent " 14990 + verification.toString() + " with " + pkgLite.verifiers.length 14991 + " optional verifiers"); 14992 } 14993 14994 final int verificationId = mPendingVerificationToken++; 14995 14996 verification.putExtra(PackageManager.EXTRA_VERIFICATION_ID, verificationId); 14997 14998 verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALLER_PACKAGE, 14999 installerPackageName); 15000 15001 verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALL_FLAGS, 15002 installFlags); 15003 15004 verification.putExtra(PackageManager.EXTRA_VERIFICATION_PACKAGE_NAME, 15005 pkgLite.packageName); 15006 15007 verification.putExtra(PackageManager.EXTRA_VERIFICATION_VERSION_CODE, 15008 pkgLite.versionCode); 15009 15010 if (verificationInfo != null) { 15011 if (verificationInfo.originatingUri != null) { 15012 verification.putExtra(Intent.EXTRA_ORIGINATING_URI, 15013 verificationInfo.originatingUri); 15014 } 15015 if (verificationInfo.referrer != null) { 15016 verification.putExtra(Intent.EXTRA_REFERRER, 15017 verificationInfo.referrer); 15018 } 15019 if (verificationInfo.originatingUid >= 0) { 15020 verification.putExtra(Intent.EXTRA_ORIGINATING_UID, 15021 verificationInfo.originatingUid); 15022 } 15023 if (verificationInfo.installerUid >= 0) { 15024 verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALLER_UID, 15025 verificationInfo.installerUid); 15026 } 15027 } 15028 15029 final PackageVerificationState verificationState = new PackageVerificationState( 15030 requiredUid, args); 15031 15032 mPendingVerification.append(verificationId, verificationState); 15033 15034 final List<ComponentName> sufficientVerifiers = matchVerifiers(pkgLite, 15035 receivers, verificationState); 15036 15037 DeviceIdleController.LocalService idleController = getDeviceIdleController(); 15038 final long idleDuration = getVerificationTimeout(); 15039 15040 /* 15041 * If any sufficient verifiers were listed in the package 15042 * manifest, attempt to ask them. 15043 */ 15044 if (sufficientVerifiers != null) { 15045 final int N = sufficientVerifiers.size(); 15046 if (N == 0) { 15047 Slog.i(TAG, "Additional verifiers required, but none installed."); 15048 ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; 15049 } else { 15050 for (int i = 0; i < N; i++) { 15051 final ComponentName verifierComponent = sufficientVerifiers.get(i); 15052 idleController.addPowerSaveTempWhitelistApp(Process.myUid(), 15053 verifierComponent.getPackageName(), idleDuration, 15054 verifierUser.getIdentifier(), false, "package verifier"); 15055 15056 final Intent sufficientIntent = new Intent(verification); 15057 sufficientIntent.setComponent(verifierComponent); 15058 mContext.sendBroadcastAsUser(sufficientIntent, verifierUser); 15059 } 15060 } 15061 } 15062 15063 final ComponentName requiredVerifierComponent = matchComponentForVerifier( 15064 mRequiredVerifierPackage, receivers); 15065 if (ret == PackageManager.INSTALL_SUCCEEDED 15066 && mRequiredVerifierPackage != null) { 15067 Trace.asyncTraceBegin( 15068 TRACE_TAG_PACKAGE_MANAGER, "verification", verificationId); 15069 /* 15070 * Send the intent to the required verification agent, 15071 * but only start the verification timeout after the 15072 * target BroadcastReceivers have run. 15073 */ 15074 verification.setComponent(requiredVerifierComponent); 15075 idleController.addPowerSaveTempWhitelistApp(Process.myUid(), 15076 mRequiredVerifierPackage, idleDuration, 15077 verifierUser.getIdentifier(), false, "package verifier"); 15078 mContext.sendOrderedBroadcastAsUser(verification, verifierUser, 15079 android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, 15080 new BroadcastReceiver() { 15081 @Override 15082 public void onReceive(Context context, Intent intent) { 15083 final Message msg = mHandler 15084 .obtainMessage(CHECK_PENDING_VERIFICATION); 15085 msg.arg1 = verificationId; 15086 mHandler.sendMessageDelayed(msg, getVerificationTimeout()); 15087 } 15088 }, null, 0, null, null); 15089 15090 /* 15091 * We don't want the copy to proceed until verification 15092 * succeeds, so null out this field. 15093 */ 15094 mArgs = null; 15095 } 15096 } else { 15097 /* 15098 * No package verification is enabled, so immediately start 15099 * the remote call to initiate copy using temporary file. 15100 */ 15101 ret = args.copyApk(mContainerService, true); 15102 } 15103 } 15104 15105 mRet = ret; 15106 } 15107 15108 @Override 15109 void handleReturnCode() { 15110 // If mArgs is null, then MCS couldn't be reached. When it 15111 // reconnects, it will try again to install. At that point, this 15112 // will succeed. 15113 if (mArgs != null) { 15114 processPendingInstall(mArgs, mRet); 15115 } 15116 } 15117 15118 @Override 15119 void handleServiceError() { 15120 mArgs = createInstallArgs(this); 15121 mRet = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; 15122 } 15123 15124 public boolean isForwardLocked() { 15125 return (installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0; 15126 } 15127 } 15128 15129 /** 15130 * Used during creation of InstallArgs 15131 * 15132 * @param installFlags package installation flags 15133 * @return true if should be installed on external storage 15134 */ 15135 private static boolean installOnExternalAsec(int installFlags) { 15136 if ((installFlags & PackageManager.INSTALL_INTERNAL) != 0) { 15137 return false; 15138 } 15139 if ((installFlags & PackageManager.INSTALL_EXTERNAL) != 0) { 15140 return true; 15141 } 15142 return false; 15143 } 15144 15145 /** 15146 * Used during creation of InstallArgs 15147 * 15148 * @param installFlags package installation flags 15149 * @return true if should be installed as forward locked 15150 */ 15151 private static boolean installForwardLocked(int installFlags) { 15152 return (installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0; 15153 } 15154 15155 private InstallArgs createInstallArgs(InstallParams params) { 15156 if (params.move != null) { 15157 return new MoveInstallArgs(params); 15158 } else if (installOnExternalAsec(params.installFlags) || params.isForwardLocked()) { 15159 return new AsecInstallArgs(params); 15160 } else { 15161 return new FileInstallArgs(params); 15162 } 15163 } 15164 15165 /** 15166 * Create args that describe an existing installed package. Typically used 15167 * when cleaning up old installs, or used as a move source. 15168 */ 15169 private InstallArgs createInstallArgsForExisting(int installFlags, String codePath, 15170 String resourcePath, String[] instructionSets) { 15171 final boolean isInAsec; 15172 if (installOnExternalAsec(installFlags)) { 15173 /* Apps on SD card are always in ASEC containers. */ 15174 isInAsec = true; 15175 } else if (installForwardLocked(installFlags) 15176 && !codePath.startsWith(mDrmAppPrivateInstallDir.getAbsolutePath())) { 15177 /* 15178 * Forward-locked apps are only in ASEC containers if they're the 15179 * new style 15180 */ 15181 isInAsec = true; 15182 } else { 15183 isInAsec = false; 15184 } 15185 15186 if (isInAsec) { 15187 return new AsecInstallArgs(codePath, instructionSets, 15188 installOnExternalAsec(installFlags), installForwardLocked(installFlags)); 15189 } else { 15190 return new FileInstallArgs(codePath, resourcePath, instructionSets); 15191 } 15192 } 15193 15194 static abstract class InstallArgs { 15195 /** @see InstallParams#origin */ 15196 final OriginInfo origin; 15197 /** @see InstallParams#move */ 15198 final MoveInfo move; 15199 15200 final IPackageInstallObserver2 observer; 15201 // Always refers to PackageManager flags only 15202 final int installFlags; 15203 final String installerPackageName; 15204 final String volumeUuid; 15205 final UserHandle user; 15206 final String abiOverride; 15207 final String[] installGrantPermissions; 15208 /** If non-null, drop an async trace when the install completes */ 15209 final String traceMethod; 15210 final int traceCookie; 15211 final Certificate[][] certificates; 15212 final int installReason; 15213 15214 // The list of instruction sets supported by this app. This is currently 15215 // only used during the rmdex() phase to clean up resources. We can get rid of this 15216 // if we move dex files under the common app path. 15217 /* nullable */ String[] instructionSets; 15218 15219 InstallArgs(OriginInfo origin, MoveInfo move, IPackageInstallObserver2 observer, 15220 int installFlags, String installerPackageName, String volumeUuid, 15221 UserHandle user, String[] instructionSets, 15222 String abiOverride, String[] installGrantPermissions, 15223 String traceMethod, int traceCookie, Certificate[][] certificates, 15224 int installReason) { 15225 this.origin = origin; 15226 this.move = move; 15227 this.installFlags = installFlags; 15228 this.observer = observer; 15229 this.installerPackageName = installerPackageName; 15230 this.volumeUuid = volumeUuid; 15231 this.user = user; 15232 this.instructionSets = instructionSets; 15233 this.abiOverride = abiOverride; 15234 this.installGrantPermissions = installGrantPermissions; 15235 this.traceMethod = traceMethod; 15236 this.traceCookie = traceCookie; 15237 this.certificates = certificates; 15238 this.installReason = installReason; 15239 } 15240 15241 abstract int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException; 15242 abstract int doPreInstall(int status); 15243 15244 /** 15245 * Rename package into final resting place. All paths on the given 15246 * scanned package should be updated to reflect the rename. 15247 */ 15248 abstract boolean doRename(int status, PackageParser.Package pkg, String oldCodePath); 15249 abstract int doPostInstall(int status, int uid); 15250 15251 /** @see PackageSettingBase#codePathString */ 15252 abstract String getCodePath(); 15253 /** @see PackageSettingBase#resourcePathString */ 15254 abstract String getResourcePath(); 15255 15256 // Need installer lock especially for dex file removal. 15257 abstract void cleanUpResourcesLI(); 15258 abstract boolean doPostDeleteLI(boolean delete); 15259 15260 /** 15261 * Called before the source arguments are copied. This is used mostly 15262 * for MoveParams when it needs to read the source file to put it in the 15263 * destination. 15264 */ 15265 int doPreCopy() { 15266 return PackageManager.INSTALL_SUCCEEDED; 15267 } 15268 15269 /** 15270 * Called after the source arguments are copied. This is used mostly for 15271 * MoveParams when it needs to read the source file to put it in the 15272 * destination. 15273 */ 15274 int doPostCopy(int uid) { 15275 return PackageManager.INSTALL_SUCCEEDED; 15276 } 15277 15278 protected boolean isFwdLocked() { 15279 return (installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0; 15280 } 15281 15282 protected boolean isExternalAsec() { 15283 return (installFlags & PackageManager.INSTALL_EXTERNAL) != 0; 15284 } 15285 15286 protected boolean isEphemeral() { 15287 return (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; 15288 } 15289 15290 UserHandle getUser() { 15291 return user; 15292 } 15293 } 15294 15295 private void removeDexFiles(List<String> allCodePaths, String[] instructionSets) { 15296 if (!allCodePaths.isEmpty()) { 15297 if (instructionSets == null) { 15298 throw new IllegalStateException("instructionSet == null"); 15299 } 15300 String[] dexCodeInstructionSets = getDexCodeInstructionSets(instructionSets); 15301 for (String codePath : allCodePaths) { 15302 for (String dexCodeInstructionSet : dexCodeInstructionSets) { 15303 try { 15304 mInstaller.rmdex(codePath, dexCodeInstructionSet); 15305 } catch (InstallerException ignored) { 15306 } 15307 } 15308 } 15309 } 15310 } 15311 15312 /** 15313 * Logic to handle installation of non-ASEC applications, including copying 15314 * and renaming logic. 15315 */ 15316 class FileInstallArgs extends InstallArgs { 15317 private File codeFile; 15318 private File resourceFile; 15319 15320 // Example topology: 15321 // /data/app/com.example/base.apk 15322 // /data/app/com.example/split_foo.apk 15323 // /data/app/com.example/lib/arm/libfoo.so 15324 // /data/app/com.example/lib/arm64/libfoo.so 15325 // /data/app/com.example/dalvik/arm/base.apk@classes.dex 15326 15327 /** New install */ 15328 FileInstallArgs(InstallParams params) { 15329 super(params.origin, params.move, params.observer, params.installFlags, 15330 params.installerPackageName, params.volumeUuid, 15331 params.getUser(), null /*instructionSets*/, params.packageAbiOverride, 15332 params.grantedRuntimePermissions, 15333 params.traceMethod, params.traceCookie, params.certificates, 15334 params.installReason); 15335 if (isFwdLocked()) { 15336 throw new IllegalArgumentException("Forward locking only supported in ASEC"); 15337 } 15338 } 15339 15340 /** Existing install */ 15341 FileInstallArgs(String codePath, String resourcePath, String[] instructionSets) { 15342 super(OriginInfo.fromNothing(), null, null, 0, null, null, null, instructionSets, 15343 null, null, null, 0, null /*certificates*/, 15344 PackageManager.INSTALL_REASON_UNKNOWN); 15345 this.codeFile = (codePath != null) ? new File(codePath) : null; 15346 this.resourceFile = (resourcePath != null) ? new File(resourcePath) : null; 15347 } 15348 15349 int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException { 15350 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "copyApk"); 15351 try { 15352 return doCopyApk(imcs, temp); 15353 } finally { 15354 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 15355 } 15356 } 15357 15358 private int doCopyApk(IMediaContainerService imcs, boolean temp) throws RemoteException { 15359 if (origin.staged) { 15360 if (DEBUG_INSTALL) Slog.d(TAG, origin.file + " already staged; skipping copy"); 15361 codeFile = origin.file; 15362 resourceFile = origin.file; 15363 return PackageManager.INSTALL_SUCCEEDED; 15364 } 15365 15366 try { 15367 final boolean isEphemeral = (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; 15368 final File tempDir = 15369 mInstallerService.allocateStageDirLegacy(volumeUuid, isEphemeral); 15370 codeFile = tempDir; 15371 resourceFile = tempDir; 15372 } catch (IOException e) { 15373 Slog.w(TAG, "Failed to create copy file: " + e); 15374 return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; 15375 } 15376 15377 final IParcelFileDescriptorFactory target = new IParcelFileDescriptorFactory.Stub() { 15378 @Override 15379 public ParcelFileDescriptor open(String name, int mode) throws RemoteException { 15380 if (!FileUtils.isValidExtFilename(name)) { 15381 throw new IllegalArgumentException("Invalid filename: " + name); 15382 } 15383 try { 15384 final File file = new File(codeFile, name); 15385 final FileDescriptor fd = Os.open(file.getAbsolutePath(), 15386 O_RDWR | O_CREAT, 0644); 15387 Os.chmod(file.getAbsolutePath(), 0644); 15388 return new ParcelFileDescriptor(fd); 15389 } catch (ErrnoException e) { 15390 throw new RemoteException("Failed to open: " + e.getMessage()); 15391 } 15392 } 15393 }; 15394 15395 int ret = PackageManager.INSTALL_SUCCEEDED; 15396 ret = imcs.copyPackage(origin.file.getAbsolutePath(), target); 15397 if (ret != PackageManager.INSTALL_SUCCEEDED) { 15398 Slog.e(TAG, "Failed to copy package"); 15399 return ret; 15400 } 15401 15402 final File libraryRoot = new File(codeFile, LIB_DIR_NAME); 15403 NativeLibraryHelper.Handle handle = null; 15404 try { 15405 handle = NativeLibraryHelper.Handle.create(codeFile); 15406 ret = NativeLibraryHelper.copyNativeBinariesWithOverride(handle, libraryRoot, 15407 abiOverride); 15408 } catch (IOException e) { 15409 Slog.e(TAG, "Copying native libraries failed", e); 15410 ret = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; 15411 } finally { 15412 IoUtils.closeQuietly(handle); 15413 } 15414 15415 return ret; 15416 } 15417 15418 int doPreInstall(int status) { 15419 if (status != PackageManager.INSTALL_SUCCEEDED) { 15420 cleanUp(); 15421 } 15422 return status; 15423 } 15424 15425 boolean doRename(int status, PackageParser.Package pkg, String oldCodePath) { 15426 if (status != PackageManager.INSTALL_SUCCEEDED) { 15427 cleanUp(); 15428 return false; 15429 } 15430 15431 final File targetDir = codeFile.getParentFile(); 15432 final File beforeCodeFile = codeFile; 15433 final File afterCodeFile = getNextCodePath(targetDir, pkg.packageName); 15434 15435 if (DEBUG_INSTALL) Slog.d(TAG, "Renaming " + beforeCodeFile + " to " + afterCodeFile); 15436 try { 15437 Os.rename(beforeCodeFile.getAbsolutePath(), afterCodeFile.getAbsolutePath()); 15438 } catch (ErrnoException e) { 15439 Slog.w(TAG, "Failed to rename", e); 15440 return false; 15441 } 15442 15443 if (!SELinux.restoreconRecursive(afterCodeFile)) { 15444 Slog.w(TAG, "Failed to restorecon"); 15445 return false; 15446 } 15447 15448 // Reflect the rename internally 15449 codeFile = afterCodeFile; 15450 resourceFile = afterCodeFile; 15451 15452 // Reflect the rename in scanned details 15453 pkg.setCodePath(afterCodeFile.getAbsolutePath()); 15454 pkg.setBaseCodePath(FileUtils.rewriteAfterRename(beforeCodeFile, 15455 afterCodeFile, pkg.baseCodePath)); 15456 pkg.setSplitCodePaths(FileUtils.rewriteAfterRename(beforeCodeFile, 15457 afterCodeFile, pkg.splitCodePaths)); 15458 15459 // Reflect the rename in app info 15460 pkg.setApplicationVolumeUuid(pkg.volumeUuid); 15461 pkg.setApplicationInfoCodePath(pkg.codePath); 15462 pkg.setApplicationInfoBaseCodePath(pkg.baseCodePath); 15463 pkg.setApplicationInfoSplitCodePaths(pkg.splitCodePaths); 15464 pkg.setApplicationInfoResourcePath(pkg.codePath); 15465 pkg.setApplicationInfoBaseResourcePath(pkg.baseCodePath); 15466 pkg.setApplicationInfoSplitResourcePaths(pkg.splitCodePaths); 15467 15468 return true; 15469 } 15470 15471 int doPostInstall(int status, int uid) { 15472 if (status != PackageManager.INSTALL_SUCCEEDED) { 15473 cleanUp(); 15474 } 15475 return status; 15476 } 15477 15478 @Override 15479 String getCodePath() { 15480 return (codeFile != null) ? codeFile.getAbsolutePath() : null; 15481 } 15482 15483 @Override 15484 String getResourcePath() { 15485 return (resourceFile != null) ? resourceFile.getAbsolutePath() : null; 15486 } 15487 15488 private boolean cleanUp() { 15489 if (codeFile == null || !codeFile.exists()) { 15490 return false; 15491 } 15492 15493 removeCodePathLI(codeFile); 15494 15495 if (resourceFile != null && !FileUtils.contains(codeFile, resourceFile)) { 15496 resourceFile.delete(); 15497 } 15498 15499 return true; 15500 } 15501 15502 void cleanUpResourcesLI() { 15503 // Try enumerating all code paths before deleting 15504 List<String> allCodePaths = Collections.EMPTY_LIST; 15505 if (codeFile != null && codeFile.exists()) { 15506 try { 15507 final PackageLite pkg = PackageParser.parsePackageLite(codeFile, 0); 15508 allCodePaths = pkg.getAllCodePaths(); 15509 } catch (PackageParserException e) { 15510 // Ignored; we tried our best 15511 } 15512 } 15513 15514 cleanUp(); 15515 removeDexFiles(allCodePaths, instructionSets); 15516 } 15517 15518 boolean doPostDeleteLI(boolean delete) { 15519 // XXX err, shouldn't we respect the delete flag? 15520 cleanUpResourcesLI(); 15521 return true; 15522 } 15523 } 15524 15525 private boolean isAsecExternal(String cid) { 15526 final String asecPath = PackageHelper.getSdFilesystem(cid); 15527 return !asecPath.startsWith(mAsecInternalPath); 15528 } 15529 15530 private static void maybeThrowExceptionForMultiArchCopy(String message, int copyRet) throws 15531 PackageManagerException { 15532 if (copyRet < 0) { 15533 if (copyRet != PackageManager.NO_NATIVE_LIBRARIES && 15534 copyRet != PackageManager.INSTALL_FAILED_NO_MATCHING_ABIS) { 15535 throw new PackageManagerException(copyRet, message); 15536 } 15537 } 15538 } 15539 15540 /** 15541 * Extract the StorageManagerService "container ID" from the full code path of an 15542 * .apk. 15543 */ 15544 static String cidFromCodePath(String fullCodePath) { 15545 int eidx = fullCodePath.lastIndexOf("/"); 15546 String subStr1 = fullCodePath.substring(0, eidx); 15547 int sidx = subStr1.lastIndexOf("/"); 15548 return subStr1.substring(sidx+1, eidx); 15549 } 15550 15551 /** 15552 * Logic to handle installation of ASEC applications, including copying and 15553 * renaming logic. 15554 */ 15555 class AsecInstallArgs extends InstallArgs { 15556 static final String RES_FILE_NAME = "pkg.apk"; 15557 static final String PUBLIC_RES_FILE_NAME = "res.zip"; 15558 15559 String cid; 15560 String packagePath; 15561 String resourcePath; 15562 15563 /** New install */ 15564 AsecInstallArgs(InstallParams params) { 15565 super(params.origin, params.move, params.observer, params.installFlags, 15566 params.installerPackageName, params.volumeUuid, 15567 params.getUser(), null /* instruction sets */, params.packageAbiOverride, 15568 params.grantedRuntimePermissions, 15569 params.traceMethod, params.traceCookie, params.certificates, 15570 params.installReason); 15571 } 15572 15573 /** Existing install */ 15574 AsecInstallArgs(String fullCodePath, String[] instructionSets, 15575 boolean isExternal, boolean isForwardLocked) { 15576 super(OriginInfo.fromNothing(), null, null, (isExternal ? INSTALL_EXTERNAL : 0) 15577 | (isForwardLocked ? INSTALL_FORWARD_LOCK : 0), null, null, null, 15578 instructionSets, null, null, null, 0, null /*certificates*/, 15579 PackageManager.INSTALL_REASON_UNKNOWN); 15580 // Hackily pretend we're still looking at a full code path 15581 if (!fullCodePath.endsWith(RES_FILE_NAME)) { 15582 fullCodePath = new File(fullCodePath, RES_FILE_NAME).getAbsolutePath(); 15583 } 15584 15585 // Extract cid from fullCodePath 15586 int eidx = fullCodePath.lastIndexOf("/"); 15587 String subStr1 = fullCodePath.substring(0, eidx); 15588 int sidx = subStr1.lastIndexOf("/"); 15589 cid = subStr1.substring(sidx+1, eidx); 15590 setMountPath(subStr1); 15591 } 15592 15593 AsecInstallArgs(String cid, String[] instructionSets, boolean isForwardLocked) { 15594 super(OriginInfo.fromNothing(), null, null, (isAsecExternal(cid) ? INSTALL_EXTERNAL : 0) 15595 | (isForwardLocked ? INSTALL_FORWARD_LOCK : 0), null, null, null, 15596 instructionSets, null, null, null, 0, null /*certificates*/, 15597 PackageManager.INSTALL_REASON_UNKNOWN); 15598 this.cid = cid; 15599 setMountPath(PackageHelper.getSdDir(cid)); 15600 } 15601 15602 void createCopyFile() { 15603 cid = mInstallerService.allocateExternalStageCidLegacy(); 15604 } 15605 15606 int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException { 15607 if (origin.staged && origin.cid != null) { 15608 if (DEBUG_INSTALL) Slog.d(TAG, origin.cid + " already staged; skipping copy"); 15609 cid = origin.cid; 15610 setMountPath(PackageHelper.getSdDir(cid)); 15611 return PackageManager.INSTALL_SUCCEEDED; 15612 } 15613 15614 if (temp) { 15615 createCopyFile(); 15616 } else { 15617 /* 15618 * Pre-emptively destroy the container since it's destroyed if 15619 * copying fails due to it existing anyway. 15620 */ 15621 PackageHelper.destroySdDir(cid); 15622 } 15623 15624 final String newMountPath = imcs.copyPackageToContainer( 15625 origin.file.getAbsolutePath(), cid, getEncryptKey(), isExternalAsec(), 15626 isFwdLocked(), deriveAbiOverride(abiOverride, null /* settings */)); 15627 15628 if (newMountPath != null) { 15629 setMountPath(newMountPath); 15630 return PackageManager.INSTALL_SUCCEEDED; 15631 } else { 15632 return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 15633 } 15634 } 15635 15636 @Override 15637 String getCodePath() { 15638 return packagePath; 15639 } 15640 15641 @Override 15642 String getResourcePath() { 15643 return resourcePath; 15644 } 15645 15646 int doPreInstall(int status) { 15647 if (status != PackageManager.INSTALL_SUCCEEDED) { 15648 // Destroy container 15649 PackageHelper.destroySdDir(cid); 15650 } else { 15651 boolean mounted = PackageHelper.isContainerMounted(cid); 15652 if (!mounted) { 15653 String newMountPath = PackageHelper.mountSdDir(cid, getEncryptKey(), 15654 Process.SYSTEM_UID); 15655 if (newMountPath != null) { 15656 setMountPath(newMountPath); 15657 } else { 15658 return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 15659 } 15660 } 15661 } 15662 return status; 15663 } 15664 15665 boolean doRename(int status, PackageParser.Package pkg, String oldCodePath) { 15666 String newCacheId = getNextCodePath(oldCodePath, pkg.packageName, "/" + RES_FILE_NAME); 15667 String newMountPath = null; 15668 if (PackageHelper.isContainerMounted(cid)) { 15669 // Unmount the container 15670 if (!PackageHelper.unMountSdDir(cid)) { 15671 Slog.i(TAG, "Failed to unmount " + cid + " before renaming"); 15672 return false; 15673 } 15674 } 15675 if (!PackageHelper.renameSdDir(cid, newCacheId)) { 15676 Slog.e(TAG, "Failed to rename " + cid + " to " + newCacheId + 15677 " which might be stale. Will try to clean up."); 15678 // Clean up the stale container and proceed to recreate. 15679 if (!PackageHelper.destroySdDir(newCacheId)) { 15680 Slog.e(TAG, "Very strange. Cannot clean up stale container " + newCacheId); 15681 return false; 15682 } 15683 // Successfully cleaned up stale container. Try to rename again. 15684 if (!PackageHelper.renameSdDir(cid, newCacheId)) { 15685 Slog.e(TAG, "Failed to rename " + cid + " to " + newCacheId 15686 + " inspite of cleaning it up."); 15687 return false; 15688 } 15689 } 15690 if (!PackageHelper.isContainerMounted(newCacheId)) { 15691 Slog.w(TAG, "Mounting container " + newCacheId); 15692 newMountPath = PackageHelper.mountSdDir(newCacheId, 15693 getEncryptKey(), Process.SYSTEM_UID); 15694 } else { 15695 newMountPath = PackageHelper.getSdDir(newCacheId); 15696 } 15697 if (newMountPath == null) { 15698 Slog.w(TAG, "Failed to get cache path for " + newCacheId); 15699 return false; 15700 } 15701 Log.i(TAG, "Succesfully renamed " + cid + 15702 " to " + newCacheId + 15703 " at new path: " + newMountPath); 15704 cid = newCacheId; 15705 15706 final File beforeCodeFile = new File(packagePath); 15707 setMountPath(newMountPath); 15708 final File afterCodeFile = new File(packagePath); 15709 15710 // Reflect the rename in scanned details 15711 pkg.setCodePath(afterCodeFile.getAbsolutePath()); 15712 pkg.setBaseCodePath(FileUtils.rewriteAfterRename(beforeCodeFile, 15713 afterCodeFile, pkg.baseCodePath)); 15714 pkg.setSplitCodePaths(FileUtils.rewriteAfterRename(beforeCodeFile, 15715 afterCodeFile, pkg.splitCodePaths)); 15716 15717 // Reflect the rename in app info 15718 pkg.setApplicationVolumeUuid(pkg.volumeUuid); 15719 pkg.setApplicationInfoCodePath(pkg.codePath); 15720 pkg.setApplicationInfoBaseCodePath(pkg.baseCodePath); 15721 pkg.setApplicationInfoSplitCodePaths(pkg.splitCodePaths); 15722 pkg.setApplicationInfoResourcePath(pkg.codePath); 15723 pkg.setApplicationInfoBaseResourcePath(pkg.baseCodePath); 15724 pkg.setApplicationInfoSplitResourcePaths(pkg.splitCodePaths); 15725 15726 return true; 15727 } 15728 15729 private void setMountPath(String mountPath) { 15730 final File mountFile = new File(mountPath); 15731 15732 final File monolithicFile = new File(mountFile, RES_FILE_NAME); 15733 if (monolithicFile.exists()) { 15734 packagePath = monolithicFile.getAbsolutePath(); 15735 if (isFwdLocked()) { 15736 resourcePath = new File(mountFile, PUBLIC_RES_FILE_NAME).getAbsolutePath(); 15737 } else { 15738 resourcePath = packagePath; 15739 } 15740 } else { 15741 packagePath = mountFile.getAbsolutePath(); 15742 resourcePath = packagePath; 15743 } 15744 } 15745 15746 int doPostInstall(int status, int uid) { 15747 if (status != PackageManager.INSTALL_SUCCEEDED) { 15748 cleanUp(); 15749 } else { 15750 final int groupOwner; 15751 final String protectedFile; 15752 if (isFwdLocked()) { 15753 groupOwner = UserHandle.getSharedAppGid(uid); 15754 protectedFile = RES_FILE_NAME; 15755 } else { 15756 groupOwner = -1; 15757 protectedFile = null; 15758 } 15759 15760 if (uid < Process.FIRST_APPLICATION_UID 15761 || !PackageHelper.fixSdPermissions(cid, groupOwner, protectedFile)) { 15762 Slog.e(TAG, "Failed to finalize " + cid); 15763 PackageHelper.destroySdDir(cid); 15764 return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 15765 } 15766 15767 boolean mounted = PackageHelper.isContainerMounted(cid); 15768 if (!mounted) { 15769 PackageHelper.mountSdDir(cid, getEncryptKey(), Process.myUid()); 15770 } 15771 } 15772 return status; 15773 } 15774 15775 private void cleanUp() { 15776 if (DEBUG_SD_INSTALL) Slog.i(TAG, "cleanUp"); 15777 15778 // Destroy secure container 15779 PackageHelper.destroySdDir(cid); 15780 } 15781 15782 private List<String> getAllCodePaths() { 15783 final File codeFile = new File(getCodePath()); 15784 if (codeFile != null && codeFile.exists()) { 15785 try { 15786 final PackageLite pkg = PackageParser.parsePackageLite(codeFile, 0); 15787 return pkg.getAllCodePaths(); 15788 } catch (PackageParserException e) { 15789 // Ignored; we tried our best 15790 } 15791 } 15792 return Collections.EMPTY_LIST; 15793 } 15794 15795 void cleanUpResourcesLI() { 15796 // Enumerate all code paths before deleting 15797 cleanUpResourcesLI(getAllCodePaths()); 15798 } 15799 15800 private void cleanUpResourcesLI(List<String> allCodePaths) { 15801 cleanUp(); 15802 removeDexFiles(allCodePaths, instructionSets); 15803 } 15804 15805 String getPackageName() { 15806 return getAsecPackageName(cid); 15807 } 15808 15809 boolean doPostDeleteLI(boolean delete) { 15810 if (DEBUG_SD_INSTALL) Slog.i(TAG, "doPostDeleteLI() del=" + delete); 15811 final List<String> allCodePaths = getAllCodePaths(); 15812 boolean mounted = PackageHelper.isContainerMounted(cid); 15813 if (mounted) { 15814 // Unmount first 15815 if (PackageHelper.unMountSdDir(cid)) { 15816 mounted = false; 15817 } 15818 } 15819 if (!mounted && delete) { 15820 cleanUpResourcesLI(allCodePaths); 15821 } 15822 return !mounted; 15823 } 15824 15825 @Override 15826 int doPreCopy() { 15827 if (isFwdLocked()) { 15828 if (!PackageHelper.fixSdPermissions(cid, getPackageUid(DEFAULT_CONTAINER_PACKAGE, 15829 MATCH_SYSTEM_ONLY, UserHandle.USER_SYSTEM), RES_FILE_NAME)) { 15830 return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 15831 } 15832 } 15833 15834 return PackageManager.INSTALL_SUCCEEDED; 15835 } 15836 15837 @Override 15838 int doPostCopy(int uid) { 15839 if (isFwdLocked()) { 15840 if (uid < Process.FIRST_APPLICATION_UID 15841 || !PackageHelper.fixSdPermissions(cid, UserHandle.getSharedAppGid(uid), 15842 RES_FILE_NAME)) { 15843 Slog.e(TAG, "Failed to finalize " + cid); 15844 PackageHelper.destroySdDir(cid); 15845 return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 15846 } 15847 } 15848 15849 return PackageManager.INSTALL_SUCCEEDED; 15850 } 15851 } 15852 15853 /** 15854 * Logic to handle movement of existing installed applications. 15855 */ 15856 class MoveInstallArgs extends InstallArgs { 15857 private File codeFile; 15858 private File resourceFile; 15859 15860 /** New install */ 15861 MoveInstallArgs(InstallParams params) { 15862 super(params.origin, params.move, params.observer, params.installFlags, 15863 params.installerPackageName, params.volumeUuid, 15864 params.getUser(), null /* instruction sets */, params.packageAbiOverride, 15865 params.grantedRuntimePermissions, 15866 params.traceMethod, params.traceCookie, params.certificates, 15867 params.installReason); 15868 } 15869 15870 int copyApk(IMediaContainerService imcs, boolean temp) { 15871 if (DEBUG_INSTALL) Slog.d(TAG, "Moving " + move.packageName + " from " 15872 + move.fromUuid + " to " + move.toUuid); 15873 synchronized (mInstaller) { 15874 try { 15875 mInstaller.moveCompleteApp(move.fromUuid, move.toUuid, move.packageName, 15876 move.dataAppName, move.appId, move.seinfo, move.targetSdkVersion); 15877 } catch (InstallerException e) { 15878 Slog.w(TAG, "Failed to move app", e); 15879 return PackageManager.INSTALL_FAILED_INTERNAL_ERROR; 15880 } 15881 } 15882 15883 codeFile = new File(Environment.getDataAppDirectory(move.toUuid), move.dataAppName); 15884 resourceFile = codeFile; 15885 if (DEBUG_INSTALL) Slog.d(TAG, "codeFile after move is " + codeFile); 15886 15887 return PackageManager.INSTALL_SUCCEEDED; 15888 } 15889 15890 int doPreInstall(int status) { 15891 if (status != PackageManager.INSTALL_SUCCEEDED) { 15892 cleanUp(move.toUuid); 15893 } 15894 return status; 15895 } 15896 15897 boolean doRename(int status, PackageParser.Package pkg, String oldCodePath) { 15898 if (status != PackageManager.INSTALL_SUCCEEDED) { 15899 cleanUp(move.toUuid); 15900 return false; 15901 } 15902 15903 // Reflect the move in app info 15904 pkg.setApplicationVolumeUuid(pkg.volumeUuid); 15905 pkg.setApplicationInfoCodePath(pkg.codePath); 15906 pkg.setApplicationInfoBaseCodePath(pkg.baseCodePath); 15907 pkg.setApplicationInfoSplitCodePaths(pkg.splitCodePaths); 15908 pkg.setApplicationInfoResourcePath(pkg.codePath); 15909 pkg.setApplicationInfoBaseResourcePath(pkg.baseCodePath); 15910 pkg.setApplicationInfoSplitResourcePaths(pkg.splitCodePaths); 15911 15912 return true; 15913 } 15914 15915 int doPostInstall(int status, int uid) { 15916 if (status == PackageManager.INSTALL_SUCCEEDED) { 15917 cleanUp(move.fromUuid); 15918 } else { 15919 cleanUp(move.toUuid); 15920 } 15921 return status; 15922 } 15923 15924 @Override 15925 String getCodePath() { 15926 return (codeFile != null) ? codeFile.getAbsolutePath() : null; 15927 } 15928 15929 @Override 15930 String getResourcePath() { 15931 return (resourceFile != null) ? resourceFile.getAbsolutePath() : null; 15932 } 15933 15934 private boolean cleanUp(String volumeUuid) { 15935 final File codeFile = new File(Environment.getDataAppDirectory(volumeUuid), 15936 move.dataAppName); 15937 Slog.d(TAG, "Cleaning up " + move.packageName + " on " + volumeUuid); 15938 final int[] userIds = sUserManager.getUserIds(); 15939 synchronized (mInstallLock) { 15940 // Clean up both app data and code 15941 // All package moves are frozen until finished 15942 for (int userId : userIds) { 15943 try { 15944 mInstaller.destroyAppData(volumeUuid, move.packageName, userId, 15945 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE, 0); 15946 } catch (InstallerException e) { 15947 Slog.w(TAG, String.valueOf(e)); 15948 } 15949 } 15950 removeCodePathLI(codeFile); 15951 } 15952 return true; 15953 } 15954 15955 void cleanUpResourcesLI() { 15956 throw new UnsupportedOperationException(); 15957 } 15958 15959 boolean doPostDeleteLI(boolean delete) { 15960 throw new UnsupportedOperationException(); 15961 } 15962 } 15963 15964 static String getAsecPackageName(String packageCid) { 15965 int idx = packageCid.lastIndexOf("-"); 15966 if (idx == -1) { 15967 return packageCid; 15968 } 15969 return packageCid.substring(0, idx); 15970 } 15971 15972 // Utility method used to create code paths based on package name and available index. 15973 private static String getNextCodePath(String oldCodePath, String prefix, String suffix) { 15974 String idxStr = ""; 15975 int idx = 1; 15976 // Fall back to default value of idx=1 if prefix is not 15977 // part of oldCodePath 15978 if (oldCodePath != null) { 15979 String subStr = oldCodePath; 15980 // Drop the suffix right away 15981 if (suffix != null && subStr.endsWith(suffix)) { 15982 subStr = subStr.substring(0, subStr.length() - suffix.length()); 15983 } 15984 // If oldCodePath already contains prefix find out the 15985 // ending index to either increment or decrement. 15986 int sidx = subStr.lastIndexOf(prefix); 15987 if (sidx != -1) { 15988 subStr = subStr.substring(sidx + prefix.length()); 15989 if (subStr != null) { 15990 if (subStr.startsWith(INSTALL_PACKAGE_SUFFIX)) { 15991 subStr = subStr.substring(INSTALL_PACKAGE_SUFFIX.length()); 15992 } 15993 try { 15994 idx = Integer.parseInt(subStr); 15995 if (idx <= 1) { 15996 idx++; 15997 } else { 15998 idx--; 15999 } 16000 } catch(NumberFormatException e) { 16001 } 16002 } 16003 } 16004 } 16005 idxStr = INSTALL_PACKAGE_SUFFIX + Integer.toString(idx); 16006 return prefix + idxStr; 16007 } 16008 16009 private File getNextCodePath(File targetDir, String packageName) { 16010 File result; 16011 SecureRandom random = new SecureRandom(); 16012 byte[] bytes = new byte[16]; 16013 do { 16014 random.nextBytes(bytes); 16015 String suffix = Base64.encodeToString(bytes, Base64.URL_SAFE | Base64.NO_WRAP); 16016 result = new File(targetDir, packageName + "-" + suffix); 16017 } while (result.exists()); 16018 return result; 16019 } 16020 16021 // Utility method that returns the relative package path with respect 16022 // to the installation directory. Like say for /data/data/com.test-1.apk 16023 // string com.test-1 is returned. 16024 static String deriveCodePathName(String codePath) { 16025 if (codePath == null) { 16026 return null; 16027 } 16028 final File codeFile = new File(codePath); 16029 final String name = codeFile.getName(); 16030 if (codeFile.isDirectory()) { 16031 return name; 16032 } else if (name.endsWith(".apk") || name.endsWith(".tmp")) { 16033 final int lastDot = name.lastIndexOf('.'); 16034 return name.substring(0, lastDot); 16035 } else { 16036 Slog.w(TAG, "Odd, " + codePath + " doesn't look like an APK"); 16037 return null; 16038 } 16039 } 16040 16041 static class PackageInstalledInfo { 16042 String name; 16043 int uid; 16044 // The set of users that originally had this package installed. 16045 int[] origUsers; 16046 // The set of users that now have this package installed. 16047 int[] newUsers; 16048 PackageParser.Package pkg; 16049 int returnCode; 16050 String returnMsg; 16051 PackageRemovedInfo removedInfo; 16052 ArrayMap<String, PackageInstalledInfo> addedChildPackages; 16053 16054 public void setError(int code, String msg) { 16055 setReturnCode(code); 16056 setReturnMessage(msg); 16057 Slog.w(TAG, msg); 16058 } 16059 16060 public void setError(String msg, PackageParserException e) { 16061 setReturnCode(e.error); 16062 setReturnMessage(ExceptionUtils.getCompleteMessage(msg, e)); 16063 Slog.w(TAG, msg, e); 16064 } 16065 16066 public void setError(String msg, PackageManagerException e) { 16067 returnCode = e.error; 16068 setReturnMessage(ExceptionUtils.getCompleteMessage(msg, e)); 16069 Slog.w(TAG, msg, e); 16070 } 16071 16072 public void setReturnCode(int returnCode) { 16073 this.returnCode = returnCode; 16074 final int childCount = (addedChildPackages != null) ? addedChildPackages.size() : 0; 16075 for (int i = 0; i < childCount; i++) { 16076 addedChildPackages.valueAt(i).returnCode = returnCode; 16077 } 16078 } 16079 16080 private void setReturnMessage(String returnMsg) { 16081 this.returnMsg = returnMsg; 16082 final int childCount = (addedChildPackages != null) ? addedChildPackages.size() : 0; 16083 for (int i = 0; i < childCount; i++) { 16084 addedChildPackages.valueAt(i).returnMsg = returnMsg; 16085 } 16086 } 16087 16088 // In some error cases we want to convey more info back to the observer 16089 String origPackage; 16090 String origPermission; 16091 } 16092 16093 /* 16094 * Install a non-existing package. 16095 */ 16096 private void installNewPackageLIF(PackageParser.Package pkg, final int policyFlags, 16097 int scanFlags, UserHandle user, String installerPackageName, String volumeUuid, 16098 PackageInstalledInfo res, int installReason) { 16099 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "installNewPackage"); 16100 16101 // Remember this for later, in case we need to rollback this install 16102 String pkgName = pkg.packageName; 16103 16104 if (DEBUG_INSTALL) Slog.d(TAG, "installNewPackageLI: " + pkg); 16105 16106 synchronized(mPackages) { 16107 final String renamedPackage = mSettings.getRenamedPackageLPr(pkgName); 16108 if (renamedPackage != null) { 16109 // A package with the same name is already installed, though 16110 // it has been renamed to an older name. The package we 16111 // are trying to install should be installed as an update to 16112 // the existing one, but that has not been requested, so bail. 16113 res.setError(INSTALL_FAILED_ALREADY_EXISTS, "Attempt to re-install " + pkgName 16114 + " without first uninstalling package running as " 16115 + renamedPackage); 16116 return; 16117 } 16118 if (mPackages.containsKey(pkgName)) { 16119 // Don't allow installation over an existing package with the same name. 16120 res.setError(INSTALL_FAILED_ALREADY_EXISTS, "Attempt to re-install " + pkgName 16121 + " without first uninstalling."); 16122 return; 16123 } 16124 } 16125 16126 try { 16127 PackageParser.Package newPackage = scanPackageTracedLI(pkg, policyFlags, scanFlags, 16128 System.currentTimeMillis(), user); 16129 16130 updateSettingsLI(newPackage, installerPackageName, null, res, user, installReason); 16131 16132 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { 16133 prepareAppDataAfterInstallLIF(newPackage); 16134 16135 } else { 16136 // Remove package from internal structures, but keep around any 16137 // data that might have already existed 16138 deletePackageLIF(pkgName, UserHandle.ALL, false, null, 16139 PackageManager.DELETE_KEEP_DATA, res.removedInfo, true, null); 16140 } 16141 } catch (PackageManagerException e) { 16142 res.setError("Package couldn't be installed in " + pkg.codePath, e); 16143 } 16144 16145 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16146 } 16147 16148 private boolean shouldCheckUpgradeKeySetLP(PackageSetting oldPs, int scanFlags) { 16149 // Can't rotate keys during boot or if sharedUser. 16150 if (oldPs == null || (scanFlags&SCAN_INITIAL) != 0 || oldPs.sharedUser != null 16151 || !oldPs.keySetData.isUsingUpgradeKeySets()) { 16152 return false; 16153 } 16154 // app is using upgradeKeySets; make sure all are valid 16155 KeySetManagerService ksms = mSettings.mKeySetManagerService; 16156 long[] upgradeKeySets = oldPs.keySetData.getUpgradeKeySets(); 16157 for (int i = 0; i < upgradeKeySets.length; i++) { 16158 if (!ksms.isIdValidKeySetId(upgradeKeySets[i])) { 16159 Slog.wtf(TAG, "Package " 16160 + (oldPs.name != null ? oldPs.name : "<null>") 16161 + " contains upgrade-key-set reference to unknown key-set: " 16162 + upgradeKeySets[i] 16163 + " reverting to signatures check."); 16164 return false; 16165 } 16166 } 16167 return true; 16168 } 16169 16170 private boolean checkUpgradeKeySetLP(PackageSetting oldPS, PackageParser.Package newPkg) { 16171 // Upgrade keysets are being used. Determine if new package has a superset of the 16172 // required keys. 16173 long[] upgradeKeySets = oldPS.keySetData.getUpgradeKeySets(); 16174 KeySetManagerService ksms = mSettings.mKeySetManagerService; 16175 for (int i = 0; i < upgradeKeySets.length; i++) { 16176 Set<PublicKey> upgradeSet = ksms.getPublicKeysFromKeySetLPr(upgradeKeySets[i]); 16177 if (upgradeSet != null && newPkg.mSigningKeys.containsAll(upgradeSet)) { 16178 return true; 16179 } 16180 } 16181 return false; 16182 } 16183 16184 private static void updateDigest(MessageDigest digest, File file) throws IOException { 16185 try (DigestInputStream digestStream = 16186 new DigestInputStream(new FileInputStream(file), digest)) { 16187 while (digestStream.read() != -1) {} // nothing to do; just plow through the file 16188 } 16189 } 16190 16191 private void replacePackageLIF(PackageParser.Package pkg, final int policyFlags, int scanFlags, 16192 UserHandle user, String installerPackageName, PackageInstalledInfo res, 16193 int installReason) { 16194 final boolean isInstantApp = (scanFlags & SCAN_AS_INSTANT_APP) != 0; 16195 16196 final PackageParser.Package oldPackage; 16197 final PackageSetting ps; 16198 final String pkgName = pkg.packageName; 16199 final int[] allUsers; 16200 final int[] installedUsers; 16201 16202 synchronized(mPackages) { 16203 oldPackage = mPackages.get(pkgName); 16204 if (DEBUG_INSTALL) Slog.d(TAG, "replacePackageLI: new=" + pkg + ", old=" + oldPackage); 16205 16206 // don't allow upgrade to target a release SDK from a pre-release SDK 16207 final boolean oldTargetsPreRelease = oldPackage.applicationInfo.targetSdkVersion 16208 == android.os.Build.VERSION_CODES.CUR_DEVELOPMENT; 16209 final boolean newTargetsPreRelease = pkg.applicationInfo.targetSdkVersion 16210 == android.os.Build.VERSION_CODES.CUR_DEVELOPMENT; 16211 if (oldTargetsPreRelease 16212 && !newTargetsPreRelease 16213 && ((policyFlags & PackageParser.PARSE_FORCE_SDK) == 0)) { 16214 Slog.w(TAG, "Can't install package targeting released sdk"); 16215 res.setReturnCode(PackageManager.INSTALL_FAILED_UPDATE_INCOMPATIBLE); 16216 return; 16217 } 16218 16219 ps = mSettings.mPackages.get(pkgName); 16220 16221 // verify signatures are valid 16222 if (shouldCheckUpgradeKeySetLP(ps, scanFlags)) { 16223 if (!checkUpgradeKeySetLP(ps, pkg)) { 16224 res.setError(INSTALL_FAILED_UPDATE_INCOMPATIBLE, 16225 "New package not signed by keys specified by upgrade-keysets: " 16226 + pkgName); 16227 return; 16228 } 16229 } else { 16230 // default to original signature matching 16231 if (compareSignatures(oldPackage.mSignatures, pkg.mSignatures) 16232 != PackageManager.SIGNATURE_MATCH) { 16233 res.setError(INSTALL_FAILED_UPDATE_INCOMPATIBLE, 16234 "New package has a different signature: " + pkgName); 16235 return; 16236 } 16237 } 16238 16239 // don't allow a system upgrade unless the upgrade hash matches 16240 if (oldPackage.restrictUpdateHash != null && oldPackage.isSystemApp()) { 16241 byte[] digestBytes = null; 16242 try { 16243 final MessageDigest digest = MessageDigest.getInstance("SHA-512"); 16244 updateDigest(digest, new File(pkg.baseCodePath)); 16245 if (!ArrayUtils.isEmpty(pkg.splitCodePaths)) { 16246 for (String path : pkg.splitCodePaths) { 16247 updateDigest(digest, new File(path)); 16248 } 16249 } 16250 digestBytes = digest.digest(); 16251 } catch (NoSuchAlgorithmException | IOException e) { 16252 res.setError(INSTALL_FAILED_INVALID_APK, 16253 "Could not compute hash: " + pkgName); 16254 return; 16255 } 16256 if (!Arrays.equals(oldPackage.restrictUpdateHash, digestBytes)) { 16257 res.setError(INSTALL_FAILED_INVALID_APK, 16258 "New package fails restrict-update check: " + pkgName); 16259 return; 16260 } 16261 // retain upgrade restriction 16262 pkg.restrictUpdateHash = oldPackage.restrictUpdateHash; 16263 } 16264 16265 // Check for shared user id changes 16266 String invalidPackageName = 16267 getParentOrChildPackageChangedSharedUser(oldPackage, pkg); 16268 if (invalidPackageName != null) { 16269 res.setError(INSTALL_FAILED_SHARED_USER_INCOMPATIBLE, 16270 "Package " + invalidPackageName + " tried to change user " 16271 + oldPackage.mSharedUserId); 16272 return; 16273 } 16274 16275 // In case of rollback, remember per-user/profile install state 16276 allUsers = sUserManager.getUserIds(); 16277 installedUsers = ps.queryInstalledUsers(allUsers, true); 16278 16279 // don't allow an upgrade from full to ephemeral 16280 if (isInstantApp) { 16281 if (user == null || user.getIdentifier() == UserHandle.USER_ALL) { 16282 for (int currentUser : allUsers) { 16283 if (!ps.getInstantApp(currentUser)) { 16284 // can't downgrade from full to instant 16285 Slog.w(TAG, "Can't replace full app with instant app: " + pkgName 16286 + " for user: " + currentUser); 16287 res.setReturnCode(PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID); 16288 return; 16289 } 16290 } 16291 } else if (!ps.getInstantApp(user.getIdentifier())) { 16292 // can't downgrade from full to instant 16293 Slog.w(TAG, "Can't replace full app with instant app: " + pkgName 16294 + " for user: " + user.getIdentifier()); 16295 res.setReturnCode(PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID); 16296 return; 16297 } 16298 } 16299 } 16300 16301 // Update what is removed 16302 res.removedInfo = new PackageRemovedInfo(this); 16303 res.removedInfo.uid = oldPackage.applicationInfo.uid; 16304 res.removedInfo.removedPackage = oldPackage.packageName; 16305 res.removedInfo.installerPackageName = ps.installerPackageName; 16306 res.removedInfo.isStaticSharedLib = pkg.staticSharedLibName != null; 16307 res.removedInfo.isUpdate = true; 16308 res.removedInfo.origUsers = installedUsers; 16309 res.removedInfo.installReasons = new SparseArray<>(installedUsers.length); 16310 for (int i = 0; i < installedUsers.length; i++) { 16311 final int userId = installedUsers[i]; 16312 res.removedInfo.installReasons.put(userId, ps.getInstallReason(userId)); 16313 } 16314 16315 final int childCount = (oldPackage.childPackages != null) 16316 ? oldPackage.childPackages.size() : 0; 16317 for (int i = 0; i < childCount; i++) { 16318 boolean childPackageUpdated = false; 16319 PackageParser.Package childPkg = oldPackage.childPackages.get(i); 16320 final PackageSetting childPs = mSettings.getPackageLPr(childPkg.packageName); 16321 if (res.addedChildPackages != null) { 16322 PackageInstalledInfo childRes = res.addedChildPackages.get(childPkg.packageName); 16323 if (childRes != null) { 16324 childRes.removedInfo.uid = childPkg.applicationInfo.uid; 16325 childRes.removedInfo.removedPackage = childPkg.packageName; 16326 if (childPs != null) { 16327 childRes.removedInfo.installerPackageName = childPs.installerPackageName; 16328 } 16329 childRes.removedInfo.isUpdate = true; 16330 childRes.removedInfo.installReasons = res.removedInfo.installReasons; 16331 childPackageUpdated = true; 16332 } 16333 } 16334 if (!childPackageUpdated) { 16335 PackageRemovedInfo childRemovedRes = new PackageRemovedInfo(this); 16336 childRemovedRes.removedPackage = childPkg.packageName; 16337 if (childPs != null) { 16338 childRemovedRes.installerPackageName = childPs.installerPackageName; 16339 } 16340 childRemovedRes.isUpdate = false; 16341 childRemovedRes.dataRemoved = true; 16342 synchronized (mPackages) { 16343 if (childPs != null) { 16344 childRemovedRes.origUsers = childPs.queryInstalledUsers(allUsers, true); 16345 } 16346 } 16347 if (res.removedInfo.removedChildPackages == null) { 16348 res.removedInfo.removedChildPackages = new ArrayMap<>(); 16349 } 16350 res.removedInfo.removedChildPackages.put(childPkg.packageName, childRemovedRes); 16351 } 16352 } 16353 16354 boolean sysPkg = (isSystemApp(oldPackage)); 16355 if (sysPkg) { 16356 // Set the system/privileged flags as needed 16357 final boolean privileged = 16358 (oldPackage.applicationInfo.privateFlags 16359 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; 16360 final int systemPolicyFlags = policyFlags 16361 | PackageParser.PARSE_IS_SYSTEM 16362 | (privileged ? PackageParser.PARSE_IS_PRIVILEGED : 0); 16363 16364 replaceSystemPackageLIF(oldPackage, pkg, systemPolicyFlags, scanFlags, 16365 user, allUsers, installerPackageName, res, installReason); 16366 } else { 16367 replaceNonSystemPackageLIF(oldPackage, pkg, policyFlags, scanFlags, 16368 user, allUsers, installerPackageName, res, installReason); 16369 } 16370 } 16371 16372 public List<String> getPreviousCodePaths(String packageName) { 16373 final PackageSetting ps = mSettings.mPackages.get(packageName); 16374 final List<String> result = new ArrayList<String>(); 16375 if (ps != null && ps.oldCodePaths != null) { 16376 result.addAll(ps.oldCodePaths); 16377 } 16378 return result; 16379 } 16380 16381 private void replaceNonSystemPackageLIF(PackageParser.Package deletedPackage, 16382 PackageParser.Package pkg, final int policyFlags, int scanFlags, UserHandle user, 16383 int[] allUsers, String installerPackageName, PackageInstalledInfo res, 16384 int installReason) { 16385 if (DEBUG_INSTALL) Slog.d(TAG, "replaceNonSystemPackageLI: new=" + pkg + ", old=" 16386 + deletedPackage); 16387 16388 String pkgName = deletedPackage.packageName; 16389 boolean deletedPkg = true; 16390 boolean addedPkg = false; 16391 boolean updatedSettings = false; 16392 final boolean killApp = (scanFlags & SCAN_DONT_KILL_APP) == 0; 16393 final int deleteFlags = PackageManager.DELETE_KEEP_DATA 16394 | (killApp ? 0 : PackageManager.DELETE_DONT_KILL_APP); 16395 16396 final long origUpdateTime = (pkg.mExtras != null) 16397 ? ((PackageSetting)pkg.mExtras).lastUpdateTime : 0; 16398 16399 // First delete the existing package while retaining the data directory 16400 if (!deletePackageLIF(pkgName, null, true, allUsers, deleteFlags, 16401 res.removedInfo, true, pkg)) { 16402 // If the existing package wasn't successfully deleted 16403 res.setError(INSTALL_FAILED_REPLACE_COULDNT_DELETE, "replaceNonSystemPackageLI"); 16404 deletedPkg = false; 16405 } else { 16406 // Successfully deleted the old package; proceed with replace. 16407 16408 // If deleted package lived in a container, give users a chance to 16409 // relinquish resources before killing. 16410 if (deletedPackage.isForwardLocked() || isExternal(deletedPackage)) { 16411 if (DEBUG_INSTALL) { 16412 Slog.i(TAG, "upgrading pkg " + deletedPackage + " is ASEC-hosted -> UNAVAILABLE"); 16413 } 16414 final int[] uidArray = new int[] { deletedPackage.applicationInfo.uid }; 16415 final ArrayList<String> pkgList = new ArrayList<String>(1); 16416 pkgList.add(deletedPackage.applicationInfo.packageName); 16417 sendResourcesChangedBroadcast(false, true, pkgList, uidArray, null); 16418 } 16419 16420 clearAppDataLIF(pkg, UserHandle.USER_ALL, StorageManager.FLAG_STORAGE_DE 16421 | StorageManager.FLAG_STORAGE_CE | Installer.FLAG_CLEAR_CODE_CACHE_ONLY); 16422 clearAppProfilesLIF(deletedPackage, UserHandle.USER_ALL); 16423 16424 try { 16425 final PackageParser.Package newPackage = scanPackageTracedLI(pkg, policyFlags, 16426 scanFlags | SCAN_UPDATE_TIME, System.currentTimeMillis(), user); 16427 updateSettingsLI(newPackage, installerPackageName, allUsers, res, user, 16428 installReason); 16429 16430 // Update the in-memory copy of the previous code paths. 16431 PackageSetting ps = mSettings.mPackages.get(pkgName); 16432 if (!killApp) { 16433 if (ps.oldCodePaths == null) { 16434 ps.oldCodePaths = new ArraySet<>(); 16435 } 16436 Collections.addAll(ps.oldCodePaths, deletedPackage.baseCodePath); 16437 if (deletedPackage.splitCodePaths != null) { 16438 Collections.addAll(ps.oldCodePaths, deletedPackage.splitCodePaths); 16439 } 16440 } else { 16441 ps.oldCodePaths = null; 16442 } 16443 if (ps.childPackageNames != null) { 16444 for (int i = ps.childPackageNames.size() - 1; i >= 0; --i) { 16445 final String childPkgName = ps.childPackageNames.get(i); 16446 final PackageSetting childPs = mSettings.mPackages.get(childPkgName); 16447 childPs.oldCodePaths = ps.oldCodePaths; 16448 } 16449 } 16450 // set instant app status, but, only if it's explicitly specified 16451 final boolean instantApp = (scanFlags & SCAN_AS_INSTANT_APP) != 0; 16452 final boolean fullApp = (scanFlags & SCAN_AS_FULL_APP) != 0; 16453 setInstantAppForUser(ps, user.getIdentifier(), instantApp, fullApp); 16454 prepareAppDataAfterInstallLIF(newPackage); 16455 addedPkg = true; 16456 mDexManager.notifyPackageUpdated(newPackage.packageName, 16457 newPackage.baseCodePath, newPackage.splitCodePaths); 16458 } catch (PackageManagerException e) { 16459 res.setError("Package couldn't be installed in " + pkg.codePath, e); 16460 } 16461 } 16462 16463 if (res.returnCode != PackageManager.INSTALL_SUCCEEDED) { 16464 if (DEBUG_INSTALL) Slog.d(TAG, "Install failed, rolling pack: " + pkgName); 16465 16466 // Revert all internal state mutations and added folders for the failed install 16467 if (addedPkg) { 16468 deletePackageLIF(pkgName, null, true, allUsers, deleteFlags, 16469 res.removedInfo, true, null); 16470 } 16471 16472 // Restore the old package 16473 if (deletedPkg) { 16474 if (DEBUG_INSTALL) Slog.d(TAG, "Install failed, reinstalling: " + deletedPackage); 16475 File restoreFile = new File(deletedPackage.codePath); 16476 // Parse old package 16477 boolean oldExternal = isExternal(deletedPackage); 16478 int oldParseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY | 16479 (deletedPackage.isForwardLocked() ? PackageParser.PARSE_FORWARD_LOCK : 0) | 16480 (oldExternal ? PackageParser.PARSE_EXTERNAL_STORAGE : 0); 16481 int oldScanFlags = SCAN_UPDATE_SIGNATURE | SCAN_UPDATE_TIME; 16482 try { 16483 scanPackageTracedLI(restoreFile, oldParseFlags, oldScanFlags, origUpdateTime, 16484 null); 16485 } catch (PackageManagerException e) { 16486 Slog.e(TAG, "Failed to restore package : " + pkgName + " after failed upgrade: " 16487 + e.getMessage()); 16488 return; 16489 } 16490 16491 synchronized (mPackages) { 16492 // Ensure the installer package name up to date 16493 setInstallerPackageNameLPw(deletedPackage, installerPackageName); 16494 16495 // Update permissions for restored package 16496 updatePermissionsLPw(deletedPackage, UPDATE_PERMISSIONS_ALL); 16497 16498 mSettings.writeLPr(); 16499 } 16500 16501 Slog.i(TAG, "Successfully restored package : " + pkgName + " after failed upgrade"); 16502 } 16503 } else { 16504 synchronized (mPackages) { 16505 PackageSetting ps = mSettings.getPackageLPr(pkg.packageName); 16506 if (ps != null) { 16507 res.removedInfo.removedForAllUsers = mPackages.get(ps.name) == null; 16508 if (res.removedInfo.removedChildPackages != null) { 16509 final int childCount = res.removedInfo.removedChildPackages.size(); 16510 // Iterate in reverse as we may modify the collection 16511 for (int i = childCount - 1; i >= 0; i--) { 16512 String childPackageName = res.removedInfo.removedChildPackages.keyAt(i); 16513 if (res.addedChildPackages.containsKey(childPackageName)) { 16514 res.removedInfo.removedChildPackages.removeAt(i); 16515 } else { 16516 PackageRemovedInfo childInfo = res.removedInfo 16517 .removedChildPackages.valueAt(i); 16518 childInfo.removedForAllUsers = mPackages.get( 16519 childInfo.removedPackage) == null; 16520 } 16521 } 16522 } 16523 } 16524 } 16525 } 16526 } 16527 16528 private void replaceSystemPackageLIF(PackageParser.Package deletedPackage, 16529 PackageParser.Package pkg, final int policyFlags, int scanFlags, UserHandle user, 16530 int[] allUsers, String installerPackageName, PackageInstalledInfo res, 16531 int installReason) { 16532 if (DEBUG_INSTALL) Slog.d(TAG, "replaceSystemPackageLI: new=" + pkg 16533 + ", old=" + deletedPackage); 16534 16535 final boolean disabledSystem; 16536 16537 // Remove existing system package 16538 removePackageLI(deletedPackage, true); 16539 16540 synchronized (mPackages) { 16541 disabledSystem = disableSystemPackageLPw(deletedPackage, pkg); 16542 } 16543 if (!disabledSystem) { 16544 // We didn't need to disable the .apk as a current system package, 16545 // which means we are replacing another update that is already 16546 // installed. We need to make sure to delete the older one's .apk. 16547 res.removedInfo.args = createInstallArgsForExisting(0, 16548 deletedPackage.applicationInfo.getCodePath(), 16549 deletedPackage.applicationInfo.getResourcePath(), 16550 getAppDexInstructionSets(deletedPackage.applicationInfo)); 16551 } else { 16552 res.removedInfo.args = null; 16553 } 16554 16555 // Successfully disabled the old package. Now proceed with re-installation 16556 clearAppDataLIF(pkg, UserHandle.USER_ALL, StorageManager.FLAG_STORAGE_DE 16557 | StorageManager.FLAG_STORAGE_CE | Installer.FLAG_CLEAR_CODE_CACHE_ONLY); 16558 clearAppProfilesLIF(deletedPackage, UserHandle.USER_ALL); 16559 16560 res.setReturnCode(PackageManager.INSTALL_SUCCEEDED); 16561 pkg.setApplicationInfoFlags(ApplicationInfo.FLAG_UPDATED_SYSTEM_APP, 16562 ApplicationInfo.FLAG_UPDATED_SYSTEM_APP); 16563 16564 PackageParser.Package newPackage = null; 16565 try { 16566 // Add the package to the internal data structures 16567 newPackage = scanPackageTracedLI(pkg, policyFlags, scanFlags, 0, user); 16568 16569 // Set the update and install times 16570 PackageSetting deletedPkgSetting = (PackageSetting) deletedPackage.mExtras; 16571 setInstallAndUpdateTime(newPackage, deletedPkgSetting.firstInstallTime, 16572 System.currentTimeMillis()); 16573 16574 // Update the package dynamic state if succeeded 16575 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { 16576 // Now that the install succeeded make sure we remove data 16577 // directories for any child package the update removed. 16578 final int deletedChildCount = (deletedPackage.childPackages != null) 16579 ? deletedPackage.childPackages.size() : 0; 16580 final int newChildCount = (newPackage.childPackages != null) 16581 ? newPackage.childPackages.size() : 0; 16582 for (int i = 0; i < deletedChildCount; i++) { 16583 PackageParser.Package deletedChildPkg = deletedPackage.childPackages.get(i); 16584 boolean childPackageDeleted = true; 16585 for (int j = 0; j < newChildCount; j++) { 16586 PackageParser.Package newChildPkg = newPackage.childPackages.get(j); 16587 if (deletedChildPkg.packageName.equals(newChildPkg.packageName)) { 16588 childPackageDeleted = false; 16589 break; 16590 } 16591 } 16592 if (childPackageDeleted) { 16593 PackageSetting ps = mSettings.getDisabledSystemPkgLPr( 16594 deletedChildPkg.packageName); 16595 if (ps != null && res.removedInfo.removedChildPackages != null) { 16596 PackageRemovedInfo removedChildRes = res.removedInfo 16597 .removedChildPackages.get(deletedChildPkg.packageName); 16598 removePackageDataLIF(ps, allUsers, removedChildRes, 0, false); 16599 removedChildRes.removedForAllUsers = mPackages.get(ps.name) == null; 16600 } 16601 } 16602 } 16603 16604 updateSettingsLI(newPackage, installerPackageName, allUsers, res, user, 16605 installReason); 16606 prepareAppDataAfterInstallLIF(newPackage); 16607 16608 mDexManager.notifyPackageUpdated(newPackage.packageName, 16609 newPackage.baseCodePath, newPackage.splitCodePaths); 16610 } 16611 } catch (PackageManagerException e) { 16612 res.setReturnCode(INSTALL_FAILED_INTERNAL_ERROR); 16613 res.setError("Package couldn't be installed in " + pkg.codePath, e); 16614 } 16615 16616 if (res.returnCode != PackageManager.INSTALL_SUCCEEDED) { 16617 // Re installation failed. Restore old information 16618 // Remove new pkg information 16619 if (newPackage != null) { 16620 removeInstalledPackageLI(newPackage, true); 16621 } 16622 // Add back the old system package 16623 try { 16624 scanPackageTracedLI(deletedPackage, policyFlags, SCAN_UPDATE_SIGNATURE, 0, user); 16625 } catch (PackageManagerException e) { 16626 Slog.e(TAG, "Failed to restore original package: " + e.getMessage()); 16627 } 16628 16629 synchronized (mPackages) { 16630 if (disabledSystem) { 16631 enableSystemPackageLPw(deletedPackage); 16632 } 16633 16634 // Ensure the installer package name up to date 16635 setInstallerPackageNameLPw(deletedPackage, installerPackageName); 16636 16637 // Update permissions for restored package 16638 updatePermissionsLPw(deletedPackage, UPDATE_PERMISSIONS_ALL); 16639 16640 mSettings.writeLPr(); 16641 } 16642 16643 Slog.i(TAG, "Successfully restored package : " + deletedPackage.packageName 16644 + " after failed upgrade"); 16645 } 16646 } 16647 16648 /** 16649 * Checks whether the parent or any of the child packages have a change shared 16650 * user. For a package to be a valid update the shred users of the parent and 16651 * the children should match. We may later support changing child shared users. 16652 * @param oldPkg The updated package. 16653 * @param newPkg The update package. 16654 * @return The shared user that change between the versions. 16655 */ 16656 private String getParentOrChildPackageChangedSharedUser(PackageParser.Package oldPkg, 16657 PackageParser.Package newPkg) { 16658 // Check parent shared user 16659 if (!Objects.equals(oldPkg.mSharedUserId, newPkg.mSharedUserId)) { 16660 return newPkg.packageName; 16661 } 16662 // Check child shared users 16663 final int oldChildCount = (oldPkg.childPackages != null) ? oldPkg.childPackages.size() : 0; 16664 final int newChildCount = (newPkg.childPackages != null) ? newPkg.childPackages.size() : 0; 16665 for (int i = 0; i < newChildCount; i++) { 16666 PackageParser.Package newChildPkg = newPkg.childPackages.get(i); 16667 // If this child was present, did it have the same shared user? 16668 for (int j = 0; j < oldChildCount; j++) { 16669 PackageParser.Package oldChildPkg = oldPkg.childPackages.get(j); 16670 if (newChildPkg.packageName.equals(oldChildPkg.packageName) 16671 && !Objects.equals(newChildPkg.mSharedUserId, oldChildPkg.mSharedUserId)) { 16672 return newChildPkg.packageName; 16673 } 16674 } 16675 } 16676 return null; 16677 } 16678 16679 private void removeNativeBinariesLI(PackageSetting ps) { 16680 // Remove the lib path for the parent package 16681 if (ps != null) { 16682 NativeLibraryHelper.removeNativeBinariesLI(ps.legacyNativeLibraryPathString); 16683 // Remove the lib path for the child packages 16684 final int childCount = (ps.childPackageNames != null) ? ps.childPackageNames.size() : 0; 16685 for (int i = 0; i < childCount; i++) { 16686 PackageSetting childPs = null; 16687 synchronized (mPackages) { 16688 childPs = mSettings.getPackageLPr(ps.childPackageNames.get(i)); 16689 } 16690 if (childPs != null) { 16691 NativeLibraryHelper.removeNativeBinariesLI(childPs 16692 .legacyNativeLibraryPathString); 16693 } 16694 } 16695 } 16696 } 16697 16698 private void enableSystemPackageLPw(PackageParser.Package pkg) { 16699 // Enable the parent package 16700 mSettings.enableSystemPackageLPw(pkg.packageName); 16701 // Enable the child packages 16702 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 16703 for (int i = 0; i < childCount; i++) { 16704 PackageParser.Package childPkg = pkg.childPackages.get(i); 16705 mSettings.enableSystemPackageLPw(childPkg.packageName); 16706 } 16707 } 16708 16709 private boolean disableSystemPackageLPw(PackageParser.Package oldPkg, 16710 PackageParser.Package newPkg) { 16711 // Disable the parent package (parent always replaced) 16712 boolean disabled = mSettings.disableSystemPackageLPw(oldPkg.packageName, true); 16713 // Disable the child packages 16714 final int childCount = (oldPkg.childPackages != null) ? oldPkg.childPackages.size() : 0; 16715 for (int i = 0; i < childCount; i++) { 16716 PackageParser.Package childPkg = oldPkg.childPackages.get(i); 16717 final boolean replace = newPkg.hasChildPackage(childPkg.packageName); 16718 disabled |= mSettings.disableSystemPackageLPw(childPkg.packageName, replace); 16719 } 16720 return disabled; 16721 } 16722 16723 private void setInstallerPackageNameLPw(PackageParser.Package pkg, 16724 String installerPackageName) { 16725 // Enable the parent package 16726 mSettings.setInstallerPackageName(pkg.packageName, installerPackageName); 16727 // Enable the child packages 16728 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 16729 for (int i = 0; i < childCount; i++) { 16730 PackageParser.Package childPkg = pkg.childPackages.get(i); 16731 mSettings.setInstallerPackageName(childPkg.packageName, installerPackageName); 16732 } 16733 } 16734 16735 private int[] revokeUnusedSharedUserPermissionsLPw(SharedUserSetting su, int[] allUserIds) { 16736 // Collect all used permissions in the UID 16737 ArraySet<String> usedPermissions = new ArraySet<>(); 16738 final int packageCount = su.packages.size(); 16739 for (int i = 0; i < packageCount; i++) { 16740 PackageSetting ps = su.packages.valueAt(i); 16741 if (ps.pkg == null) { 16742 continue; 16743 } 16744 final int requestedPermCount = ps.pkg.requestedPermissions.size(); 16745 for (int j = 0; j < requestedPermCount; j++) { 16746 String permission = ps.pkg.requestedPermissions.get(j); 16747 BasePermission bp = mSettings.mPermissions.get(permission); 16748 if (bp != null) { 16749 usedPermissions.add(permission); 16750 } 16751 } 16752 } 16753 16754 PermissionsState permissionsState = su.getPermissionsState(); 16755 // Prune install permissions 16756 List<PermissionState> installPermStates = permissionsState.getInstallPermissionStates(); 16757 final int installPermCount = installPermStates.size(); 16758 for (int i = installPermCount - 1; i >= 0; i--) { 16759 PermissionState permissionState = installPermStates.get(i); 16760 if (!usedPermissions.contains(permissionState.getName())) { 16761 BasePermission bp = mSettings.mPermissions.get(permissionState.getName()); 16762 if (bp != null) { 16763 permissionsState.revokeInstallPermission(bp); 16764 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL, 16765 PackageManager.MASK_PERMISSION_FLAGS, 0); 16766 } 16767 } 16768 } 16769 16770 int[] runtimePermissionChangedUserIds = EmptyArray.INT; 16771 16772 // Prune runtime permissions 16773 for (int userId : allUserIds) { 16774 List<PermissionState> runtimePermStates = permissionsState 16775 .getRuntimePermissionStates(userId); 16776 final int runtimePermCount = runtimePermStates.size(); 16777 for (int i = runtimePermCount - 1; i >= 0; i--) { 16778 PermissionState permissionState = runtimePermStates.get(i); 16779 if (!usedPermissions.contains(permissionState.getName())) { 16780 BasePermission bp = mSettings.mPermissions.get(permissionState.getName()); 16781 if (bp != null) { 16782 permissionsState.revokeRuntimePermission(bp, userId); 16783 permissionsState.updatePermissionFlags(bp, userId, 16784 PackageManager.MASK_PERMISSION_FLAGS, 0); 16785 runtimePermissionChangedUserIds = ArrayUtils.appendInt( 16786 runtimePermissionChangedUserIds, userId); 16787 } 16788 } 16789 } 16790 } 16791 16792 return runtimePermissionChangedUserIds; 16793 } 16794 16795 private void updateSettingsLI(PackageParser.Package newPackage, String installerPackageName, 16796 int[] allUsers, PackageInstalledInfo res, UserHandle user, int installReason) { 16797 // Update the parent package setting 16798 updateSettingsInternalLI(newPackage, installerPackageName, allUsers, res.origUsers, 16799 res, user, installReason); 16800 // Update the child packages setting 16801 final int childCount = (newPackage.childPackages != null) 16802 ? newPackage.childPackages.size() : 0; 16803 for (int i = 0; i < childCount; i++) { 16804 PackageParser.Package childPackage = newPackage.childPackages.get(i); 16805 PackageInstalledInfo childRes = res.addedChildPackages.get(childPackage.packageName); 16806 updateSettingsInternalLI(childPackage, installerPackageName, allUsers, 16807 childRes.origUsers, childRes, user, installReason); 16808 } 16809 } 16810 16811 private void updateSettingsInternalLI(PackageParser.Package newPackage, 16812 String installerPackageName, int[] allUsers, int[] installedForUsers, 16813 PackageInstalledInfo res, UserHandle user, int installReason) { 16814 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "updateSettings"); 16815 16816 String pkgName = newPackage.packageName; 16817 synchronized (mPackages) { 16818 //write settings. the installStatus will be incomplete at this stage. 16819 //note that the new package setting would have already been 16820 //added to mPackages. It hasn't been persisted yet. 16821 mSettings.setInstallStatus(pkgName, PackageSettingBase.PKG_INSTALL_INCOMPLETE); 16822 // TODO: Remove this write? It's also written at the end of this method 16823 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "writeSettings"); 16824 mSettings.writeLPr(); 16825 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16826 } 16827 16828 if (DEBUG_INSTALL) Slog.d(TAG, "New package installed in " + newPackage.codePath); 16829 synchronized (mPackages) { 16830 updatePermissionsLPw(newPackage.packageName, newPackage, 16831 UPDATE_PERMISSIONS_REPLACE_PKG | (newPackage.permissions.size() > 0 16832 ? UPDATE_PERMISSIONS_ALL : 0)); 16833 // For system-bundled packages, we assume that installing an upgraded version 16834 // of the package implies that the user actually wants to run that new code, 16835 // so we enable the package. 16836 PackageSetting ps = mSettings.mPackages.get(pkgName); 16837 final int userId = user.getIdentifier(); 16838 if (ps != null) { 16839 if (isSystemApp(newPackage)) { 16840 if (DEBUG_INSTALL) { 16841 Slog.d(TAG, "Implicitly enabling system package on upgrade: " + pkgName); 16842 } 16843 // Enable system package for requested users 16844 if (res.origUsers != null) { 16845 for (int origUserId : res.origUsers) { 16846 if (userId == UserHandle.USER_ALL || userId == origUserId) { 16847 ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, 16848 origUserId, installerPackageName); 16849 } 16850 } 16851 } 16852 // Also convey the prior install/uninstall state 16853 if (allUsers != null && installedForUsers != null) { 16854 for (int currentUserId : allUsers) { 16855 final boolean installed = ArrayUtils.contains( 16856 installedForUsers, currentUserId); 16857 if (DEBUG_INSTALL) { 16858 Slog.d(TAG, " user " + currentUserId + " => " + installed); 16859 } 16860 ps.setInstalled(installed, currentUserId); 16861 } 16862 // these install state changes will be persisted in the 16863 // upcoming call to mSettings.writeLPr(). 16864 } 16865 } 16866 // It's implied that when a user requests installation, they want the app to be 16867 // installed and enabled. 16868 if (userId != UserHandle.USER_ALL) { 16869 ps.setInstalled(true, userId); 16870 ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, userId, installerPackageName); 16871 } 16872 16873 // When replacing an existing package, preserve the original install reason for all 16874 // users that had the package installed before. 16875 final Set<Integer> previousUserIds = new ArraySet<>(); 16876 if (res.removedInfo != null && res.removedInfo.installReasons != null) { 16877 final int installReasonCount = res.removedInfo.installReasons.size(); 16878 for (int i = 0; i < installReasonCount; i++) { 16879 final int previousUserId = res.removedInfo.installReasons.keyAt(i); 16880 final int previousInstallReason = res.removedInfo.installReasons.valueAt(i); 16881 ps.setInstallReason(previousInstallReason, previousUserId); 16882 previousUserIds.add(previousUserId); 16883 } 16884 } 16885 16886 // Set install reason for users that are having the package newly installed. 16887 if (userId == UserHandle.USER_ALL) { 16888 for (int currentUserId : sUserManager.getUserIds()) { 16889 if (!previousUserIds.contains(currentUserId)) { 16890 ps.setInstallReason(installReason, currentUserId); 16891 } 16892 } 16893 } else if (!previousUserIds.contains(userId)) { 16894 ps.setInstallReason(installReason, userId); 16895 } 16896 mSettings.writeKernelMappingLPr(ps); 16897 } 16898 res.name = pkgName; 16899 res.uid = newPackage.applicationInfo.uid; 16900 res.pkg = newPackage; 16901 mSettings.setInstallStatus(pkgName, PackageSettingBase.PKG_INSTALL_COMPLETE); 16902 mSettings.setInstallerPackageName(pkgName, installerPackageName); 16903 res.setReturnCode(PackageManager.INSTALL_SUCCEEDED); 16904 //to update install status 16905 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "writeSettings"); 16906 mSettings.writeLPr(); 16907 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16908 } 16909 16910 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16911 } 16912 16913 private void installPackageTracedLI(InstallArgs args, PackageInstalledInfo res) { 16914 try { 16915 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "installPackage"); 16916 installPackageLI(args, res); 16917 } finally { 16918 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16919 } 16920 } 16921 16922 private void installPackageLI(InstallArgs args, PackageInstalledInfo res) { 16923 final int installFlags = args.installFlags; 16924 final String installerPackageName = args.installerPackageName; 16925 final String volumeUuid = args.volumeUuid; 16926 final File tmpPackageFile = new File(args.getCodePath()); 16927 final boolean forwardLocked = ((installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0); 16928 final boolean onExternal = (((installFlags & PackageManager.INSTALL_EXTERNAL) != 0) 16929 || (args.volumeUuid != null)); 16930 final boolean instantApp = ((installFlags & PackageManager.INSTALL_INSTANT_APP) != 0); 16931 final boolean fullApp = ((installFlags & PackageManager.INSTALL_FULL_APP) != 0); 16932 final boolean forceSdk = ((installFlags & PackageManager.INSTALL_FORCE_SDK) != 0); 16933 boolean replace = false; 16934 int scanFlags = SCAN_NEW_INSTALL | SCAN_UPDATE_SIGNATURE; 16935 if (args.move != null) { 16936 // moving a complete application; perform an initial scan on the new install location 16937 scanFlags |= SCAN_INITIAL; 16938 } 16939 if ((installFlags & PackageManager.INSTALL_DONT_KILL_APP) != 0) { 16940 scanFlags |= SCAN_DONT_KILL_APP; 16941 } 16942 if (instantApp) { 16943 scanFlags |= SCAN_AS_INSTANT_APP; 16944 } 16945 if (fullApp) { 16946 scanFlags |= SCAN_AS_FULL_APP; 16947 } 16948 16949 // Result object to be returned 16950 res.setReturnCode(PackageManager.INSTALL_SUCCEEDED); 16951 16952 if (DEBUG_INSTALL) Slog.d(TAG, "installPackageLI: path=" + tmpPackageFile); 16953 16954 // Sanity check 16955 if (instantApp && (forwardLocked || onExternal)) { 16956 Slog.i(TAG, "Incompatible ephemeral install; fwdLocked=" + forwardLocked 16957 + " external=" + onExternal); 16958 res.setReturnCode(PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID); 16959 return; 16960 } 16961 16962 // Retrieve PackageSettings and parse package 16963 final int parseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY 16964 | PackageParser.PARSE_ENFORCE_CODE 16965 | (forwardLocked ? PackageParser.PARSE_FORWARD_LOCK : 0) 16966 | (onExternal ? PackageParser.PARSE_EXTERNAL_STORAGE : 0) 16967 | (instantApp ? PackageParser.PARSE_IS_EPHEMERAL : 0) 16968 | (forceSdk ? PackageParser.PARSE_FORCE_SDK : 0); 16969 PackageParser pp = new PackageParser(); 16970 pp.setSeparateProcesses(mSeparateProcesses); 16971 pp.setDisplayMetrics(mMetrics); 16972 pp.setCallback(mPackageParserCallback); 16973 16974 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "parsePackage"); 16975 final PackageParser.Package pkg; 16976 try { 16977 pkg = pp.parsePackage(tmpPackageFile, parseFlags); 16978 } catch (PackageParserException e) { 16979 res.setError("Failed parse during installPackageLI", e); 16980 return; 16981 } finally { 16982 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 16983 } 16984 16985 // Instant apps must have target SDK >= O and have targetSanboxVersion >= 2 16986 if (instantApp && pkg.applicationInfo.targetSdkVersion <= Build.VERSION_CODES.N_MR1) { 16987 Slog.w(TAG, "Instant app package " + pkg.packageName 16988 + " does not target O, this will be a fatal error."); 16989 // STOPSHIP: Make this a fatal error 16990 pkg.applicationInfo.targetSdkVersion = Build.VERSION_CODES.O; 16991 } 16992 if (instantApp && pkg.applicationInfo.targetSandboxVersion != 2) { 16993 Slog.w(TAG, "Instant app package " + pkg.packageName 16994 + " does not target targetSandboxVersion 2, this will be a fatal error."); 16995 // STOPSHIP: Make this a fatal error 16996 pkg.applicationInfo.targetSandboxVersion = 2; 16997 } 16998 16999 if (pkg.applicationInfo.isStaticSharedLibrary()) { 17000 // Static shared libraries have synthetic package names 17001 renameStaticSharedLibraryPackage(pkg); 17002 17003 // No static shared libs on external storage 17004 if (onExternal) { 17005 Slog.i(TAG, "Static shared libs can only be installed on internal storage."); 17006 res.setError(INSTALL_FAILED_INVALID_INSTALL_LOCATION, 17007 "Packages declaring static-shared libs cannot be updated"); 17008 return; 17009 } 17010 } 17011 17012 // If we are installing a clustered package add results for the children 17013 if (pkg.childPackages != null) { 17014 synchronized (mPackages) { 17015 final int childCount = pkg.childPackages.size(); 17016 for (int i = 0; i < childCount; i++) { 17017 PackageParser.Package childPkg = pkg.childPackages.get(i); 17018 PackageInstalledInfo childRes = new PackageInstalledInfo(); 17019 childRes.setReturnCode(PackageManager.INSTALL_SUCCEEDED); 17020 childRes.pkg = childPkg; 17021 childRes.name = childPkg.packageName; 17022 PackageSetting childPs = mSettings.getPackageLPr(childPkg.packageName); 17023 if (childPs != null) { 17024 childRes.origUsers = childPs.queryInstalledUsers( 17025 sUserManager.getUserIds(), true); 17026 } 17027 if ((mPackages.containsKey(childPkg.packageName))) { 17028 childRes.removedInfo = new PackageRemovedInfo(this); 17029 childRes.removedInfo.removedPackage = childPkg.packageName; 17030 childRes.removedInfo.installerPackageName = childPs.installerPackageName; 17031 } 17032 if (res.addedChildPackages == null) { 17033 res.addedChildPackages = new ArrayMap<>(); 17034 } 17035 res.addedChildPackages.put(childPkg.packageName, childRes); 17036 } 17037 } 17038 } 17039 17040 // If package doesn't declare API override, mark that we have an install 17041 // time CPU ABI override. 17042 if (TextUtils.isEmpty(pkg.cpuAbiOverride)) { 17043 pkg.cpuAbiOverride = args.abiOverride; 17044 } 17045 17046 String pkgName = res.name = pkg.packageName; 17047 if ((pkg.applicationInfo.flags&ApplicationInfo.FLAG_TEST_ONLY) != 0) { 17048 if ((installFlags & PackageManager.INSTALL_ALLOW_TEST) == 0) { 17049 res.setError(INSTALL_FAILED_TEST_ONLY, "installPackageLI"); 17050 return; 17051 } 17052 } 17053 17054 try { 17055 // either use what we've been given or parse directly from the APK 17056 if (args.certificates != null) { 17057 try { 17058 PackageParser.populateCertificates(pkg, args.certificates); 17059 } catch (PackageParserException e) { 17060 // there was something wrong with the certificates we were given; 17061 // try to pull them from the APK 17062 PackageParser.collectCertificates(pkg, parseFlags); 17063 } 17064 } else { 17065 PackageParser.collectCertificates(pkg, parseFlags); 17066 } 17067 } catch (PackageParserException e) { 17068 res.setError("Failed collect during installPackageLI", e); 17069 return; 17070 } 17071 17072 // Get rid of all references to package scan path via parser. 17073 pp = null; 17074 String oldCodePath = null; 17075 boolean systemApp = false; 17076 synchronized (mPackages) { 17077 // Check if installing already existing package 17078 if ((installFlags & PackageManager.INSTALL_REPLACE_EXISTING) != 0) { 17079 String oldName = mSettings.getRenamedPackageLPr(pkgName); 17080 if (pkg.mOriginalPackages != null 17081 && pkg.mOriginalPackages.contains(oldName) 17082 && mPackages.containsKey(oldName)) { 17083 // This package is derived from an original package, 17084 // and this device has been updating from that original 17085 // name. We must continue using the original name, so 17086 // rename the new package here. 17087 pkg.setPackageName(oldName); 17088 pkgName = pkg.packageName; 17089 replace = true; 17090 if (DEBUG_INSTALL) Slog.d(TAG, "Replacing existing renamed package: oldName=" 17091 + oldName + " pkgName=" + pkgName); 17092 } else if (mPackages.containsKey(pkgName)) { 17093 // This package, under its official name, already exists 17094 // on the device; we should replace it. 17095 replace = true; 17096 if (DEBUG_INSTALL) Slog.d(TAG, "Replace existing pacakge: " + pkgName); 17097 } 17098 17099 // Child packages are installed through the parent package 17100 if (pkg.parentPackage != null) { 17101 res.setError(PackageManager.INSTALL_PARSE_FAILED_BAD_PACKAGE_NAME, 17102 "Package " + pkg.packageName + " is child of package " 17103 + pkg.parentPackage.parentPackage + ". Child packages " 17104 + "can be updated only through the parent package."); 17105 return; 17106 } 17107 17108 if (replace) { 17109 // Prevent apps opting out from runtime permissions 17110 PackageParser.Package oldPackage = mPackages.get(pkgName); 17111 final int oldTargetSdk = oldPackage.applicationInfo.targetSdkVersion; 17112 final int newTargetSdk = pkg.applicationInfo.targetSdkVersion; 17113 if (oldTargetSdk > Build.VERSION_CODES.LOLLIPOP_MR1 17114 && newTargetSdk <= Build.VERSION_CODES.LOLLIPOP_MR1) { 17115 res.setError(PackageManager.INSTALL_FAILED_PERMISSION_MODEL_DOWNGRADE, 17116 "Package " + pkg.packageName + " new target SDK " + newTargetSdk 17117 + " doesn't support runtime permissions but the old" 17118 + " target SDK " + oldTargetSdk + " does."); 17119 return; 17120 } 17121 // Prevent apps from downgrading their targetSandbox. 17122 final int oldTargetSandbox = oldPackage.applicationInfo.targetSandboxVersion; 17123 final int newTargetSandbox = pkg.applicationInfo.targetSandboxVersion; 17124 if (oldTargetSandbox == 2 && newTargetSandbox != 2) { 17125 res.setError(PackageManager.INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE, 17126 "Package " + pkg.packageName + " new target sandbox " 17127 + newTargetSandbox + " is incompatible with the previous value of" 17128 + oldTargetSandbox + "."); 17129 return; 17130 } 17131 17132 // Prevent installing of child packages 17133 if (oldPackage.parentPackage != null) { 17134 res.setError(PackageManager.INSTALL_PARSE_FAILED_BAD_PACKAGE_NAME, 17135 "Package " + pkg.packageName + " is child of package " 17136 + oldPackage.parentPackage + ". Child packages " 17137 + "can be updated only through the parent package."); 17138 return; 17139 } 17140 } 17141 } 17142 17143 PackageSetting ps = mSettings.mPackages.get(pkgName); 17144 if (ps != null) { 17145 if (DEBUG_INSTALL) Slog.d(TAG, "Existing package: " + ps); 17146 17147 // Static shared libs have same package with different versions where 17148 // we internally use a synthetic package name to allow multiple versions 17149 // of the same package, therefore we need to compare signatures against 17150 // the package setting for the latest library version. 17151 PackageSetting signatureCheckPs = ps; 17152 if (pkg.applicationInfo.isStaticSharedLibrary()) { 17153 SharedLibraryEntry libraryEntry = getLatestSharedLibraVersionLPr(pkg); 17154 if (libraryEntry != null) { 17155 signatureCheckPs = mSettings.getPackageLPr(libraryEntry.apk); 17156 } 17157 } 17158 17159 // Quick sanity check that we're signed correctly if updating; 17160 // we'll check this again later when scanning, but we want to 17161 // bail early here before tripping over redefined permissions. 17162 if (shouldCheckUpgradeKeySetLP(signatureCheckPs, scanFlags)) { 17163 if (!checkUpgradeKeySetLP(signatureCheckPs, pkg)) { 17164 res.setError(INSTALL_FAILED_UPDATE_INCOMPATIBLE, "Package " 17165 + pkg.packageName + " upgrade keys do not match the " 17166 + "previously installed version"); 17167 return; 17168 } 17169 } else { 17170 try { 17171 verifySignaturesLP(signatureCheckPs, pkg); 17172 } catch (PackageManagerException e) { 17173 res.setError(e.error, e.getMessage()); 17174 return; 17175 } 17176 } 17177 17178 oldCodePath = mSettings.mPackages.get(pkgName).codePathString; 17179 if (ps.pkg != null && ps.pkg.applicationInfo != null) { 17180 systemApp = (ps.pkg.applicationInfo.flags & 17181 ApplicationInfo.FLAG_SYSTEM) != 0; 17182 } 17183 res.origUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true); 17184 } 17185 17186 int N = pkg.permissions.size(); 17187 for (int i = N-1; i >= 0; i--) { 17188 PackageParser.Permission perm = pkg.permissions.get(i); 17189 BasePermission bp = mSettings.mPermissions.get(perm.info.name); 17190 17191 // Don't allow anyone but the system to define ephemeral permissions. 17192 if ((perm.info.protectionLevel & PermissionInfo.PROTECTION_FLAG_EPHEMERAL) != 0 17193 && !systemApp) { 17194 Slog.w(TAG, "Non-System package " + pkg.packageName 17195 + " attempting to delcare ephemeral permission " 17196 + perm.info.name + "; Removing ephemeral."); 17197 perm.info.protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_EPHEMERAL; 17198 } 17199 // Check whether the newly-scanned package wants to define an already-defined perm 17200 if (bp != null) { 17201 // If the defining package is signed with our cert, it's okay. This 17202 // also includes the "updating the same package" case, of course. 17203 // "updating same package" could also involve key-rotation. 17204 final boolean sigsOk; 17205 if (bp.sourcePackage.equals(pkg.packageName) 17206 && (bp.packageSetting instanceof PackageSetting) 17207 && (shouldCheckUpgradeKeySetLP((PackageSetting) bp.packageSetting, 17208 scanFlags))) { 17209 sigsOk = checkUpgradeKeySetLP((PackageSetting) bp.packageSetting, pkg); 17210 } else { 17211 sigsOk = compareSignatures(bp.packageSetting.signatures.mSignatures, 17212 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 17213 } 17214 if (!sigsOk) { 17215 // If the owning package is the system itself, we log but allow 17216 // install to proceed; we fail the install on all other permission 17217 // redefinitions. 17218 if (!bp.sourcePackage.equals("android")) { 17219 res.setError(INSTALL_FAILED_DUPLICATE_PERMISSION, "Package " 17220 + pkg.packageName + " attempting to redeclare permission " 17221 + perm.info.name + " already owned by " + bp.sourcePackage); 17222 res.origPermission = perm.info.name; 17223 res.origPackage = bp.sourcePackage; 17224 return; 17225 } else { 17226 Slog.w(TAG, "Package " + pkg.packageName 17227 + " attempting to redeclare system permission " 17228 + perm.info.name + "; ignoring new declaration"); 17229 pkg.permissions.remove(i); 17230 } 17231 } else if (!PLATFORM_PACKAGE_NAME.equals(pkg.packageName)) { 17232 // Prevent apps to change protection level to dangerous from any other 17233 // type as this would allow a privilege escalation where an app adds a 17234 // normal/signature permission in other app's group and later redefines 17235 // it as dangerous leading to the group auto-grant. 17236 if ((perm.info.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 17237 == PermissionInfo.PROTECTION_DANGEROUS) { 17238 if (bp != null && !bp.isRuntime()) { 17239 Slog.w(TAG, "Package " + pkg.packageName + " trying to change a " 17240 + "non-runtime permission " + perm.info.name 17241 + " to runtime; keeping old protection level"); 17242 perm.info.protectionLevel = bp.protectionLevel; 17243 } 17244 } 17245 } 17246 } 17247 } 17248 } 17249 17250 if (systemApp) { 17251 if (onExternal) { 17252 // Abort update; system app can't be replaced with app on sdcard 17253 res.setError(INSTALL_FAILED_INVALID_INSTALL_LOCATION, 17254 "Cannot install updates to system apps on sdcard"); 17255 return; 17256 } else if (instantApp) { 17257 // Abort update; system app can't be replaced with an instant app 17258 res.setError(INSTALL_FAILED_INSTANT_APP_INVALID, 17259 "Cannot update a system app with an instant app"); 17260 return; 17261 } 17262 } 17263 17264 if (args.move != null) { 17265 // We did an in-place move, so dex is ready to roll 17266 scanFlags |= SCAN_NO_DEX; 17267 scanFlags |= SCAN_MOVE; 17268 17269 synchronized (mPackages) { 17270 final PackageSetting ps = mSettings.mPackages.get(pkgName); 17271 if (ps == null) { 17272 res.setError(INSTALL_FAILED_INTERNAL_ERROR, 17273 "Missing settings for moved package " + pkgName); 17274 } 17275 17276 // We moved the entire application as-is, so bring over the 17277 // previously derived ABI information. 17278 pkg.applicationInfo.primaryCpuAbi = ps.primaryCpuAbiString; 17279 pkg.applicationInfo.secondaryCpuAbi = ps.secondaryCpuAbiString; 17280 } 17281 17282 } else if (!forwardLocked && !pkg.applicationInfo.isExternalAsec()) { 17283 // Enable SCAN_NO_DEX flag to skip dexopt at a later stage 17284 scanFlags |= SCAN_NO_DEX; 17285 17286 try { 17287 String abiOverride = (TextUtils.isEmpty(pkg.cpuAbiOverride) ? 17288 args.abiOverride : pkg.cpuAbiOverride); 17289 derivePackageAbi(pkg, new File(pkg.codePath), abiOverride, 17290 true /*extractLibs*/, mAppLib32InstallDir); 17291 } catch (PackageManagerException pme) { 17292 Slog.e(TAG, "Error deriving application ABI", pme); 17293 res.setError(INSTALL_FAILED_INTERNAL_ERROR, "Error deriving application ABI"); 17294 return; 17295 } 17296 17297 // Shared libraries for the package need to be updated. 17298 synchronized (mPackages) { 17299 try { 17300 updateSharedLibrariesLPr(pkg, null); 17301 } catch (PackageManagerException e) { 17302 Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage()); 17303 } 17304 } 17305 17306 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dexopt"); 17307 // Do not run PackageDexOptimizer through the local performDexOpt 17308 // method because `pkg` may not be in `mPackages` yet. 17309 // 17310 // Also, don't fail application installs if the dexopt step fails. 17311 mPackageDexOptimizer.performDexOpt(pkg, pkg.usesLibraryFiles, 17312 null /* instructionSets */, false /* checkProfiles */, 17313 getCompilerFilterForReason(REASON_INSTALL), 17314 getOrCreateCompilerPackageStats(pkg), 17315 mDexManager.isUsedByOtherApps(pkg.packageName)); 17316 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); 17317 17318 // Notify BackgroundDexOptService that the package has been changed. 17319 // If this is an update of a package which used to fail to compile, 17320 // BDOS will remove it from its blacklist. 17321 // TODO: Layering violation 17322 BackgroundDexOptService.notifyPackageChanged(pkg.packageName); 17323 } 17324 17325 if (!args.doRename(res.returnCode, pkg, oldCodePath)) { 17326 res.setError(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Failed rename"); 17327 return; 17328 } 17329 17330 startIntentFilterVerifications(args.user.getIdentifier(), replace, pkg); 17331 17332 try (PackageFreezer freezer = freezePackageForInstall(pkgName, installFlags, 17333 "installPackageLI")) { 17334 if (replace) { 17335 if (pkg.applicationInfo.isStaticSharedLibrary()) { 17336 // Static libs have a synthetic package name containing the version 17337 // and cannot be updated as an update would get a new package name, 17338 // unless this is the exact same version code which is useful for 17339 // development. 17340 PackageParser.Package existingPkg = mPackages.get(pkg.packageName); 17341 if (existingPkg != null && existingPkg.mVersionCode != pkg.mVersionCode) { 17342 res.setError(INSTALL_FAILED_DUPLICATE_PACKAGE, "Packages declaring " 17343 + "static-shared libs cannot be updated"); 17344 return; 17345 } 17346 } 17347 replacePackageLIF(pkg, parseFlags, scanFlags | SCAN_REPLACING, args.user, 17348 installerPackageName, res, args.installReason); 17349 } else { 17350 installNewPackageLIF(pkg, parseFlags, scanFlags | SCAN_DELETE_DATA_ON_FAILURES, 17351 args.user, installerPackageName, volumeUuid, res, args.installReason); 17352 } 17353 } 17354 17355 synchronized (mPackages) { 17356 final PackageSetting ps = mSettings.mPackages.get(pkgName); 17357 if (ps != null) { 17358 res.newUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true); 17359 ps.setUpdateAvailable(false /*updateAvailable*/); 17360 } 17361 17362 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 17363 for (int i = 0; i < childCount; i++) { 17364 PackageParser.Package childPkg = pkg.childPackages.get(i); 17365 PackageInstalledInfo childRes = res.addedChildPackages.get(childPkg.packageName); 17366 PackageSetting childPs = mSettings.getPackageLPr(childPkg.packageName); 17367 if (childPs != null) { 17368 childRes.newUsers = childPs.queryInstalledUsers( 17369 sUserManager.getUserIds(), true); 17370 } 17371 } 17372 17373 if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { 17374 updateSequenceNumberLP(pkgName, res.newUsers); 17375 updateInstantAppInstallerLocked(pkgName); 17376 } 17377 } 17378 } 17379 17380 private void startIntentFilterVerifications(int userId, boolean replacing, 17381 PackageParser.Package pkg) { 17382 if (mIntentFilterVerifierComponent == null) { 17383 Slog.w(TAG, "No IntentFilter verification will not be done as " 17384 + "there is no IntentFilterVerifier available!"); 17385 return; 17386 } 17387 17388 final int verifierUid = getPackageUid( 17389 mIntentFilterVerifierComponent.getPackageName(), 17390 MATCH_DEBUG_TRIAGED_MISSING, 17391 (userId == UserHandle.USER_ALL) ? UserHandle.USER_SYSTEM : userId); 17392 17393 Message msg = mHandler.obtainMessage(START_INTENT_FILTER_VERIFICATIONS); 17394 msg.obj = new IFVerificationParams(pkg, replacing, userId, verifierUid); 17395 mHandler.sendMessage(msg); 17396 17397 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 17398 for (int i = 0; i < childCount; i++) { 17399 PackageParser.Package childPkg = pkg.childPackages.get(i); 17400 msg = mHandler.obtainMessage(START_INTENT_FILTER_VERIFICATIONS); 17401 msg.obj = new IFVerificationParams(childPkg, replacing, userId, verifierUid); 17402 mHandler.sendMessage(msg); 17403 } 17404 } 17405 17406 private void verifyIntentFiltersIfNeeded(int userId, int verifierUid, boolean replacing, 17407 PackageParser.Package pkg) { 17408 int size = pkg.activities.size(); 17409 if (size == 0) { 17410 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 17411 "No activity, so no need to verify any IntentFilter!"); 17412 return; 17413 } 17414 17415 final boolean hasDomainURLs = hasDomainURLs(pkg); 17416 if (!hasDomainURLs) { 17417 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 17418 "No domain URLs, so no need to verify any IntentFilter!"); 17419 return; 17420 } 17421 17422 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Checking for userId:" + userId 17423 + " if any IntentFilter from the " + size 17424 + " Activities needs verification ..."); 17425 17426 int count = 0; 17427 final String packageName = pkg.packageName; 17428 17429 synchronized (mPackages) { 17430 // If this is a new install and we see that we've already run verification for this 17431 // package, we have nothing to do: it means the state was restored from backup. 17432 if (!replacing) { 17433 IntentFilterVerificationInfo ivi = 17434 mSettings.getIntentFilterVerificationLPr(packageName); 17435 if (ivi != null) { 17436 if (DEBUG_DOMAIN_VERIFICATION) { 17437 Slog.i(TAG, "Package " + packageName+ " already verified: status=" 17438 + ivi.getStatusString()); 17439 } 17440 return; 17441 } 17442 } 17443 17444 // If any filters need to be verified, then all need to be. 17445 boolean needToVerify = false; 17446 for (PackageParser.Activity a : pkg.activities) { 17447 for (ActivityIntentInfo filter : a.intents) { 17448 if (filter.needsVerification() && needsNetworkVerificationLPr(filter)) { 17449 if (DEBUG_DOMAIN_VERIFICATION) { 17450 Slog.d(TAG, "Intent filter needs verification, so processing all filters"); 17451 } 17452 needToVerify = true; 17453 break; 17454 } 17455 } 17456 } 17457 17458 if (needToVerify) { 17459 final int verificationId = mIntentFilterVerificationToken++; 17460 for (PackageParser.Activity a : pkg.activities) { 17461 for (ActivityIntentInfo filter : a.intents) { 17462 if (filter.handlesWebUris(true) && needsNetworkVerificationLPr(filter)) { 17463 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, 17464 "Verification needed for IntentFilter:" + filter.toString()); 17465 mIntentFilterVerifier.addOneIntentFilterVerification( 17466 verifierUid, userId, verificationId, filter, packageName); 17467 count++; 17468 } 17469 } 17470 } 17471 } 17472 } 17473 17474 if (count > 0) { 17475 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Starting " + count 17476 + " IntentFilter verification" + (count > 1 ? "s" : "") 17477 + " for userId:" + userId); 17478 mIntentFilterVerifier.startVerifications(userId); 17479 } else { 17480 if (DEBUG_DOMAIN_VERIFICATION) { 17481 Slog.d(TAG, "No filters or not all autoVerify for " + packageName); 17482 } 17483 } 17484 } 17485 17486 private boolean needsNetworkVerificationLPr(ActivityIntentInfo filter) { 17487 final ComponentName cn = filter.activity.getComponentName(); 17488 final String packageName = cn.getPackageName(); 17489 17490 IntentFilterVerificationInfo ivi = mSettings.getIntentFilterVerificationLPr( 17491 packageName); 17492 if (ivi == null) { 17493 return true; 17494 } 17495 int status = ivi.getStatus(); 17496 switch (status) { 17497 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED: 17498 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK: 17499 return true; 17500 17501 default: 17502 // Nothing to do 17503 return false; 17504 } 17505 } 17506 17507 private static boolean isMultiArch(ApplicationInfo info) { 17508 return (info.flags & ApplicationInfo.FLAG_MULTIARCH) != 0; 17509 } 17510 17511 private static boolean isExternal(PackageParser.Package pkg) { 17512 return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0; 17513 } 17514 17515 private static boolean isExternal(PackageSetting ps) { 17516 return (ps.pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0; 17517 } 17518 17519 private static boolean isSystemApp(PackageParser.Package pkg) { 17520 return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 17521 } 17522 17523 private static boolean isPrivilegedApp(PackageParser.Package pkg) { 17524 return (pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; 17525 } 17526 17527 private static boolean hasDomainURLs(PackageParser.Package pkg) { 17528 return (pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_HAS_DOMAIN_URLS) != 0; 17529 } 17530 17531 private static boolean isSystemApp(PackageSetting ps) { 17532 return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0; 17533 } 17534 17535 private static boolean isUpdatedSystemApp(PackageSetting ps) { 17536 return (ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; 17537 } 17538 17539 private int packageFlagsToInstallFlags(PackageSetting ps) { 17540 int installFlags = 0; 17541 if (isExternal(ps) && TextUtils.isEmpty(ps.volumeUuid)) { 17542 // This existing package was an external ASEC install when we have 17543 // the external flag without a UUID 17544 installFlags |= PackageManager.INSTALL_EXTERNAL; 17545 } 17546 if (ps.isForwardLocked()) { 17547 installFlags |= PackageManager.INSTALL_FORWARD_LOCK; 17548 } 17549 return installFlags; 17550 } 17551 17552 private String getVolumeUuidForPackage(PackageParser.Package pkg) { 17553 if (isExternal(pkg)) { 17554 if (TextUtils.isEmpty(pkg.volumeUuid)) { 17555 return StorageManager.UUID_PRIMARY_PHYSICAL; 17556 } else { 17557 return pkg.volumeUuid; 17558 } 17559 } else { 17560 return StorageManager.UUID_PRIVATE_INTERNAL; 17561 } 17562 } 17563 17564 private VersionInfo getSettingsVersionForPackage(PackageParser.Package pkg) { 17565 if (isExternal(pkg)) { 17566 if (TextUtils.isEmpty(pkg.volumeUuid)) { 17567 return mSettings.getExternalVersion(); 17568 } else { 17569 return mSettings.findOrCreateVersion(pkg.volumeUuid); 17570 } 17571 } else { 17572 return mSettings.getInternalVersion(); 17573 } 17574 } 17575 17576 private void deleteTempPackageFiles() { 17577 final FilenameFilter filter = new FilenameFilter() { 17578 public boolean accept(File dir, String name) { 17579 return name.startsWith("vmdl") && name.endsWith(".tmp"); 17580 } 17581 }; 17582 for (File file : mDrmAppPrivateInstallDir.listFiles(filter)) { 17583 file.delete(); 17584 } 17585 } 17586 17587 @Override 17588 public void deletePackageAsUser(String packageName, int versionCode, 17589 IPackageDeleteObserver observer, int userId, int flags) { 17590 deletePackageVersioned(new VersionedPackage(packageName, versionCode), 17591 new LegacyPackageDeleteObserver(observer).getBinder(), userId, flags); 17592 } 17593 17594 @Override 17595 public void deletePackageVersioned(VersionedPackage versionedPackage, 17596 final IPackageDeleteObserver2 observer, final int userId, final int deleteFlags) { 17597 mContext.enforceCallingOrSelfPermission( 17598 android.Manifest.permission.DELETE_PACKAGES, null); 17599 Preconditions.checkNotNull(versionedPackage); 17600 Preconditions.checkNotNull(observer); 17601 Preconditions.checkArgumentInRange(versionedPackage.getVersionCode(), 17602 PackageManager.VERSION_CODE_HIGHEST, 17603 Integer.MAX_VALUE, "versionCode must be >= -1"); 17604 17605 final String packageName = versionedPackage.getPackageName(); 17606 // TODO: We will change version code to long, so in the new API it is long 17607 final int versionCode = (int) versionedPackage.getVersionCode(); 17608 final String internalPackageName; 17609 synchronized (mPackages) { 17610 // Normalize package name to handle renamed packages and static libs 17611 internalPackageName = resolveInternalPackageNameLPr(versionedPackage.getPackageName(), 17612 // TODO: We will change version code to long, so in the new API it is long 17613 (int) versionedPackage.getVersionCode()); 17614 } 17615 17616 final int uid = Binder.getCallingUid(); 17617 if (!isOrphaned(internalPackageName) 17618 && !isCallerAllowedToSilentlyUninstall(uid, internalPackageName)) { 17619 try { 17620 final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE); 17621 intent.setData(Uri.fromParts(PACKAGE_SCHEME, packageName, null)); 17622 intent.putExtra(PackageInstaller.EXTRA_CALLBACK, observer.asBinder()); 17623 observer.onUserActionRequired(intent); 17624 } catch (RemoteException re) { 17625 } 17626 return; 17627 } 17628 final boolean deleteAllUsers = (deleteFlags & PackageManager.DELETE_ALL_USERS) != 0; 17629 final int[] users = deleteAllUsers ? sUserManager.getUserIds() : new int[]{ userId }; 17630 if (UserHandle.getUserId(uid) != userId || (deleteAllUsers && users.length > 1)) { 17631 mContext.enforceCallingOrSelfPermission( 17632 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, 17633 "deletePackage for user " + userId); 17634 } 17635 17636 if (isUserRestricted(userId, UserManager.DISALLOW_UNINSTALL_APPS)) { 17637 try { 17638 observer.onPackageDeleted(packageName, 17639 PackageManager.DELETE_FAILED_USER_RESTRICTED, null); 17640 } catch (RemoteException re) { 17641 } 17642 return; 17643 } 17644 17645 if (!deleteAllUsers && getBlockUninstallForUser(internalPackageName, userId)) { 17646 try { 17647 observer.onPackageDeleted(packageName, 17648 PackageManager.DELETE_FAILED_OWNER_BLOCKED, null); 17649 } catch (RemoteException re) { 17650 } 17651 return; 17652 } 17653 17654 if (DEBUG_REMOVE) { 17655 Slog.d(TAG, "deletePackageAsUser: pkg=" + internalPackageName + " user=" + userId 17656 + " deleteAllUsers: " + deleteAllUsers + " version=" 17657 + (versionCode == PackageManager.VERSION_CODE_HIGHEST 17658 ? "VERSION_CODE_HIGHEST" : versionCode)); 17659 } 17660 // Queue up an async operation since the package deletion may take a little while. 17661 mHandler.post(new Runnable() { 17662 public void run() { 17663 mHandler.removeCallbacks(this); 17664 int returnCode; 17665 if (!deleteAllUsers) { 17666 returnCode = deletePackageX(internalPackageName, versionCode, 17667 userId, deleteFlags); 17668 } else { 17669 int[] blockUninstallUserIds = getBlockUninstallForUsers( 17670 internalPackageName, users); 17671 // If nobody is blocking uninstall, proceed with delete for all users 17672 if (ArrayUtils.isEmpty(blockUninstallUserIds)) { 17673 returnCode = deletePackageX(internalPackageName, versionCode, 17674 userId, deleteFlags); 17675 } else { 17676 // Otherwise uninstall individually for users with blockUninstalls=false 17677 final int userFlags = deleteFlags & ~PackageManager.DELETE_ALL_USERS; 17678 for (int userId : users) { 17679 if (!ArrayUtils.contains(blockUninstallUserIds, userId)) { 17680 returnCode = deletePackageX(internalPackageName, versionCode, 17681 userId, userFlags); 17682 if (returnCode != PackageManager.DELETE_SUCCEEDED) { 17683 Slog.w(TAG, "Package delete failed for user " + userId 17684 + ", returnCode " + returnCode); 17685 } 17686 } 17687 } 17688 // The app has only been marked uninstalled for certain users. 17689 // We still need to report that delete was blocked 17690 returnCode = PackageManager.DELETE_FAILED_OWNER_BLOCKED; 17691 } 17692 } 17693 try { 17694 observer.onPackageDeleted(packageName, returnCode, null); 17695 } catch (RemoteException e) { 17696 Log.i(TAG, "Observer no longer exists."); 17697 } //end catch 17698 } //end run 17699 }); 17700 } 17701 17702 private String resolveExternalPackageNameLPr(PackageParser.Package pkg) { 17703 if (pkg.staticSharedLibName != null) { 17704 return pkg.manifestPackageName; 17705 } 17706 return pkg.packageName; 17707 } 17708 17709 private String resolveInternalPackageNameLPr(String packageName, int versionCode) { 17710 // Handle renamed packages 17711 String normalizedPackageName = mSettings.getRenamedPackageLPr(packageName); 17712 packageName = normalizedPackageName != null ? normalizedPackageName : packageName; 17713 17714 // Is this a static library? 17715 SparseArray<SharedLibraryEntry> versionedLib = 17716 mStaticLibsByDeclaringPackage.get(packageName); 17717 if (versionedLib == null || versionedLib.size() <= 0) { 17718 return packageName; 17719 } 17720 17721 // Figure out which lib versions the caller can see 17722 SparseIntArray versionsCallerCanSee = null; 17723 final int callingAppId = UserHandle.getAppId(Binder.getCallingUid()); 17724 if (callingAppId != Process.SYSTEM_UID && callingAppId != Process.SHELL_UID 17725 && callingAppId != Process.ROOT_UID) { 17726 versionsCallerCanSee = new SparseIntArray(); 17727 String libName = versionedLib.valueAt(0).info.getName(); 17728 String[] uidPackages = getPackagesForUid(Binder.getCallingUid()); 17729 if (uidPackages != null) { 17730 for (String uidPackage : uidPackages) { 17731 PackageSetting ps = mSettings.getPackageLPr(uidPackage); 17732 final int libIdx = ArrayUtils.indexOf(ps.usesStaticLibraries, libName); 17733 if (libIdx >= 0) { 17734 final int libVersion = ps.usesStaticLibrariesVersions[libIdx]; 17735 versionsCallerCanSee.append(libVersion, libVersion); 17736 } 17737 } 17738 } 17739 } 17740 17741 // Caller can see nothing - done 17742 if (versionsCallerCanSee != null && versionsCallerCanSee.size() <= 0) { 17743 return packageName; 17744 } 17745 17746 // Find the version the caller can see and the app version code 17747 SharedLibraryEntry highestVersion = null; 17748 final int versionCount = versionedLib.size(); 17749 for (int i = 0; i < versionCount; i++) { 17750 SharedLibraryEntry libEntry = versionedLib.valueAt(i); 17751 if (versionsCallerCanSee != null && versionsCallerCanSee.indexOfKey( 17752 libEntry.info.getVersion()) < 0) { 17753 continue; 17754 } 17755 // TODO: We will change version code to long, so in the new API it is long 17756 final int libVersionCode = (int) libEntry.info.getDeclaringPackage().getVersionCode(); 17757 if (versionCode != PackageManager.VERSION_CODE_HIGHEST) { 17758 if (libVersionCode == versionCode) { 17759 return libEntry.apk; 17760 } 17761 } else if (highestVersion == null) { 17762 highestVersion = libEntry; 17763 } else if (libVersionCode > highestVersion.info 17764 .getDeclaringPackage().getVersionCode()) { 17765 highestVersion = libEntry; 17766 } 17767 } 17768 17769 if (highestVersion != null) { 17770 return highestVersion.apk; 17771 } 17772 17773 return packageName; 17774 } 17775 17776 private boolean isCallerAllowedToSilentlyUninstall(int callingUid, String pkgName) { 17777 if (callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID 17778 || callingUid == Process.SYSTEM_UID) { 17779 return true; 17780 } 17781 final int callingUserId = UserHandle.getUserId(callingUid); 17782 // If the caller installed the pkgName, then allow it to silently uninstall. 17783 if (callingUid == getPackageUid(getInstallerPackageName(pkgName), 0, callingUserId)) { 17784 return true; 17785 } 17786 17787 // Allow package verifier to silently uninstall. 17788 if (mRequiredVerifierPackage != null && 17789 callingUid == getPackageUid(mRequiredVerifierPackage, 0, callingUserId)) { 17790 return true; 17791 } 17792 17793 // Allow package uninstaller to silently uninstall. 17794 if (mRequiredUninstallerPackage != null && 17795 callingUid == getPackageUid(mRequiredUninstallerPackage, 0, callingUserId)) { 17796 return true; 17797 } 17798 17799 // Allow storage manager to silently uninstall. 17800 if (mStorageManagerPackage != null && 17801 callingUid == getPackageUid(mStorageManagerPackage, 0, callingUserId)) { 17802 return true; 17803 } 17804 return false; 17805 } 17806 17807 private int[] getBlockUninstallForUsers(String packageName, int[] userIds) { 17808 int[] result = EMPTY_INT_ARRAY; 17809 for (int userId : userIds) { 17810 if (getBlockUninstallForUser(packageName, userId)) { 17811 result = ArrayUtils.appendInt(result, userId); 17812 } 17813 } 17814 return result; 17815 } 17816 17817 @Override 17818 public boolean isPackageDeviceAdminOnAnyUser(String packageName) { 17819 return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL); 17820 } 17821 17822 private boolean isPackageDeviceAdmin(String packageName, int userId) { 17823 IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface( 17824 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 17825 try { 17826 if (dpm != null) { 17827 final ComponentName deviceOwnerComponentName = dpm.getDeviceOwnerComponent( 17828 /* callingUserOnly =*/ false); 17829 final String deviceOwnerPackageName = deviceOwnerComponentName == null ? null 17830 : deviceOwnerComponentName.getPackageName(); 17831 // Does the package contains the device owner? 17832 // TODO Do we have to do it even if userId != UserHandle.USER_ALL? Otherwise, 17833 // this check is probably not needed, since DO should be registered as a device 17834 // admin on some user too. (Original bug for this: b/17657954) 17835 if (packageName.equals(deviceOwnerPackageName)) { 17836 return true; 17837 } 17838 // Does it contain a device admin for any user? 17839 int[] users; 17840 if (userId == UserHandle.USER_ALL) { 17841 users = sUserManager.getUserIds(); 17842 } else { 17843 users = new int[]{userId}; 17844 } 17845 for (int i = 0; i < users.length; ++i) { 17846 if (dpm.packageHasActiveAdmins(packageName, users[i])) { 17847 return true; 17848 } 17849 } 17850 } 17851 } catch (RemoteException e) { 17852 } 17853 return false; 17854 } 17855 17856 private boolean shouldKeepUninstalledPackageLPr(String packageName) { 17857 return mKeepUninstalledPackages != null && mKeepUninstalledPackages.contains(packageName); 17858 } 17859 17860 /** 17861 * This method is an internal method that could be get invoked either 17862 * to delete an installed package or to clean up a failed installation. 17863 * After deleting an installed package, a broadcast is sent to notify any 17864 * listeners that the package has been removed. For cleaning up a failed 17865 * installation, the broadcast is not necessary since the package's 17866 * installation wouldn't have sent the initial broadcast either 17867 * The key steps in deleting a package are 17868 * deleting the package information in internal structures like mPackages, 17869 * deleting the packages base directories through installd 17870 * updating mSettings to reflect current status 17871 * persisting settings for later use 17872 * sending a broadcast if necessary 17873 */ 17874 private int deletePackageX(String packageName, int versionCode, int userId, int deleteFlags) { 17875 final PackageRemovedInfo info = new PackageRemovedInfo(this); 17876 final boolean res; 17877 17878 final int removeUser = (deleteFlags & PackageManager.DELETE_ALL_USERS) != 0 17879 ? UserHandle.USER_ALL : userId; 17880 17881 if (isPackageDeviceAdmin(packageName, removeUser)) { 17882 Slog.w(TAG, "Not removing package " + packageName + ": has active device admin"); 17883 return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER; 17884 } 17885 17886 PackageSetting uninstalledPs = null; 17887 PackageParser.Package pkg = null; 17888 17889 // for the uninstall-updates case and restricted profiles, remember the per- 17890 // user handle installed state 17891 int[] allUsers; 17892 synchronized (mPackages) { 17893 uninstalledPs = mSettings.mPackages.get(packageName); 17894 if (uninstalledPs == null) { 17895 Slog.w(TAG, "Not removing non-existent package " + packageName); 17896 return PackageManager.DELETE_FAILED_INTERNAL_ERROR; 17897 } 17898 17899 if (versionCode != PackageManager.VERSION_CODE_HIGHEST 17900 && uninstalledPs.versionCode != versionCode) { 17901 Slog.w(TAG, "Not removing package " + packageName + " with versionCode " 17902 + uninstalledPs.versionCode + " != " + versionCode); 17903 return PackageManager.DELETE_FAILED_INTERNAL_ERROR; 17904 } 17905 17906 // Static shared libs can be declared by any package, so let us not 17907 // allow removing a package if it provides a lib others depend on. 17908 pkg = mPackages.get(packageName); 17909 if (pkg != null && pkg.staticSharedLibName != null) { 17910 SharedLibraryEntry libEntry = getSharedLibraryEntryLPr(pkg.staticSharedLibName, 17911 pkg.staticSharedLibVersion); 17912 if (libEntry != null) { 17913 List<VersionedPackage> libClientPackages = getPackagesUsingSharedLibraryLPr( 17914 libEntry.info, 0, userId); 17915 if (!ArrayUtils.isEmpty(libClientPackages)) { 17916 Slog.w(TAG, "Not removing package " + pkg.manifestPackageName 17917 + " hosting lib " + libEntry.info.getName() + " version " 17918 + libEntry.info.getVersion() + " used by " + libClientPackages); 17919 return PackageManager.DELETE_FAILED_USED_SHARED_LIBRARY; 17920 } 17921 } 17922 } 17923 17924 allUsers = sUserManager.getUserIds(); 17925 info.origUsers = uninstalledPs.queryInstalledUsers(allUsers, true); 17926 } 17927 17928 final int freezeUser; 17929 if (isUpdatedSystemApp(uninstalledPs) 17930 && ((deleteFlags & PackageManager.DELETE_SYSTEM_APP) == 0)) { 17931 // We're downgrading a system app, which will apply to all users, so 17932 // freeze them all during the downgrade 17933 freezeUser = UserHandle.USER_ALL; 17934 } else { 17935 freezeUser = removeUser; 17936 } 17937 17938 synchronized (mInstallLock) { 17939 if (DEBUG_REMOVE) Slog.d(TAG, "deletePackageX: pkg=" + packageName + " user=" + userId); 17940 try (PackageFreezer freezer = freezePackageForDelete(packageName, freezeUser, 17941 deleteFlags, "deletePackageX")) { 17942 res = deletePackageLIF(packageName, UserHandle.of(removeUser), true, allUsers, 17943 deleteFlags | FLAGS_REMOVE_CHATTY, info, true, null); 17944 } 17945 synchronized (mPackages) { 17946 if (res) { 17947 if (pkg != null) { 17948 mInstantAppRegistry.onPackageUninstalledLPw(pkg, info.removedUsers); 17949 } 17950 updateSequenceNumberLP(packageName, info.removedUsers); 17951 updateInstantAppInstallerLocked(packageName); 17952 } 17953 } 17954 } 17955 17956 if (res) { 17957 final boolean killApp = (deleteFlags & PackageManager.DELETE_DONT_KILL_APP) == 0; 17958 info.sendPackageRemovedBroadcasts(killApp); 17959 info.sendSystemPackageUpdatedBroadcasts(); 17960 info.sendSystemPackageAppearedBroadcasts(); 17961 } 17962 // Force a gc here. 17963 Runtime.getRuntime().gc(); 17964 // Delete the resources here after sending the broadcast to let 17965 // other processes clean up before deleting resources. 17966 if (info.args != null) { 17967 synchronized (mInstallLock) { 17968 info.args.doPostDeleteLI(true); 17969 } 17970 } 17971 17972 return res ? PackageManager.DELETE_SUCCEEDED : PackageManager.DELETE_FAILED_INTERNAL_ERROR; 17973 } 17974 17975 static class PackageRemovedInfo { 17976 final PackageSender packageSender; 17977 String removedPackage; 17978 String installerPackageName; 17979 int uid = -1; 17980 int removedAppId = -1; 17981 int[] origUsers; 17982 int[] removedUsers = null; 17983 int[] broadcastUsers = null; 17984 SparseArray<Integer> installReasons; 17985 boolean isRemovedPackageSystemUpdate = false; 17986 boolean isUpdate; 17987 boolean dataRemoved; 17988 boolean removedForAllUsers; 17989 boolean isStaticSharedLib; 17990 // Clean up resources deleted packages. 17991 InstallArgs args = null; 17992 ArrayMap<String, PackageRemovedInfo> removedChildPackages; 17993 ArrayMap<String, PackageInstalledInfo> appearedChildPackages; 17994 17995 PackageRemovedInfo(PackageSender packageSender) { 17996 this.packageSender = packageSender; 17997 } 17998 17999 void sendPackageRemovedBroadcasts(boolean killApp) { 18000 sendPackageRemovedBroadcastInternal(killApp); 18001 final int childCount = removedChildPackages != null ? removedChildPackages.size() : 0; 18002 for (int i = 0; i < childCount; i++) { 18003 PackageRemovedInfo childInfo = removedChildPackages.valueAt(i); 18004 childInfo.sendPackageRemovedBroadcastInternal(killApp); 18005 } 18006 } 18007 18008 void sendSystemPackageUpdatedBroadcasts() { 18009 if (isRemovedPackageSystemUpdate) { 18010 sendSystemPackageUpdatedBroadcastsInternal(); 18011 final int childCount = (removedChildPackages != null) 18012 ? removedChildPackages.size() : 0; 18013 for (int i = 0; i < childCount; i++) { 18014 PackageRemovedInfo childInfo = removedChildPackages.valueAt(i); 18015 if (childInfo.isRemovedPackageSystemUpdate) { 18016 childInfo.sendSystemPackageUpdatedBroadcastsInternal(); 18017 } 18018 } 18019 } 18020 } 18021 18022 void sendSystemPackageAppearedBroadcasts() { 18023 final int packageCount = (appearedChildPackages != null) 18024 ? appearedChildPackages.size() : 0; 18025 for (int i = 0; i < packageCount; i++) { 18026 PackageInstalledInfo installedInfo = appearedChildPackages.valueAt(i); 18027 packageSender.sendPackageAddedForNewUsers(installedInfo.name, 18028 true, UserHandle.getAppId(installedInfo.uid), 18029 installedInfo.newUsers); 18030 } 18031 } 18032 18033 private void sendSystemPackageUpdatedBroadcastsInternal() { 18034 Bundle extras = new Bundle(2); 18035 extras.putInt(Intent.EXTRA_UID, removedAppId >= 0 ? removedAppId : uid); 18036 extras.putBoolean(Intent.EXTRA_REPLACING, true); 18037 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, 18038 removedPackage, extras, 0, null /*targetPackage*/, null, null); 18039 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, 18040 removedPackage, extras, 0, null /*targetPackage*/, null, null); 18041 packageSender.sendPackageBroadcast(Intent.ACTION_MY_PACKAGE_REPLACED, 18042 null, null, 0, removedPackage, null, null); 18043 if (installerPackageName != null) { 18044 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, 18045 removedPackage, extras, 0 /*flags*/, 18046 installerPackageName, null, null); 18047 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, 18048 removedPackage, extras, 0 /*flags*/, 18049 installerPackageName, null, null); 18050 } 18051 } 18052 18053 private void sendPackageRemovedBroadcastInternal(boolean killApp) { 18054 // Don't send static shared library removal broadcasts as these 18055 // libs are visible only the the apps that depend on them an one 18056 // cannot remove the library if it has a dependency. 18057 if (isStaticSharedLib) { 18058 return; 18059 } 18060 Bundle extras = new Bundle(2); 18061 extras.putInt(Intent.EXTRA_UID, removedAppId >= 0 ? removedAppId : uid); 18062 extras.putBoolean(Intent.EXTRA_DATA_REMOVED, dataRemoved); 18063 extras.putBoolean(Intent.EXTRA_DONT_KILL_APP, !killApp); 18064 if (isUpdate || isRemovedPackageSystemUpdate) { 18065 extras.putBoolean(Intent.EXTRA_REPLACING, true); 18066 } 18067 extras.putBoolean(Intent.EXTRA_REMOVED_FOR_ALL_USERS, removedForAllUsers); 18068 if (removedPackage != null) { 18069 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_REMOVED, 18070 removedPackage, extras, 0, null /*targetPackage*/, null, broadcastUsers); 18071 if (installerPackageName != null) { 18072 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_REMOVED, 18073 removedPackage, extras, 0 /*flags*/, 18074 installerPackageName, null, broadcastUsers); 18075 } 18076 if (dataRemoved && !isRemovedPackageSystemUpdate) { 18077 packageSender.sendPackageBroadcast(Intent.ACTION_PACKAGE_FULLY_REMOVED, 18078 removedPackage, extras, 18079 Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND, 18080 null, null, broadcastUsers); 18081 } 18082 } 18083 if (removedAppId >= 0) { 18084 packageSender.sendPackageBroadcast(Intent.ACTION_UID_REMOVED, null, extras, 18085 Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND, null, null, broadcastUsers); 18086 } 18087 } 18088 18089 void populateUsers(int[] userIds, PackageSetting deletedPackageSetting) { 18090 removedUsers = userIds; 18091 if (removedUsers == null) { 18092 broadcastUsers = null; 18093 return; 18094 } 18095 18096 broadcastUsers = EMPTY_INT_ARRAY; 18097 for (int i = userIds.length - 1; i >= 0; --i) { 18098 final int userId = userIds[i]; 18099 if (deletedPackageSetting.getInstantApp(userId)) { 18100 continue; 18101 } 18102 broadcastUsers = ArrayUtils.appendInt(broadcastUsers, userId); 18103 } 18104 } 18105 } 18106 18107 /* 18108 * This method deletes the package from internal data structures. If the DONT_DELETE_DATA 18109 * flag is not set, the data directory is removed as well. 18110 * make sure this flag is set for partially installed apps. If not its meaningless to 18111 * delete a partially installed application. 18112 */ 18113 private void removePackageDataLIF(PackageSetting ps, int[] allUserHandles, 18114 PackageRemovedInfo outInfo, int flags, boolean writeSettings) { 18115 String packageName = ps.name; 18116 if (DEBUG_REMOVE) Slog.d(TAG, "removePackageDataLI: " + ps); 18117 // Retrieve object to delete permissions for shared user later on 18118 final PackageParser.Package deletedPkg; 18119 final PackageSetting deletedPs; 18120 // reader 18121 synchronized (mPackages) { 18122 deletedPkg = mPackages.get(packageName); 18123 deletedPs = mSettings.mPackages.get(packageName); 18124 if (outInfo != null) { 18125 outInfo.removedPackage = packageName; 18126 outInfo.installerPackageName = ps.installerPackageName; 18127 outInfo.isStaticSharedLib = deletedPkg != null 18128 && deletedPkg.staticSharedLibName != null; 18129 outInfo.populateUsers(deletedPs == null ? null 18130 : deletedPs.queryInstalledUsers(sUserManager.getUserIds(), true), deletedPs); 18131 } 18132 } 18133 18134 removePackageLI(ps, (flags & FLAGS_REMOVE_CHATTY) != 0); 18135 18136 if ((flags & PackageManager.DELETE_KEEP_DATA) == 0) { 18137 final PackageParser.Package resolvedPkg; 18138 if (deletedPkg != null) { 18139 resolvedPkg = deletedPkg; 18140 } else { 18141 // We don't have a parsed package when it lives on an ejected 18142 // adopted storage device, so fake something together 18143 resolvedPkg = new PackageParser.Package(ps.name); 18144 resolvedPkg.setVolumeUuid(ps.volumeUuid); 18145 } 18146 destroyAppDataLIF(resolvedPkg, UserHandle.USER_ALL, 18147 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE); 18148 destroyAppProfilesLIF(resolvedPkg, UserHandle.USER_ALL); 18149 if (outInfo != null) { 18150 outInfo.dataRemoved = true; 18151 } 18152 schedulePackageCleaning(packageName, UserHandle.USER_ALL, true); 18153 } 18154 18155 int removedAppId = -1; 18156 18157 // writer 18158 synchronized (mPackages) { 18159 boolean installedStateChanged = false; 18160 if (deletedPs != null) { 18161 if ((flags&PackageManager.DELETE_KEEP_DATA) == 0) { 18162 clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL); 18163 clearDefaultBrowserIfNeeded(packageName); 18164 mSettings.mKeySetManagerService.removeAppKeySetDataLPw(packageName); 18165 removedAppId = mSettings.removePackageLPw(packageName); 18166 if (outInfo != null) { 18167 outInfo.removedAppId = removedAppId; 18168 } 18169 updatePermissionsLPw(deletedPs.name, null, 0); 18170 if (deletedPs.sharedUser != null) { 18171 // Remove permissions associated with package. Since runtime 18172 // permissions are per user we have to kill the removed package 18173 // or packages running under the shared user of the removed 18174 // package if revoking the permissions requested only by the removed 18175 // package is successful and this causes a change in gids. 18176 for (int userId : UserManagerService.getInstance().getUserIds()) { 18177 final int userIdToKill = mSettings.updateSharedUserPermsLPw(deletedPs, 18178 userId); 18179 if (userIdToKill == UserHandle.USER_ALL 18180 || userIdToKill >= UserHandle.USER_SYSTEM) { 18181 // If gids changed for this user, kill all affected packages. 18182 mHandler.post(new Runnable() { 18183 @Override 18184 public void run() { 18185 // This has to happen with no lock held. 18186 killApplication(deletedPs.name, deletedPs.appId, 18187 KILL_APP_REASON_GIDS_CHANGED); 18188 } 18189 }); 18190 break; 18191 } 18192 } 18193 } 18194 clearPackagePreferredActivitiesLPw(deletedPs.name, UserHandle.USER_ALL); 18195 } 18196 // make sure to preserve per-user disabled state if this removal was just 18197 // a downgrade of a system app to the factory package 18198 if (allUserHandles != null && outInfo != null && outInfo.origUsers != null) { 18199 if (DEBUG_REMOVE) { 18200 Slog.d(TAG, "Propagating install state across downgrade"); 18201 } 18202 for (int userId : allUserHandles) { 18203 final boolean installed = ArrayUtils.contains(outInfo.origUsers, userId); 18204 if (DEBUG_REMOVE) { 18205 Slog.d(TAG, " user " + userId + " => " + installed); 18206 } 18207 if (installed != ps.getInstalled(userId)) { 18208 installedStateChanged = true; 18209 } 18210 ps.setInstalled(installed, userId); 18211 } 18212 } 18213 } 18214 // can downgrade to reader 18215 if (writeSettings) { 18216 // Save settings now 18217 mSettings.writeLPr(); 18218 } 18219 if (installedStateChanged) { 18220 mSettings.writeKernelMappingLPr(ps); 18221 } 18222 } 18223 if (removedAppId != -1) { 18224 // A user ID was deleted here. Go through all users and remove it 18225 // from KeyStore. 18226 removeKeystoreDataIfNeeded(UserHandle.USER_ALL, removedAppId); 18227 } 18228 } 18229 18230 static boolean locationIsPrivileged(File path) { 18231 try { 18232 final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app") 18233 .getCanonicalPath(); 18234 return path.getCanonicalPath().startsWith(privilegedAppDir); 18235 } catch (IOException e) { 18236 Slog.e(TAG, "Unable to access code path " + path); 18237 } 18238 return false; 18239 } 18240 18241 /* 18242 * Tries to delete system package. 18243 */ 18244 private boolean deleteSystemPackageLIF(PackageParser.Package deletedPkg, 18245 PackageSetting deletedPs, int[] allUserHandles, int flags, PackageRemovedInfo outInfo, 18246 boolean writeSettings) { 18247 if (deletedPs.parentPackageName != null) { 18248 Slog.w(TAG, "Attempt to delete child system package " + deletedPkg.packageName); 18249 return false; 18250 } 18251 18252 final boolean applyUserRestrictions 18253 = (allUserHandles != null) && (outInfo.origUsers != null); 18254 final PackageSetting disabledPs; 18255 // Confirm if the system package has been updated 18256 // An updated system app can be deleted. This will also have to restore 18257 // the system pkg from system partition 18258 // reader 18259 synchronized (mPackages) { 18260 disabledPs = mSettings.getDisabledSystemPkgLPr(deletedPs.name); 18261 } 18262 18263 if (DEBUG_REMOVE) Slog.d(TAG, "deleteSystemPackageLI: newPs=" + deletedPkg.packageName 18264 + " disabledPs=" + disabledPs); 18265 18266 if (disabledPs == null) { 18267 Slog.w(TAG, "Attempt to delete unknown system package "+ deletedPkg.packageName); 18268 return false; 18269 } else if (DEBUG_REMOVE) { 18270 Slog.d(TAG, "Deleting system pkg from data partition"); 18271 } 18272 18273 if (DEBUG_REMOVE) { 18274 if (applyUserRestrictions) { 18275 Slog.d(TAG, "Remembering install states:"); 18276 for (int userId : allUserHandles) { 18277 final boolean finstalled = ArrayUtils.contains(outInfo.origUsers, userId); 18278 Slog.d(TAG, " u=" + userId + " inst=" + finstalled); 18279 } 18280 } 18281 } 18282 18283 // Delete the updated package 18284 outInfo.isRemovedPackageSystemUpdate = true; 18285 if (outInfo.removedChildPackages != null) { 18286 final int childCount = (deletedPs.childPackageNames != null) 18287 ? deletedPs.childPackageNames.size() : 0; 18288 for (int i = 0; i < childCount; i++) { 18289 String childPackageName = deletedPs.childPackageNames.get(i); 18290 if (disabledPs.childPackageNames != null && disabledPs.childPackageNames 18291 .contains(childPackageName)) { 18292 PackageRemovedInfo childInfo = outInfo.removedChildPackages.get( 18293 childPackageName); 18294 if (childInfo != null) { 18295 childInfo.isRemovedPackageSystemUpdate = true; 18296 } 18297 } 18298 } 18299 } 18300 18301 if (disabledPs.versionCode < deletedPs.versionCode) { 18302 // Delete data for downgrades 18303 flags &= ~PackageManager.DELETE_KEEP_DATA; 18304 } else { 18305 // Preserve data by setting flag 18306 flags |= PackageManager.DELETE_KEEP_DATA; 18307 } 18308 18309 boolean ret = deleteInstalledPackageLIF(deletedPs, true, flags, allUserHandles, 18310 outInfo, writeSettings, disabledPs.pkg); 18311 if (!ret) { 18312 return false; 18313 } 18314 18315 // writer 18316 synchronized (mPackages) { 18317 // Reinstate the old system package 18318 enableSystemPackageLPw(disabledPs.pkg); 18319 // Remove any native libraries from the upgraded package. 18320 removeNativeBinariesLI(deletedPs); 18321 } 18322 18323 // Install the system package 18324 if (DEBUG_REMOVE) Slog.d(TAG, "Re-installing system package: " + disabledPs); 18325 int parseFlags = mDefParseFlags 18326 | PackageParser.PARSE_MUST_BE_APK 18327 | PackageParser.PARSE_IS_SYSTEM 18328 | PackageParser.PARSE_IS_SYSTEM_DIR; 18329 if (locationIsPrivileged(disabledPs.codePath)) { 18330 parseFlags |= PackageParser.PARSE_IS_PRIVILEGED; 18331 } 18332 18333 final PackageParser.Package newPkg; 18334 try { 18335 newPkg = scanPackageTracedLI(disabledPs.codePath, parseFlags, 0 /* scanFlags */, 18336 0 /* currentTime */, null); 18337 } catch (PackageManagerException e) { 18338 Slog.w(TAG, "Failed to restore system package:" + deletedPkg.packageName + ": " 18339 + e.getMessage()); 18340 return false; 18341 } 18342 18343 try { 18344 // update shared libraries for the newly re-installed system package 18345 updateSharedLibrariesLPr(newPkg, null); 18346 } catch (PackageManagerException e) { 18347 Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage()); 18348 } 18349 18350 prepareAppDataAfterInstallLIF(newPkg); 18351 18352 // writer 18353 synchronized (mPackages) { 18354 PackageSetting ps = mSettings.mPackages.get(newPkg.packageName); 18355 18356 // Propagate the permissions state as we do not want to drop on the floor 18357 // runtime permissions. The update permissions method below will take 18358 // care of removing obsolete permissions and grant install permissions. 18359 ps.getPermissionsState().copyFrom(deletedPs.getPermissionsState()); 18360 updatePermissionsLPw(newPkg.packageName, newPkg, 18361 UPDATE_PERMISSIONS_ALL | UPDATE_PERMISSIONS_REPLACE_PKG); 18362 18363 if (applyUserRestrictions) { 18364 boolean installedStateChanged = false; 18365 if (DEBUG_REMOVE) { 18366 Slog.d(TAG, "Propagating install state across reinstall"); 18367 } 18368 for (int userId : allUserHandles) { 18369 final boolean installed = ArrayUtils.contains(outInfo.origUsers, userId); 18370 if (DEBUG_REMOVE) { 18371 Slog.d(TAG, " user " + userId + " => " + installed); 18372 } 18373 if (installed != ps.getInstalled(userId)) { 18374 installedStateChanged = true; 18375 } 18376 ps.setInstalled(installed, userId); 18377 18378 mSettings.writeRuntimePermissionsForUserLPr(userId, false); 18379 } 18380 // Regardless of writeSettings we need to ensure that this restriction 18381 // state propagation is persisted 18382 mSettings.writeAllUsersPackageRestrictionsLPr(); 18383 if (installedStateChanged) { 18384 mSettings.writeKernelMappingLPr(ps); 18385 } 18386 } 18387 // can downgrade to reader here 18388 if (writeSettings) { 18389 mSettings.writeLPr(); 18390 } 18391 } 18392 return true; 18393 } 18394 18395 private boolean deleteInstalledPackageLIF(PackageSetting ps, 18396 boolean deleteCodeAndResources, int flags, int[] allUserHandles, 18397 PackageRemovedInfo outInfo, boolean writeSettings, 18398 PackageParser.Package replacingPackage) { 18399 synchronized (mPackages) { 18400 if (outInfo != null) { 18401 outInfo.uid = ps.appId; 18402 } 18403 18404 if (outInfo != null && outInfo.removedChildPackages != null) { 18405 final int childCount = (ps.childPackageNames != null) 18406 ? ps.childPackageNames.size() : 0; 18407 for (int i = 0; i < childCount; i++) { 18408 String childPackageName = ps.childPackageNames.get(i); 18409 PackageSetting childPs = mSettings.mPackages.get(childPackageName); 18410 if (childPs == null) { 18411 return false; 18412 } 18413 PackageRemovedInfo childInfo = outInfo.removedChildPackages.get( 18414 childPackageName); 18415 if (childInfo != null) { 18416 childInfo.uid = childPs.appId; 18417 } 18418 } 18419 } 18420 } 18421 18422 // Delete package data from internal structures and also remove data if flag is set 18423 removePackageDataLIF(ps, allUserHandles, outInfo, flags, writeSettings); 18424 18425 // Delete the child packages data 18426 final int childCount = (ps.childPackageNames != null) ? ps.childPackageNames.size() : 0; 18427 for (int i = 0; i < childCount; i++) { 18428 PackageSetting childPs; 18429 synchronized (mPackages) { 18430 childPs = mSettings.getPackageLPr(ps.childPackageNames.get(i)); 18431 } 18432 if (childPs != null) { 18433 PackageRemovedInfo childOutInfo = (outInfo != null 18434 && outInfo.removedChildPackages != null) 18435 ? outInfo.removedChildPackages.get(childPs.name) : null; 18436 final int deleteFlags = (flags & DELETE_KEEP_DATA) != 0 18437 && (replacingPackage != null 18438 && !replacingPackage.hasChildPackage(childPs.name)) 18439 ? flags & ~DELETE_KEEP_DATA : flags; 18440 removePackageDataLIF(childPs, allUserHandles, childOutInfo, 18441 deleteFlags, writeSettings); 18442 } 18443 } 18444 18445 // Delete application code and resources only for parent packages 18446 if (ps.parentPackageName == null) { 18447 if (deleteCodeAndResources && (outInfo != null)) { 18448 outInfo.args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps), 18449 ps.codePathString, ps.resourcePathString, getAppDexInstructionSets(ps)); 18450 if (DEBUG_SD_INSTALL) Slog.i(TAG, "args=" + outInfo.args); 18451 } 18452 } 18453 18454 return true; 18455 } 18456 18457 @Override 18458 public boolean setBlockUninstallForUser(String packageName, boolean blockUninstall, 18459 int userId) { 18460 mContext.enforceCallingOrSelfPermission( 18461 android.Manifest.permission.DELETE_PACKAGES, null); 18462 synchronized (mPackages) { 18463 PackageSetting ps = mSettings.mPackages.get(packageName); 18464 if (ps == null) { 18465 Log.i(TAG, "Package doesn't exist in set block uninstall " + packageName); 18466 return false; 18467 } 18468 // Cannot block uninstall of static shared libs as they are 18469 // considered a part of the using app (emulating static linking). 18470 // Also static libs are installed always on internal storage. 18471 PackageParser.Package pkg = mPackages.get(packageName); 18472 if (pkg != null && pkg.staticSharedLibName != null) { 18473 Slog.w(TAG, "Cannot block uninstall of package: " + packageName 18474 + " providing static shared library: " + pkg.staticSharedLibName); 18475 return false; 18476 } 18477 if (!ps.getInstalled(userId)) { 18478 // Can't block uninstall for an app that is not installed or enabled. 18479 Log.i(TAG, "Package not installed in set block uninstall " + packageName); 18480 return false; 18481 } 18482 ps.setBlockUninstall(blockUninstall, userId); 18483 mSettings.writePackageRestrictionsLPr(userId); 18484 } 18485 return true; 18486 } 18487 18488 @Override 18489 public boolean getBlockUninstallForUser(String packageName, int userId) { 18490 synchronized (mPackages) { 18491 PackageSetting ps = mSettings.mPackages.get(packageName); 18492 if (ps == null) { 18493 Log.i(TAG, "Package doesn't exist in get block uninstall " + packageName); 18494 return false; 18495 } 18496 return ps.getBlockUninstall(userId); 18497 } 18498 } 18499 18500 @Override 18501 public boolean setRequiredForSystemUser(String packageName, boolean systemUserApp) { 18502 int callingUid = Binder.getCallingUid(); 18503 if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID) { 18504 throw new SecurityException( 18505 "setRequiredForSystemUser can only be run by the system or root"); 18506 } 18507 synchronized (mPackages) { 18508 PackageSetting ps = mSettings.mPackages.get(packageName); 18509 if (ps == null) { 18510 Log.w(TAG, "Package doesn't exist: " + packageName); 18511 return false; 18512 } 18513 if (systemUserApp) { 18514 ps.pkgPrivateFlags |= ApplicationInfo.PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER; 18515 } else { 18516 ps.pkgPrivateFlags &= ~ApplicationInfo.PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER; 18517 } 18518 mSettings.writeLPr(); 18519 } 18520 return true; 18521 } 18522 18523 /* 18524 * This method handles package deletion in general 18525 */ 18526 private boolean deletePackageLIF(String packageName, UserHandle user, 18527 boolean deleteCodeAndResources, int[] allUserHandles, int flags, 18528 PackageRemovedInfo outInfo, boolean writeSettings, 18529 PackageParser.Package replacingPackage) { 18530 if (packageName == null) { 18531 Slog.w(TAG, "Attempt to delete null packageName."); 18532 return false; 18533 } 18534 18535 if (DEBUG_REMOVE) Slog.d(TAG, "deletePackageLI: " + packageName + " user " + user); 18536 18537 PackageSetting ps; 18538 synchronized (mPackages) { 18539 ps = mSettings.mPackages.get(packageName); 18540 if (ps == null) { 18541 Slog.w(TAG, "Package named '" + packageName + "' doesn't exist."); 18542 return false; 18543 } 18544 18545 if (ps.parentPackageName != null && (!isSystemApp(ps) 18546 || (flags & PackageManager.DELETE_SYSTEM_APP) != 0)) { 18547 if (DEBUG_REMOVE) { 18548 Slog.d(TAG, "Uninstalled child package:" + packageName + " for user:" 18549 + ((user == null) ? UserHandle.USER_ALL : user)); 18550 } 18551 final int removedUserId = (user != null) ? user.getIdentifier() 18552 : UserHandle.USER_ALL; 18553 if (!clearPackageStateForUserLIF(ps, removedUserId, outInfo)) { 18554 return false; 18555 } 18556 markPackageUninstalledForUserLPw(ps, user); 18557 scheduleWritePackageRestrictionsLocked(user); 18558 return true; 18559 } 18560 } 18561 18562 if (((!isSystemApp(ps) || (flags&PackageManager.DELETE_SYSTEM_APP) != 0) && user != null 18563 && user.getIdentifier() != UserHandle.USER_ALL)) { 18564 // The caller is asking that the package only be deleted for a single 18565 // user. To do this, we just mark its uninstalled state and delete 18566 // its data. If this is a system app, we only allow this to happen if 18567 // they have set the special DELETE_SYSTEM_APP which requests different 18568 // semantics than normal for uninstalling system apps. 18569 markPackageUninstalledForUserLPw(ps, user); 18570 18571 if (!isSystemApp(ps)) { 18572 // Do not uninstall the APK if an app should be cached 18573 boolean keepUninstalledPackage = shouldKeepUninstalledPackageLPr(packageName); 18574 if (ps.isAnyInstalled(sUserManager.getUserIds()) || keepUninstalledPackage) { 18575 // Other user still have this package installed, so all 18576 // we need to do is clear this user's data and save that 18577 // it is uninstalled. 18578 if (DEBUG_REMOVE) Slog.d(TAG, "Still installed by other users"); 18579 if (!clearPackageStateForUserLIF(ps, user.getIdentifier(), outInfo)) { 18580 return false; 18581 } 18582 scheduleWritePackageRestrictionsLocked(user); 18583 return true; 18584 } else { 18585 // We need to set it back to 'installed' so the uninstall 18586 // broadcasts will be sent correctly. 18587 if (DEBUG_REMOVE) Slog.d(TAG, "Not installed by other users, full delete"); 18588 ps.setInstalled(true, user.getIdentifier()); 18589 mSettings.writeKernelMappingLPr(ps); 18590 } 18591 } else { 18592 // This is a system app, so we assume that the 18593 // other users still have this package installed, so all 18594 // we need to do is clear this user's data and save that 18595 // it is uninstalled. 18596 if (DEBUG_REMOVE) Slog.d(TAG, "Deleting system app"); 18597 if (!clearPackageStateForUserLIF(ps, user.getIdentifier(), outInfo)) { 18598 return false; 18599 } 18600 scheduleWritePackageRestrictionsLocked(user); 18601 return true; 18602 } 18603 } 18604 18605 // If we are deleting a composite package for all users, keep track 18606 // of result for each child. 18607 if (ps.childPackageNames != null && outInfo != null) { 18608 synchronized (mPackages) { 18609 final int childCount = ps.childPackageNames.size(); 18610 outInfo.removedChildPackages = new ArrayMap<>(childCount); 18611 for (int i = 0; i < childCount; i++) { 18612 String childPackageName = ps.childPackageNames.get(i); 18613 PackageRemovedInfo childInfo = new PackageRemovedInfo(this); 18614 childInfo.removedPackage = childPackageName; 18615 childInfo.installerPackageName = ps.installerPackageName; 18616 outInfo.removedChildPackages.put(childPackageName, childInfo); 18617 PackageSetting childPs = mSettings.getPackageLPr(childPackageName); 18618 if (childPs != null) { 18619 childInfo.origUsers = childPs.queryInstalledUsers(allUserHandles, true); 18620 } 18621 } 18622 } 18623 } 18624 18625 boolean ret = false; 18626 if (isSystemApp(ps)) { 18627 if (DEBUG_REMOVE) Slog.d(TAG, "Removing system package: " + ps.name); 18628 // When an updated system application is deleted we delete the existing resources 18629 // as well and fall back to existing code in system partition 18630 ret = deleteSystemPackageLIF(ps.pkg, ps, allUserHandles, flags, outInfo, writeSettings); 18631 } else { 18632 if (DEBUG_REMOVE) Slog.d(TAG, "Removing non-system package: " + ps.name); 18633 ret = deleteInstalledPackageLIF(ps, deleteCodeAndResources, flags, allUserHandles, 18634 outInfo, writeSettings, replacingPackage); 18635 } 18636 18637 // Take a note whether we deleted the package for all users 18638 if (outInfo != null) { 18639 outInfo.removedForAllUsers = mPackages.get(ps.name) == null; 18640 if (outInfo.removedChildPackages != null) { 18641 synchronized (mPackages) { 18642 final int childCount = outInfo.removedChildPackages.size(); 18643 for (int i = 0; i < childCount; i++) { 18644 PackageRemovedInfo childInfo = outInfo.removedChildPackages.valueAt(i); 18645 if (childInfo != null) { 18646 childInfo.removedForAllUsers = mPackages.get( 18647 childInfo.removedPackage) == null; 18648 } 18649 } 18650 } 18651 } 18652 // If we uninstalled an update to a system app there may be some 18653 // child packages that appeared as they are declared in the system 18654 // app but were not declared in the update. 18655 if (isSystemApp(ps)) { 18656 synchronized (mPackages) { 18657 PackageSetting updatedPs = mSettings.getPackageLPr(ps.name); 18658 final int childCount = (updatedPs.childPackageNames != null) 18659 ? updatedPs.childPackageNames.size() : 0; 18660 for (int i = 0; i < childCount; i++) { 18661 String childPackageName = updatedPs.childPackageNames.get(i); 18662 if (outInfo.removedChildPackages == null 18663 || outInfo.removedChildPackages.indexOfKey(childPackageName) < 0) { 18664 PackageSetting childPs = mSettings.getPackageLPr(childPackageName); 18665 if (childPs == null) { 18666 continue; 18667 } 18668 PackageInstalledInfo installRes = new PackageInstalledInfo(); 18669 installRes.name = childPackageName; 18670 installRes.newUsers = childPs.queryInstalledUsers(allUserHandles, true); 18671 installRes.pkg = mPackages.get(childPackageName); 18672 installRes.uid = childPs.pkg.applicationInfo.uid; 18673 if (outInfo.appearedChildPackages == null) { 18674 outInfo.appearedChildPackages = new ArrayMap<>(); 18675 } 18676 outInfo.appearedChildPackages.put(childPackageName, installRes); 18677 } 18678 } 18679 } 18680 } 18681 } 18682 18683 return ret; 18684 } 18685 18686 private void markPackageUninstalledForUserLPw(PackageSetting ps, UserHandle user) { 18687 final int[] userIds = (user == null || user.getIdentifier() == UserHandle.USER_ALL) 18688 ? sUserManager.getUserIds() : new int[] {user.getIdentifier()}; 18689 for (int nextUserId : userIds) { 18690 if (DEBUG_REMOVE) { 18691 Slog.d(TAG, "Marking package:" + ps.name + " uninstalled for user:" + nextUserId); 18692 } 18693 ps.setUserState(nextUserId, 0, COMPONENT_ENABLED_STATE_DEFAULT, 18694 false /*installed*/, 18695 true /*stopped*/, 18696 true /*notLaunched*/, 18697 false /*hidden*/, 18698 false /*suspended*/, 18699 false /*instantApp*/, 18700 null /*lastDisableAppCaller*/, 18701 null /*enabledComponents*/, 18702 null /*disabledComponents*/, 18703 false /*blockUninstall*/, 18704 ps.readUserState(nextUserId).domainVerificationStatus, 18705 0, PackageManager.INSTALL_REASON_UNKNOWN); 18706 } 18707 mSettings.writeKernelMappingLPr(ps); 18708 } 18709 18710 private boolean clearPackageStateForUserLIF(PackageSetting ps, int userId, 18711 PackageRemovedInfo outInfo) { 18712 final PackageParser.Package pkg; 18713 synchronized (mPackages) { 18714 pkg = mPackages.get(ps.name); 18715 } 18716 18717 final int[] userIds = (userId == UserHandle.USER_ALL) ? sUserManager.getUserIds() 18718 : new int[] {userId}; 18719 for (int nextUserId : userIds) { 18720 if (DEBUG_REMOVE) { 18721 Slog.d(TAG, "Updating package:" + ps.name + " install state for user:" 18722 + nextUserId); 18723 } 18724 18725 destroyAppDataLIF(pkg, userId, 18726 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE); 18727 destroyAppProfilesLIF(pkg, userId); 18728 clearDefaultBrowserIfNeededForUser(ps.name, userId); 18729 removeKeystoreDataIfNeeded(nextUserId, ps.appId); 18730 schedulePackageCleaning(ps.name, nextUserId, false); 18731 synchronized (mPackages) { 18732 if (clearPackagePreferredActivitiesLPw(ps.name, nextUserId)) { 18733 scheduleWritePackageRestrictionsLocked(nextUserId); 18734 } 18735 resetUserChangesToRuntimePermissionsAndFlagsLPw(ps, nextUserId); 18736 } 18737 } 18738 18739 if (outInfo != null) { 18740 outInfo.removedPackage = ps.name; 18741 outInfo.installerPackageName = ps.installerPackageName; 18742 outInfo.isStaticSharedLib = pkg != null && pkg.staticSharedLibName != null; 18743 outInfo.removedAppId = ps.appId; 18744 outInfo.removedUsers = userIds; 18745 outInfo.broadcastUsers = userIds; 18746 } 18747 18748 return true; 18749 } 18750 18751 private final class ClearStorageConnection implements ServiceConnection { 18752 IMediaContainerService mContainerService; 18753 18754 @Override 18755 public void onServiceConnected(ComponentName name, IBinder service) { 18756 synchronized (this) { 18757 mContainerService = IMediaContainerService.Stub 18758 .asInterface(Binder.allowBlocking(service)); 18759 notifyAll(); 18760 } 18761 } 18762 18763 @Override 18764 public void onServiceDisconnected(ComponentName name) { 18765 } 18766 } 18767 18768 private void clearExternalStorageDataSync(String packageName, int userId, boolean allData) { 18769 if (DEFAULT_CONTAINER_PACKAGE.equals(packageName)) return; 18770 18771 final boolean mounted; 18772 if (Environment.isExternalStorageEmulated()) { 18773 mounted = true; 18774 } else { 18775 final String status = Environment.getExternalStorageState(); 18776 18777 mounted = status.equals(Environment.MEDIA_MOUNTED) 18778 || status.equals(Environment.MEDIA_MOUNTED_READ_ONLY); 18779 } 18780 18781 if (!mounted) { 18782 return; 18783 } 18784 18785 final Intent containerIntent = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); 18786 int[] users; 18787 if (userId == UserHandle.USER_ALL) { 18788 users = sUserManager.getUserIds(); 18789 } else { 18790 users = new int[] { userId }; 18791 } 18792 final ClearStorageConnection conn = new ClearStorageConnection(); 18793 if (mContext.bindServiceAsUser( 18794 containerIntent, conn, Context.BIND_AUTO_CREATE, UserHandle.SYSTEM)) { 18795 try { 18796 for (int curUser : users) { 18797 long timeout = SystemClock.uptimeMillis() + 5000; 18798 synchronized (conn) { 18799 long now; 18800 while (conn.mContainerService == null && 18801 (now = SystemClock.uptimeMillis()) < timeout) { 18802 try { 18803 conn.wait(timeout - now); 18804 } catch (InterruptedException e) { 18805 } 18806 } 18807 } 18808 if (conn.mContainerService == null) { 18809 return; 18810 } 18811 18812 final UserEnvironment userEnv = new UserEnvironment(curUser); 18813 clearDirectory(conn.mContainerService, 18814 userEnv.buildExternalStorageAppCacheDirs(packageName)); 18815 if (allData) { 18816 clearDirectory(conn.mContainerService, 18817 userEnv.buildExternalStorageAppDataDirs(packageName)); 18818 clearDirectory(conn.mContainerService, 18819 userEnv.buildExternalStorageAppMediaDirs(packageName)); 18820 } 18821 } 18822 } finally { 18823 mContext.unbindService(conn); 18824 } 18825 } 18826 } 18827 18828 @Override 18829 public void clearApplicationProfileData(String packageName) { 18830 enforceSystemOrRoot("Only the system can clear all profile data"); 18831 18832 final PackageParser.Package pkg; 18833 synchronized (mPackages) { 18834 pkg = mPackages.get(packageName); 18835 } 18836 18837 try (PackageFreezer freezer = freezePackage(packageName, "clearApplicationProfileData")) { 18838 synchronized (mInstallLock) { 18839 clearAppProfilesLIF(pkg, UserHandle.USER_ALL); 18840 } 18841 } 18842 } 18843 18844 @Override 18845 public void clearApplicationUserData(final String packageName, 18846 final IPackageDataObserver observer, final int userId) { 18847 mContext.enforceCallingOrSelfPermission( 18848 android.Manifest.permission.CLEAR_APP_USER_DATA, null); 18849 18850 enforceCrossUserPermission(Binder.getCallingUid(), userId, 18851 true /* requireFullPermission */, false /* checkShell */, "clear application data"); 18852 18853 if (mProtectedPackages.isPackageDataProtected(userId, packageName)) { 18854 throw new SecurityException("Cannot clear data for a protected package: " 18855 + packageName); 18856 } 18857 // Queue up an async operation since the package deletion may take a little while. 18858 mHandler.post(new Runnable() { 18859 public void run() { 18860 mHandler.removeCallbacks(this); 18861 final boolean succeeded; 18862 try (PackageFreezer freezer = freezePackage(packageName, 18863 "clearApplicationUserData")) { 18864 synchronized (mInstallLock) { 18865 succeeded = clearApplicationUserDataLIF(packageName, userId); 18866 } 18867 clearExternalStorageDataSync(packageName, userId, true); 18868 synchronized (mPackages) { 18869 mInstantAppRegistry.deleteInstantApplicationMetadataLPw( 18870 packageName, userId); 18871 } 18872 } 18873 if (succeeded) { 18874 // invoke DeviceStorageMonitor's update method to clear any notifications 18875 DeviceStorageMonitorInternal dsm = LocalServices 18876 .getService(DeviceStorageMonitorInternal.class); 18877 if (dsm != null) { 18878 dsm.checkMemory(); 18879 } 18880 } 18881 if(observer != null) { 18882 try { 18883 observer.onRemoveCompleted(packageName, succeeded); 18884 } catch (RemoteException e) { 18885 Log.i(TAG, "Observer no longer exists."); 18886 } 18887 } //end if observer 18888 } //end run 18889 }); 18890 } 18891 18892 private boolean clearApplicationUserDataLIF(String packageName, int userId) { 18893 if (packageName == null) { 18894 Slog.w(TAG, "Attempt to delete null packageName."); 18895 return false; 18896 } 18897 18898 // Try finding details about the requested package 18899 PackageParser.Package pkg; 18900 synchronized (mPackages) { 18901 pkg = mPackages.get(packageName); 18902 if (pkg == null) { 18903 final PackageSetting ps = mSettings.mPackages.get(packageName); 18904 if (ps != null) { 18905 pkg = ps.pkg; 18906 } 18907 } 18908 18909 if (pkg == null) { 18910 Slog.w(TAG, "Package named '" + packageName + "' doesn't exist."); 18911 return false; 18912 } 18913 18914 PackageSetting ps = (PackageSetting) pkg.mExtras; 18915 resetUserChangesToRuntimePermissionsAndFlagsLPw(ps, userId); 18916 } 18917 18918 clearAppDataLIF(pkg, userId, 18919 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE); 18920 18921 final int appId = UserHandle.getAppId(pkg.applicationInfo.uid); 18922 removeKeystoreDataIfNeeded(userId, appId); 18923 18924 UserManagerInternal umInternal = getUserManagerInternal(); 18925 final int flags; 18926 if (umInternal.isUserUnlockingOrUnlocked(userId)) { 18927 flags = StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE; 18928 } else if (umInternal.isUserRunning(userId)) { 18929 flags = StorageManager.FLAG_STORAGE_DE; 18930 } else { 18931 flags = 0; 18932 } 18933 prepareAppDataContentsLIF(pkg, userId, flags); 18934 18935 return true; 18936 } 18937 18938 /** 18939 * Reverts user permission state changes (permissions and flags) in 18940 * all packages for a given user. 18941 * 18942 * @param userId The device user for which to do a reset. 18943 */ 18944 private void resetUserChangesToRuntimePermissionsAndFlagsLPw(int userId) { 18945 final int packageCount = mPackages.size(); 18946 for (int i = 0; i < packageCount; i++) { 18947 PackageParser.Package pkg = mPackages.valueAt(i); 18948 PackageSetting ps = (PackageSetting) pkg.mExtras; 18949 resetUserChangesToRuntimePermissionsAndFlagsLPw(ps, userId); 18950 } 18951 } 18952 18953 private void resetNetworkPolicies(int userId) { 18954 LocalServices.getService(NetworkPolicyManagerInternal.class).resetUserState(userId); 18955 } 18956 18957 /** 18958 * Reverts user permission state changes (permissions and flags). 18959 * 18960 * @param ps The package for which to reset. 18961 * @param userId The device user for which to do a reset. 18962 */ 18963 private void resetUserChangesToRuntimePermissionsAndFlagsLPw( 18964 final PackageSetting ps, final int userId) { 18965 if (ps.pkg == null) { 18966 return; 18967 } 18968 18969 // These are flags that can change base on user actions. 18970 final int userSettableMask = FLAG_PERMISSION_USER_SET 18971 | FLAG_PERMISSION_USER_FIXED 18972 | FLAG_PERMISSION_REVOKE_ON_UPGRADE 18973 | FLAG_PERMISSION_REVIEW_REQUIRED; 18974 18975 final int policyOrSystemFlags = FLAG_PERMISSION_SYSTEM_FIXED 18976 | FLAG_PERMISSION_POLICY_FIXED; 18977 18978 boolean writeInstallPermissions = false; 18979 boolean writeRuntimePermissions = false; 18980 18981 final int permissionCount = ps.pkg.requestedPermissions.size(); 18982 for (int i = 0; i < permissionCount; i++) { 18983 String permission = ps.pkg.requestedPermissions.get(i); 18984 18985 BasePermission bp = mSettings.mPermissions.get(permission); 18986 if (bp == null) { 18987 continue; 18988 } 18989 18990 // If shared user we just reset the state to which only this app contributed. 18991 if (ps.sharedUser != null) { 18992 boolean used = false; 18993 final int packageCount = ps.sharedUser.packages.size(); 18994 for (int j = 0; j < packageCount; j++) { 18995 PackageSetting pkg = ps.sharedUser.packages.valueAt(j); 18996 if (pkg.pkg != null && !pkg.pkg.packageName.equals(ps.pkg.packageName) 18997 && pkg.pkg.requestedPermissions.contains(permission)) { 18998 used = true; 18999 break; 19000 } 19001 } 19002 if (used) { 19003 continue; 19004 } 19005 } 19006 19007 PermissionsState permissionsState = ps.getPermissionsState(); 19008 19009 final int oldFlags = permissionsState.getPermissionFlags(bp.name, userId); 19010 19011 // Always clear the user settable flags. 19012 final boolean hasInstallState = permissionsState.getInstallPermissionState( 19013 bp.name) != null; 19014 // If permission review is enabled and this is a legacy app, mark the 19015 // permission as requiring a review as this is the initial state. 19016 int flags = 0; 19017 if (mPermissionReviewRequired 19018 && ps.pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) { 19019 flags |= FLAG_PERMISSION_REVIEW_REQUIRED; 19020 } 19021 if (permissionsState.updatePermissionFlags(bp, userId, userSettableMask, flags)) { 19022 if (hasInstallState) { 19023 writeInstallPermissions = true; 19024 } else { 19025 writeRuntimePermissions = true; 19026 } 19027 } 19028 19029 // Below is only runtime permission handling. 19030 if (!bp.isRuntime()) { 19031 continue; 19032 } 19033 19034 // Never clobber system or policy. 19035 if ((oldFlags & policyOrSystemFlags) != 0) { 19036 continue; 19037 } 19038 19039 // If this permission was granted by default, make sure it is. 19040 if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) { 19041 if (permissionsState.grantRuntimePermission(bp, userId) 19042 != PERMISSION_OPERATION_FAILURE) { 19043 writeRuntimePermissions = true; 19044 } 19045 // If permission review is enabled the permissions for a legacy apps 19046 // are represented as constantly granted runtime ones, so don't revoke. 19047 } else if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) { 19048 // Otherwise, reset the permission. 19049 final int revokeResult = permissionsState.revokeRuntimePermission(bp, userId); 19050 switch (revokeResult) { 19051 case PERMISSION_OPERATION_SUCCESS: 19052 case PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { 19053 writeRuntimePermissions = true; 19054 final int appId = ps.appId; 19055 mHandler.post(new Runnable() { 19056 @Override 19057 public void run() { 19058 killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED); 19059 } 19060 }); 19061 } break; 19062 } 19063 } 19064 } 19065 19066 // Synchronously write as we are taking permissions away. 19067 if (writeRuntimePermissions) { 19068 mSettings.writeRuntimePermissionsForUserLPr(userId, true); 19069 } 19070 19071 // Synchronously write as we are taking permissions away. 19072 if (writeInstallPermissions) { 19073 mSettings.writeLPr(); 19074 } 19075 } 19076 19077 /** 19078 * Remove entries from the keystore daemon. Will only remove it if the 19079 * {@code appId} is valid. 19080 */ 19081 private static void removeKeystoreDataIfNeeded(int userId, int appId) { 19082 if (appId < 0) { 19083 return; 19084 } 19085 19086 final KeyStore keyStore = KeyStore.getInstance(); 19087 if (keyStore != null) { 19088 if (userId == UserHandle.USER_ALL) { 19089 for (final int individual : sUserManager.getUserIds()) { 19090 keyStore.clearUid(UserHandle.getUid(individual, appId)); 19091 } 19092 } else { 19093 keyStore.clearUid(UserHandle.getUid(userId, appId)); 19094 } 19095 } else { 19096 Slog.w(TAG, "Could not contact keystore to clear entries for app id " + appId); 19097 } 19098 } 19099 19100 @Override 19101 public void deleteApplicationCacheFiles(final String packageName, 19102 final IPackageDataObserver observer) { 19103 final int userId = UserHandle.getCallingUserId(); 19104 deleteApplicationCacheFilesAsUser(packageName, userId, observer); 19105 } 19106 19107 @Override 19108 public void deleteApplicationCacheFilesAsUser(final String packageName, final int userId, 19109 final IPackageDataObserver observer) { 19110 mContext.enforceCallingOrSelfPermission( 19111 android.Manifest.permission.DELETE_CACHE_FILES, null); 19112 enforceCrossUserPermission(Binder.getCallingUid(), userId, 19113 /* requireFullPermission= */ true, /* checkShell= */ false, 19114 "delete application cache files"); 19115 19116 final PackageParser.Package pkg; 19117 synchronized (mPackages) { 19118 pkg = mPackages.get(packageName); 19119 } 19120 19121 // Queue up an async operation since the package deletion may take a little while. 19122 mHandler.post(new Runnable() { 19123 public void run() { 19124 synchronized (mInstallLock) { 19125 final int flags = StorageManager.FLAG_STORAGE_DE 19126 | StorageManager.FLAG_STORAGE_CE; 19127 // We're only clearing cache files, so we don't care if the 19128 // app is unfrozen and still able to run 19129 clearAppDataLIF(pkg, userId, flags | Installer.FLAG_CLEAR_CACHE_ONLY); 19130 clearAppDataLIF(pkg, userId, flags | Installer.FLAG_CLEAR_CODE_CACHE_ONLY); 19131 } 19132 clearExternalStorageDataSync(packageName, userId, false); 19133 if (observer != null) { 19134 try { 19135 observer.onRemoveCompleted(packageName, true); 19136 } catch (RemoteException e) { 19137 Log.i(TAG, "Observer no longer exists."); 19138 } 19139 } 19140 } 19141 }); 19142 } 19143 19144 @Override 19145 public void getPackageSizeInfo(final String packageName, int userHandle, 19146 final IPackageStatsObserver observer) { 19147 throw new UnsupportedOperationException( 19148 "Shame on you for calling the hidden API getPackageSizeInfo(). Shame!"); 19149 } 19150 19151 private boolean getPackageSizeInfoLI(String packageName, int userId, PackageStats stats) { 19152 final PackageSetting ps; 19153 synchronized (mPackages) { 19154 ps = mSettings.mPackages.get(packageName); 19155 if (ps == null) { 19156 Slog.w(TAG, "Failed to find settings for " + packageName); 19157 return false; 19158 } 19159 } 19160 19161 final String[] packageNames = { packageName }; 19162 final long[] ceDataInodes = { ps.getCeDataInode(userId) }; 19163 final String[] codePaths = { ps.codePathString }; 19164 19165 try { 19166 mInstaller.getAppSize(ps.volumeUuid, packageNames, userId, 0, 19167 ps.appId, ceDataInodes, codePaths, stats); 19168 19169 // For now, ignore code size of packages on system partition 19170 if (isSystemApp(ps) && !isUpdatedSystemApp(ps)) { 19171 stats.codeSize = 0; 19172 } 19173 19174 // External clients expect these to be tracked separately 19175 stats.dataSize -= stats.cacheSize; 19176 19177 } catch (InstallerException e) { 19178 Slog.w(TAG, String.valueOf(e)); 19179 return false; 19180 } 19181 19182 return true; 19183 } 19184 19185 private int getUidTargetSdkVersionLockedLPr(int uid) { 19186 Object obj = mSettings.getUserIdLPr(uid); 19187 if (obj instanceof SharedUserSetting) { 19188 final SharedUserSetting sus = (SharedUserSetting) obj; 19189 int vers = Build.VERSION_CODES.CUR_DEVELOPMENT; 19190 final Iterator<PackageSetting> it = sus.packages.iterator(); 19191 while (it.hasNext()) { 19192 final PackageSetting ps = it.next(); 19193 if (ps.pkg != null) { 19194 int v = ps.pkg.applicationInfo.targetSdkVersion; 19195 if (v < vers) vers = v; 19196 } 19197 } 19198 return vers; 19199 } else if (obj instanceof PackageSetting) { 19200 final PackageSetting ps = (PackageSetting) obj; 19201 if (ps.pkg != null) { 19202 return ps.pkg.applicationInfo.targetSdkVersion; 19203 } 19204 } 19205 return Build.VERSION_CODES.CUR_DEVELOPMENT; 19206 } 19207 19208 @Override 19209 public void addPreferredActivity(IntentFilter filter, int match, 19210 ComponentName[] set, ComponentName activity, int userId) { 19211 addPreferredActivityInternal(filter, match, set, activity, true, userId, 19212 "Adding preferred"); 19213 } 19214 19215 private void addPreferredActivityInternal(IntentFilter filter, int match, 19216 ComponentName[] set, ComponentName activity, boolean always, int userId, 19217 String opname) { 19218 // writer 19219 int callingUid = Binder.getCallingUid(); 19220 enforceCrossUserPermission(callingUid, userId, 19221 true /* requireFullPermission */, false /* checkShell */, "add preferred activity"); 19222 if (filter.countActions() == 0) { 19223 Slog.w(TAG, "Cannot set a preferred activity with no filter actions"); 19224 return; 19225 } 19226 synchronized (mPackages) { 19227 if (mContext.checkCallingOrSelfPermission( 19228 android.Manifest.permission.SET_PREFERRED_APPLICATIONS) 19229 != PackageManager.PERMISSION_GRANTED) { 19230 if (getUidTargetSdkVersionLockedLPr(callingUid) 19231 < Build.VERSION_CODES.FROYO) { 19232 Slog.w(TAG, "Ignoring addPreferredActivity() from uid " 19233 + callingUid); 19234 return; 19235 } 19236 mContext.enforceCallingOrSelfPermission( 19237 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 19238 } 19239 19240 PreferredIntentResolver pir = mSettings.editPreferredActivitiesLPw(userId); 19241 Slog.i(TAG, opname + " activity " + activity.flattenToShortString() + " for user " 19242 + userId + ":"); 19243 filter.dump(new LogPrinter(Log.INFO, TAG), " "); 19244 pir.addFilter(new PreferredActivity(filter, match, set, activity, always)); 19245 scheduleWritePackageRestrictionsLocked(userId); 19246 postPreferredActivityChangedBroadcast(userId); 19247 } 19248 } 19249 19250 private void postPreferredActivityChangedBroadcast(int userId) { 19251 mHandler.post(() -> { 19252 final IActivityManager am = ActivityManager.getService(); 19253 if (am == null) { 19254 return; 19255 } 19256 19257 final Intent intent = new Intent(Intent.ACTION_PREFERRED_ACTIVITY_CHANGED); 19258 intent.putExtra(Intent.EXTRA_USER_HANDLE, userId); 19259 try { 19260 am.broadcastIntent(null, intent, null, null, 19261 0, null, null, null, android.app.AppOpsManager.OP_NONE, 19262 null, false, false, userId); 19263 } catch (RemoteException e) { 19264 } 19265 }); 19266 } 19267 19268 @Override 19269 public void replacePreferredActivity(IntentFilter filter, int match, 19270 ComponentName[] set, ComponentName activity, int userId) { 19271 if (filter.countActions() != 1) { 19272 throw new IllegalArgumentException( 19273 "replacePreferredActivity expects filter to have only 1 action."); 19274 } 19275 if (filter.countDataAuthorities() != 0 19276 || filter.countDataPaths() != 0 19277 || filter.countDataSchemes() > 1 19278 || filter.countDataTypes() != 0) { 19279 throw new IllegalArgumentException( 19280 "replacePreferredActivity expects filter to have no data authorities, " + 19281 "paths, or types; and at most one scheme."); 19282 } 19283 19284 final int callingUid = Binder.getCallingUid(); 19285 enforceCrossUserPermission(callingUid, userId, 19286 true /* requireFullPermission */, false /* checkShell */, 19287 "replace preferred activity"); 19288 synchronized (mPackages) { 19289 if (mContext.checkCallingOrSelfPermission( 19290 android.Manifest.permission.SET_PREFERRED_APPLICATIONS) 19291 != PackageManager.PERMISSION_GRANTED) { 19292 if (getUidTargetSdkVersionLockedLPr(callingUid) 19293 < Build.VERSION_CODES.FROYO) { 19294 Slog.w(TAG, "Ignoring replacePreferredActivity() from uid " 19295 + Binder.getCallingUid()); 19296 return; 19297 } 19298 mContext.enforceCallingOrSelfPermission( 19299 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 19300 } 19301 19302 PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); 19303 if (pir != null) { 19304 // Get all of the existing entries that exactly match this filter. 19305 ArrayList<PreferredActivity> existing = pir.findFilters(filter); 19306 if (existing != null && existing.size() == 1) { 19307 PreferredActivity cur = existing.get(0); 19308 if (DEBUG_PREFERRED) { 19309 Slog.i(TAG, "Checking replace of preferred:"); 19310 filter.dump(new LogPrinter(Log.INFO, TAG), " "); 19311 if (!cur.mPref.mAlways) { 19312 Slog.i(TAG, " -- CUR; not mAlways!"); 19313 } else { 19314 Slog.i(TAG, " -- CUR: mMatch=" + cur.mPref.mMatch); 19315 Slog.i(TAG, " -- CUR: mSet=" 19316 + Arrays.toString(cur.mPref.mSetComponents)); 19317 Slog.i(TAG, " -- CUR: mComponent=" + cur.mPref.mShortComponent); 19318 Slog.i(TAG, " -- NEW: mMatch=" 19319 + (match&IntentFilter.MATCH_CATEGORY_MASK)); 19320 Slog.i(TAG, " -- CUR: mSet=" + Arrays.toString(set)); 19321 Slog.i(TAG, " -- CUR: mComponent=" + activity.flattenToShortString()); 19322 } 19323 } 19324 if (cur.mPref.mAlways && cur.mPref.mComponent.equals(activity) 19325 && cur.mPref.mMatch == (match&IntentFilter.MATCH_CATEGORY_MASK) 19326 && cur.mPref.sameSet(set)) { 19327 // Setting the preferred activity to what it happens to be already 19328 if (DEBUG_PREFERRED) { 19329 Slog.i(TAG, "Replacing with same preferred activity " 19330 + cur.mPref.mShortComponent + " for user " 19331 + userId + ":"); 19332 filter.dump(new LogPrinter(Log.INFO, TAG), " "); 19333 } 19334 return; 19335 } 19336 } 19337 19338 if (existing != null) { 19339 if (DEBUG_PREFERRED) { 19340 Slog.i(TAG, existing.size() + " existing preferred matches for:"); 19341 filter.dump(new LogPrinter(Log.INFO, TAG), " "); 19342 } 19343 for (int i = 0; i < existing.size(); i++) { 19344 PreferredActivity pa = existing.get(i); 19345 if (DEBUG_PREFERRED) { 19346 Slog.i(TAG, "Removing existing preferred activity " 19347 + pa.mPref.mComponent + ":"); 19348 pa.dump(new LogPrinter(Log.INFO, TAG), " "); 19349 } 19350 pir.removeFilter(pa); 19351 } 19352 } 19353 } 19354 addPreferredActivityInternal(filter, match, set, activity, true, userId, 19355 "Replacing preferred"); 19356 } 19357 } 19358 19359 @Override 19360 public void clearPackagePreferredActivities(String packageName) { 19361 final int uid = Binder.getCallingUid(); 19362 // writer 19363 synchronized (mPackages) { 19364 PackageParser.Package pkg = mPackages.get(packageName); 19365 if (pkg == null || pkg.applicationInfo.uid != uid) { 19366 if (mContext.checkCallingOrSelfPermission( 19367 android.Manifest.permission.SET_PREFERRED_APPLICATIONS) 19368 != PackageManager.PERMISSION_GRANTED) { 19369 if (getUidTargetSdkVersionLockedLPr(Binder.getCallingUid()) 19370 < Build.VERSION_CODES.FROYO) { 19371 Slog.w(TAG, "Ignoring clearPackagePreferredActivities() from uid " 19372 + Binder.getCallingUid()); 19373 return; 19374 } 19375 mContext.enforceCallingOrSelfPermission( 19376 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 19377 } 19378 } 19379 19380 int user = UserHandle.getCallingUserId(); 19381 if (clearPackagePreferredActivitiesLPw(packageName, user)) { 19382 scheduleWritePackageRestrictionsLocked(user); 19383 } 19384 } 19385 } 19386 19387 /** This method takes a specific user id as well as UserHandle.USER_ALL. */ 19388 boolean clearPackagePreferredActivitiesLPw(String packageName, int userId) { 19389 ArrayList<PreferredActivity> removed = null; 19390 boolean changed = false; 19391 for (int i=0; i<mSettings.mPreferredActivities.size(); i++) { 19392 final int thisUserId = mSettings.mPreferredActivities.keyAt(i); 19393 PreferredIntentResolver pir = mSettings.mPreferredActivities.valueAt(i); 19394 if (userId != UserHandle.USER_ALL && userId != thisUserId) { 19395 continue; 19396 } 19397 Iterator<PreferredActivity> it = pir.filterIterator(); 19398 while (it.hasNext()) { 19399 PreferredActivity pa = it.next(); 19400 // Mark entry for removal only if it matches the package name 19401 // and the entry is of type "always". 19402 if (packageName == null || 19403 (pa.mPref.mComponent.getPackageName().equals(packageName) 19404 && pa.mPref.mAlways)) { 19405 if (removed == null) { 19406 removed = new ArrayList<PreferredActivity>(); 19407 } 19408 removed.add(pa); 19409 } 19410 } 19411 if (removed != null) { 19412 for (int j=0; j<removed.size(); j++) { 19413 PreferredActivity pa = removed.get(j); 19414 pir.removeFilter(pa); 19415 } 19416 changed = true; 19417 } 19418 } 19419 if (changed) { 19420 postPreferredActivityChangedBroadcast(userId); 19421 } 19422 return changed; 19423 } 19424 19425 /** This method takes a specific user id as well as UserHandle.USER_ALL. */ 19426 private void clearIntentFilterVerificationsLPw(int userId) { 19427 final int packageCount = mPackages.size(); 19428 for (int i = 0; i < packageCount; i++) { 19429 PackageParser.Package pkg = mPackages.valueAt(i); 19430 clearIntentFilterVerificationsLPw(pkg.packageName, userId); 19431 } 19432 } 19433 19434 /** This method takes a specific user id as well as UserHandle.USER_ALL. */ 19435 void clearIntentFilterVerificationsLPw(String packageName, int userId) { 19436 if (userId == UserHandle.USER_ALL) { 19437 if (mSettings.removeIntentFilterVerificationLPw(packageName, 19438 sUserManager.getUserIds())) { 19439 for (int oneUserId : sUserManager.getUserIds()) { 19440 scheduleWritePackageRestrictionsLocked(oneUserId); 19441 } 19442 } 19443 } else { 19444 if (mSettings.removeIntentFilterVerificationLPw(packageName, userId)) { 19445 scheduleWritePackageRestrictionsLocked(userId); 19446 } 19447 } 19448 } 19449 19450 /** Clears state for all users, and touches intent filter verification policy */ 19451 void clearDefaultBrowserIfNeeded(String packageName) { 19452 for (int oneUserId : sUserManager.getUserIds()) { 19453 clearDefaultBrowserIfNeededForUser(packageName, oneUserId); 19454 } 19455 } 19456 19457 private void clearDefaultBrowserIfNeededForUser(String packageName, int userId) { 19458 final String defaultBrowserPackageName = getDefaultBrowserPackageName(userId); 19459 if (!TextUtils.isEmpty(defaultBrowserPackageName)) { 19460 if (packageName.equals(defaultBrowserPackageName)) { 19461 setDefaultBrowserPackageName(null, userId); 19462 } 19463 } 19464 } 19465 19466 @Override 19467 public void resetApplicationPreferences(int userId) { 19468 mContext.enforceCallingOrSelfPermission( 19469 android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); 19470 final long identity = Binder.clearCallingIdentity(); 19471 // writer 19472 try { 19473 synchronized (mPackages) { 19474 clearPackagePreferredActivitiesLPw(null, userId); 19475 mSettings.applyDefaultPreferredAppsLPw(this, userId); 19476 // TODO: We have to reset the default SMS and Phone. This requires 19477 // significant refactoring to keep all default apps in the package 19478 // manager (cleaner but more work) or have the services provide 19479 // callbacks to the package manager to request a default app reset. 19480 applyFactoryDefaultBrowserLPw(userId); 19481 clearIntentFilterVerificationsLPw(userId); 19482 primeDomainVerificationsLPw(userId); 19483 resetUserChangesToRuntimePermissionsAndFlagsLPw(userId); 19484 scheduleWritePackageRestrictionsLocked(userId); 19485 } 19486 resetNetworkPolicies(userId); 19487 } finally { 19488 Binder.restoreCallingIdentity(identity); 19489 } 19490 } 19491 19492 @Override 19493 public int getPreferredActivities(List<IntentFilter> outFilters, 19494 List<ComponentName> outActivities, String packageName) { 19495 19496 int num = 0; 19497 final int userId = UserHandle.getCallingUserId(); 19498 // reader 19499 synchronized (mPackages) { 19500 PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); 19501 if (pir != null) { 19502 final Iterator<PreferredActivity> it = pir.filterIterator(); 19503 while (it.hasNext()) { 19504 final PreferredActivity pa = it.next(); 19505 if (packageName == null 19506 || (pa.mPref.mComponent.getPackageName().equals(packageName) 19507 && pa.mPref.mAlways)) { 19508 if (outFilters != null) { 19509 outFilters.add(new IntentFilter(pa)); 19510 } 19511 if (outActivities != null) { 19512 outActivities.add(pa.mPref.mComponent); 19513 } 19514 } 19515 } 19516 } 19517 } 19518 19519 return num; 19520 } 19521 19522 @Override 19523 public void addPersistentPreferredActivity(IntentFilter filter, ComponentName activity, 19524 int userId) { 19525 int callingUid = Binder.getCallingUid(); 19526 if (callingUid != Process.SYSTEM_UID) { 19527 throw new SecurityException( 19528 "addPersistentPreferredActivity can only be run by the system"); 19529 } 19530 if (filter.countActions() == 0) { 19531 Slog.w(TAG, "Cannot set a preferred activity with no filter actions"); 19532 return; 19533 } 19534 synchronized (mPackages) { 19535 Slog.i(TAG, "Adding persistent preferred activity " + activity + " for user " + userId + 19536 ":"); 19537 filter.dump(new LogPrinter(Log.INFO, TAG), " "); 19538 mSettings.editPersistentPreferredActivitiesLPw(userId).addFilter( 19539 new PersistentPreferredActivity(filter, activity)); 19540 scheduleWritePackageRestrictionsLocked(userId); 19541 postPreferredActivityChangedBroadcast(userId); 19542 } 19543 } 19544 19545 @Override 19546 public void clearPackagePersistentPreferredActivities(String packageName, int userId) { 19547 int callingUid = Binder.getCallingUid(); 19548 if (callingUid != Process.SYSTEM_UID) { 19549 throw new SecurityException( 19550 "clearPackagePersistentPreferredActivities can only be run by the system"); 19551 } 19552 ArrayList<PersistentPreferredActivity> removed = null; 19553 boolean changed = false; 19554 synchronized (mPackages) { 19555 for (int i=0; i<mSettings.mPersistentPreferredActivities.size(); i++) { 19556 final int thisUserId = mSettings.mPersistentPreferredActivities.keyAt(i); 19557 PersistentPreferredIntentResolver ppir = mSettings.mPersistentPreferredActivities 19558 .valueAt(i); 19559 if (userId != thisUserId) { 19560 continue; 19561 } 19562 Iterator<PersistentPreferredActivity> it = ppir.filterIterator(); 19563 while (it.hasNext()) { 19564 PersistentPreferredActivity ppa = it.next(); 19565 // Mark entry for removal only if it matches the package name. 19566 if (ppa.mComponent.getPackageName().equals(packageName)) { 19567 if (removed == null) { 19568 removed = new ArrayList<PersistentPreferredActivity>(); 19569 } 19570 removed.add(ppa); 19571 } 19572 } 19573 if (removed != null) { 19574 for (int j=0; j<removed.size(); j++) { 19575 PersistentPreferredActivity ppa = removed.get(j); 19576 ppir.removeFilter(ppa); 19577 } 19578 changed = true; 19579 } 19580 } 19581 19582 if (changed) { 19583 scheduleWritePackageRestrictionsLocked(userId); 19584 postPreferredActivityChangedBroadcast(userId); 19585 } 19586 } 19587 } 19588 19589 /** 19590 * Common machinery for picking apart a restored XML blob and passing 19591 * it to a caller-supplied functor to be applied to the running system. 19592 */ 19593 private void restoreFromXml(XmlPullParser parser, int userId, 19594 String expectedStartTag, BlobXmlRestorer functor) 19595 throws IOException, XmlPullParserException { 19596 int type; 19597 while ((type = parser.next()) != XmlPullParser.START_TAG 19598 && type != XmlPullParser.END_DOCUMENT) { 19599 } 19600 if (type != XmlPullParser.START_TAG) { 19601 // oops didn't find a start tag?! 19602 if (DEBUG_BACKUP) { 19603 Slog.e(TAG, "Didn't find start tag during restore"); 19604 } 19605 return; 19606 } 19607Slog.v(TAG, ":: restoreFromXml() : got to tag " + parser.getName()); 19608 // this is supposed to be TAG_PREFERRED_BACKUP 19609 if (!expectedStartTag.equals(parser.getName())) { 19610 if (DEBUG_BACKUP) { 19611 Slog.e(TAG, "Found unexpected tag " + parser.getName()); 19612 } 19613 return; 19614 } 19615 19616 // skip interfering stuff, then we're aligned with the backing implementation 19617 while ((type = parser.next()) == XmlPullParser.TEXT) { } 19618Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); 19619 functor.apply(parser, userId); 19620 } 19621 19622 private interface BlobXmlRestorer { 19623 public void apply(XmlPullParser parser, int userId) throws IOException, XmlPullParserException; 19624 } 19625 19626 /** 19627 * Non-Binder method, support for the backup/restore mechanism: write the 19628 * full set of preferred activities in its canonical XML format. Returns the 19629 * XML output as a byte array, or null if there is none. 19630 */ 19631 @Override 19632 public byte[] getPreferredActivityBackup(int userId) { 19633 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19634 throw new SecurityException("Only the system may call getPreferredActivityBackup()"); 19635 } 19636 19637 ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); 19638 try { 19639 final XmlSerializer serializer = new FastXmlSerializer(); 19640 serializer.setOutput(dataStream, StandardCharsets.UTF_8.name()); 19641 serializer.startDocument(null, true); 19642 serializer.startTag(null, TAG_PREFERRED_BACKUP); 19643 19644 synchronized (mPackages) { 19645 mSettings.writePreferredActivitiesLPr(serializer, userId, true); 19646 } 19647 19648 serializer.endTag(null, TAG_PREFERRED_BACKUP); 19649 serializer.endDocument(); 19650 serializer.flush(); 19651 } catch (Exception e) { 19652 if (DEBUG_BACKUP) { 19653 Slog.e(TAG, "Unable to write preferred activities for backup", e); 19654 } 19655 return null; 19656 } 19657 19658 return dataStream.toByteArray(); 19659 } 19660 19661 @Override 19662 public void restorePreferredActivities(byte[] backup, int userId) { 19663 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19664 throw new SecurityException("Only the system may call restorePreferredActivities()"); 19665 } 19666 19667 try { 19668 final XmlPullParser parser = Xml.newPullParser(); 19669 parser.setInput(new ByteArrayInputStream(backup), StandardCharsets.UTF_8.name()); 19670 restoreFromXml(parser, userId, TAG_PREFERRED_BACKUP, 19671 new BlobXmlRestorer() { 19672 @Override 19673 public void apply(XmlPullParser parser, int userId) 19674 throws XmlPullParserException, IOException { 19675 synchronized (mPackages) { 19676 mSettings.readPreferredActivitiesLPw(parser, userId); 19677 } 19678 } 19679 } ); 19680 } catch (Exception e) { 19681 if (DEBUG_BACKUP) { 19682 Slog.e(TAG, "Exception restoring preferred activities: " + e.getMessage()); 19683 } 19684 } 19685 } 19686 19687 /** 19688 * Non-Binder method, support for the backup/restore mechanism: write the 19689 * default browser (etc) settings in its canonical XML format. Returns the default 19690 * browser XML representation as a byte array, or null if there is none. 19691 */ 19692 @Override 19693 public byte[] getDefaultAppsBackup(int userId) { 19694 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19695 throw new SecurityException("Only the system may call getDefaultAppsBackup()"); 19696 } 19697 19698 ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); 19699 try { 19700 final XmlSerializer serializer = new FastXmlSerializer(); 19701 serializer.setOutput(dataStream, StandardCharsets.UTF_8.name()); 19702 serializer.startDocument(null, true); 19703 serializer.startTag(null, TAG_DEFAULT_APPS); 19704 19705 synchronized (mPackages) { 19706 mSettings.writeDefaultAppsLPr(serializer, userId); 19707 } 19708 19709 serializer.endTag(null, TAG_DEFAULT_APPS); 19710 serializer.endDocument(); 19711 serializer.flush(); 19712 } catch (Exception e) { 19713 if (DEBUG_BACKUP) { 19714 Slog.e(TAG, "Unable to write default apps for backup", e); 19715 } 19716 return null; 19717 } 19718 19719 return dataStream.toByteArray(); 19720 } 19721 19722 @Override 19723 public void restoreDefaultApps(byte[] backup, int userId) { 19724 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19725 throw new SecurityException("Only the system may call restoreDefaultApps()"); 19726 } 19727 19728 try { 19729 final XmlPullParser parser = Xml.newPullParser(); 19730 parser.setInput(new ByteArrayInputStream(backup), StandardCharsets.UTF_8.name()); 19731 restoreFromXml(parser, userId, TAG_DEFAULT_APPS, 19732 new BlobXmlRestorer() { 19733 @Override 19734 public void apply(XmlPullParser parser, int userId) 19735 throws XmlPullParserException, IOException { 19736 synchronized (mPackages) { 19737 mSettings.readDefaultAppsLPw(parser, userId); 19738 } 19739 } 19740 } ); 19741 } catch (Exception e) { 19742 if (DEBUG_BACKUP) { 19743 Slog.e(TAG, "Exception restoring default apps: " + e.getMessage()); 19744 } 19745 } 19746 } 19747 19748 @Override 19749 public byte[] getIntentFilterVerificationBackup(int userId) { 19750 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19751 throw new SecurityException("Only the system may call getIntentFilterVerificationBackup()"); 19752 } 19753 19754 ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); 19755 try { 19756 final XmlSerializer serializer = new FastXmlSerializer(); 19757 serializer.setOutput(dataStream, StandardCharsets.UTF_8.name()); 19758 serializer.startDocument(null, true); 19759 serializer.startTag(null, TAG_INTENT_FILTER_VERIFICATION); 19760 19761 synchronized (mPackages) { 19762 mSettings.writeAllDomainVerificationsLPr(serializer, userId); 19763 } 19764 19765 serializer.endTag(null, TAG_INTENT_FILTER_VERIFICATION); 19766 serializer.endDocument(); 19767 serializer.flush(); 19768 } catch (Exception e) { 19769 if (DEBUG_BACKUP) { 19770 Slog.e(TAG, "Unable to write default apps for backup", e); 19771 } 19772 return null; 19773 } 19774 19775 return dataStream.toByteArray(); 19776 } 19777 19778 @Override 19779 public void restoreIntentFilterVerification(byte[] backup, int userId) { 19780 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19781 throw new SecurityException("Only the system may call restorePreferredActivities()"); 19782 } 19783 19784 try { 19785 final XmlPullParser parser = Xml.newPullParser(); 19786 parser.setInput(new ByteArrayInputStream(backup), StandardCharsets.UTF_8.name()); 19787 restoreFromXml(parser, userId, TAG_INTENT_FILTER_VERIFICATION, 19788 new BlobXmlRestorer() { 19789 @Override 19790 public void apply(XmlPullParser parser, int userId) 19791 throws XmlPullParserException, IOException { 19792 synchronized (mPackages) { 19793 mSettings.readAllDomainVerificationsLPr(parser, userId); 19794 mSettings.writeLPr(); 19795 } 19796 } 19797 } ); 19798 } catch (Exception e) { 19799 if (DEBUG_BACKUP) { 19800 Slog.e(TAG, "Exception restoring preferred activities: " + e.getMessage()); 19801 } 19802 } 19803 } 19804 19805 @Override 19806 public byte[] getPermissionGrantBackup(int userId) { 19807 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19808 throw new SecurityException("Only the system may call getPermissionGrantBackup()"); 19809 } 19810 19811 ByteArrayOutputStream dataStream = new ByteArrayOutputStream(); 19812 try { 19813 final XmlSerializer serializer = new FastXmlSerializer(); 19814 serializer.setOutput(dataStream, StandardCharsets.UTF_8.name()); 19815 serializer.startDocument(null, true); 19816 serializer.startTag(null, TAG_PERMISSION_BACKUP); 19817 19818 synchronized (mPackages) { 19819 serializeRuntimePermissionGrantsLPr(serializer, userId); 19820 } 19821 19822 serializer.endTag(null, TAG_PERMISSION_BACKUP); 19823 serializer.endDocument(); 19824 serializer.flush(); 19825 } catch (Exception e) { 19826 if (DEBUG_BACKUP) { 19827 Slog.e(TAG, "Unable to write default apps for backup", e); 19828 } 19829 return null; 19830 } 19831 19832 return dataStream.toByteArray(); 19833 } 19834 19835 @Override 19836 public void restorePermissionGrants(byte[] backup, int userId) { 19837 if (Binder.getCallingUid() != Process.SYSTEM_UID) { 19838 throw new SecurityException("Only the system may call restorePermissionGrants()"); 19839 } 19840 19841 try { 19842 final XmlPullParser parser = Xml.newPullParser(); 19843 parser.setInput(new ByteArrayInputStream(backup), StandardCharsets.UTF_8.name()); 19844 restoreFromXml(parser, userId, TAG_PERMISSION_BACKUP, 19845 new BlobXmlRestorer() { 19846 @Override 19847 public void apply(XmlPullParser parser, int userId) 19848 throws XmlPullParserException, IOException { 19849 synchronized (mPackages) { 19850 processRestoredPermissionGrantsLPr(parser, userId); 19851 } 19852 } 19853 } ); 19854 } catch (Exception e) { 19855 if (DEBUG_BACKUP) { 19856 Slog.e(TAG, "Exception restoring preferred activities: " + e.getMessage()); 19857 } 19858 } 19859 } 19860 19861 private void serializeRuntimePermissionGrantsLPr(XmlSerializer serializer, final int userId) 19862 throws IOException { 19863 serializer.startTag(null, TAG_ALL_GRANTS); 19864 19865 final int N = mSettings.mPackages.size(); 19866 for (int i = 0; i < N; i++) { 19867 final PackageSetting ps = mSettings.mPackages.valueAt(i); 19868 boolean pkgGrantsKnown = false; 19869 19870 PermissionsState packagePerms = ps.getPermissionsState(); 19871 19872 for (PermissionState state : packagePerms.getRuntimePermissionStates(userId)) { 19873 final int grantFlags = state.getFlags(); 19874 // only look at grants that are not system/policy fixed 19875 if ((grantFlags & SYSTEM_RUNTIME_GRANT_MASK) == 0) { 19876 final boolean isGranted = state.isGranted(); 19877 // And only back up the user-twiddled state bits 19878 if (isGranted || (grantFlags & USER_RUNTIME_GRANT_MASK) != 0) { 19879 final String packageName = mSettings.mPackages.keyAt(i); 19880 if (!pkgGrantsKnown) { 19881 serializer.startTag(null, TAG_GRANT); 19882 serializer.attribute(null, ATTR_PACKAGE_NAME, packageName); 19883 pkgGrantsKnown = true; 19884 } 19885 19886 final boolean userSet = 19887 (grantFlags & FLAG_PERMISSION_USER_SET) != 0; 19888 final boolean userFixed = 19889 (grantFlags & FLAG_PERMISSION_USER_FIXED) != 0; 19890 final boolean revoke = 19891 (grantFlags & FLAG_PERMISSION_REVOKE_ON_UPGRADE) != 0; 19892 19893 serializer.startTag(null, TAG_PERMISSION); 19894 serializer.attribute(null, ATTR_PERMISSION_NAME, state.getName()); 19895 if (isGranted) { 19896 serializer.attribute(null, ATTR_IS_GRANTED, "true"); 19897 } 19898 if (userSet) { 19899 serializer.attribute(null, ATTR_USER_SET, "true"); 19900 } 19901 if (userFixed) { 19902 serializer.attribute(null, ATTR_USER_FIXED, "true"); 19903 } 19904 if (revoke) { 19905 serializer.attribute(null, ATTR_REVOKE_ON_UPGRADE, "true"); 19906 } 19907 serializer.endTag(null, TAG_PERMISSION); 19908 } 19909 } 19910 } 19911 19912 if (pkgGrantsKnown) { 19913 serializer.endTag(null, TAG_GRANT); 19914 } 19915 } 19916 19917 serializer.endTag(null, TAG_ALL_GRANTS); 19918 } 19919 19920 private void processRestoredPermissionGrantsLPr(XmlPullParser parser, int userId) 19921 throws XmlPullParserException, IOException { 19922 String pkgName = null; 19923 int outerDepth = parser.getDepth(); 19924 int type; 19925 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 19926 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 19927 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 19928 continue; 19929 } 19930 19931 final String tagName = parser.getName(); 19932 if (tagName.equals(TAG_GRANT)) { 19933 pkgName = parser.getAttributeValue(null, ATTR_PACKAGE_NAME); 19934 if (DEBUG_BACKUP) { 19935 Slog.v(TAG, "+++ Restoring grants for package " + pkgName); 19936 } 19937 } else if (tagName.equals(TAG_PERMISSION)) { 19938 19939 final boolean isGranted = "true".equals(parser.getAttributeValue(null, ATTR_IS_GRANTED)); 19940 final String permName = parser.getAttributeValue(null, ATTR_PERMISSION_NAME); 19941 19942 int newFlagSet = 0; 19943 if ("true".equals(parser.getAttributeValue(null, ATTR_USER_SET))) { 19944 newFlagSet |= FLAG_PERMISSION_USER_SET; 19945 } 19946 if ("true".equals(parser.getAttributeValue(null, ATTR_USER_FIXED))) { 19947 newFlagSet |= FLAG_PERMISSION_USER_FIXED; 19948 } 19949 if ("true".equals(parser.getAttributeValue(null, ATTR_REVOKE_ON_UPGRADE))) { 19950 newFlagSet |= FLAG_PERMISSION_REVOKE_ON_UPGRADE; 19951 } 19952 if (DEBUG_BACKUP) { 19953 Slog.v(TAG, " + Restoring grant: pkg=" + pkgName + " perm=" + permName 19954 + " granted=" + isGranted + " bits=0x" + Integer.toHexString(newFlagSet)); 19955 } 19956 final PackageSetting ps = mSettings.mPackages.get(pkgName); 19957 if (ps != null) { 19958 // Already installed so we apply the grant immediately 19959 if (DEBUG_BACKUP) { 19960 Slog.v(TAG, " + already installed; applying"); 19961 } 19962 PermissionsState perms = ps.getPermissionsState(); 19963 BasePermission bp = mSettings.mPermissions.get(permName); 19964 if (bp != null) { 19965 if (isGranted) { 19966 perms.grantRuntimePermission(bp, userId); 19967 } 19968 if (newFlagSet != 0) { 19969 perms.updatePermissionFlags(bp, userId, USER_RUNTIME_GRANT_MASK, newFlagSet); 19970 } 19971 } 19972 } else { 19973 // Need to wait for post-restore install to apply the grant 19974 if (DEBUG_BACKUP) { 19975 Slog.v(TAG, " - not yet installed; saving for later"); 19976 } 19977 mSettings.processRestoredPermissionGrantLPr(pkgName, permName, 19978 isGranted, newFlagSet, userId); 19979 } 19980 } else { 19981 PackageManagerService.reportSettingsProblem(Log.WARN, 19982 "Unknown element under <" + TAG_PERMISSION_BACKUP + ">: " + tagName); 19983 XmlUtils.skipCurrentTag(parser); 19984 } 19985 } 19986 19987 scheduleWriteSettingsLocked(); 19988 mSettings.writeRuntimePermissionsForUserLPr(userId, false); 19989 } 19990 19991 @Override 19992 public void addCrossProfileIntentFilter(IntentFilter intentFilter, String ownerPackage, 19993 int sourceUserId, int targetUserId, int flags) { 19994 mContext.enforceCallingOrSelfPermission( 19995 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null); 19996 int callingUid = Binder.getCallingUid(); 19997 enforceOwnerRights(ownerPackage, callingUid); 19998 enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, sourceUserId); 19999 if (intentFilter.countActions() == 0) { 20000 Slog.w(TAG, "Cannot set a crossProfile intent filter with no filter actions"); 20001 return; 20002 } 20003 synchronized (mPackages) { 20004 CrossProfileIntentFilter newFilter = new CrossProfileIntentFilter(intentFilter, 20005 ownerPackage, targetUserId, flags); 20006 CrossProfileIntentResolver resolver = 20007 mSettings.editCrossProfileIntentResolverLPw(sourceUserId); 20008 ArrayList<CrossProfileIntentFilter> existing = resolver.findFilters(intentFilter); 20009 // We have all those whose filter is equal. Now checking if the rest is equal as well. 20010 if (existing != null) { 20011 int size = existing.size(); 20012 for (int i = 0; i < size; i++) { 20013 if (newFilter.equalsIgnoreFilter(existing.get(i))) { 20014 return; 20015 } 20016 } 20017 } 20018 resolver.addFilter(newFilter); 20019 scheduleWritePackageRestrictionsLocked(sourceUserId); 20020 } 20021 } 20022 20023 @Override 20024 public void clearCrossProfileIntentFilters(int sourceUserId, String ownerPackage) { 20025 mContext.enforceCallingOrSelfPermission( 20026 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null); 20027 int callingUid = Binder.getCallingUid(); 20028 enforceOwnerRights(ownerPackage, callingUid); 20029 enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, sourceUserId); 20030 synchronized (mPackages) { 20031 CrossProfileIntentResolver resolver = 20032 mSettings.editCrossProfileIntentResolverLPw(sourceUserId); 20033 ArraySet<CrossProfileIntentFilter> set = 20034 new ArraySet<CrossProfileIntentFilter>(resolver.filterSet()); 20035 for (CrossProfileIntentFilter filter : set) { 20036 if (filter.getOwnerPackage().equals(ownerPackage)) { 20037 resolver.removeFilter(filter); 20038 } 20039 } 20040 scheduleWritePackageRestrictionsLocked(sourceUserId); 20041 } 20042 } 20043 20044 // Enforcing that callingUid is owning pkg on userId 20045 private void enforceOwnerRights(String pkg, int callingUid) { 20046 // The system owns everything. 20047 if (UserHandle.getAppId(callingUid) == Process.SYSTEM_UID) { 20048 return; 20049 } 20050 int callingUserId = UserHandle.getUserId(callingUid); 20051 PackageInfo pi = getPackageInfo(pkg, 0, callingUserId); 20052 if (pi == null) { 20053 throw new IllegalArgumentException("Unknown package " + pkg + " on user " 20054 + callingUserId); 20055 } 20056 if (!UserHandle.isSameApp(pi.applicationInfo.uid, callingUid)) { 20057 throw new SecurityException("Calling uid " + callingUid 20058 + " does not own package " + pkg); 20059 } 20060 } 20061 20062 @Override 20063 public ComponentName getHomeActivities(List<ResolveInfo> allHomeCandidates) { 20064 return getHomeActivitiesAsUser(allHomeCandidates, UserHandle.getCallingUserId()); 20065 } 20066 20067 /** 20068 * Report the 'Home' activity which is currently set as "always use this one". If non is set 20069 * then reports the most likely home activity or null if there are more than one. 20070 */ 20071 public ComponentName getDefaultHomeActivity(int userId) { 20072 List<ResolveInfo> allHomeCandidates = new ArrayList<>(); 20073 ComponentName cn = getHomeActivitiesAsUser(allHomeCandidates, userId); 20074 if (cn != null) { 20075 return cn; 20076 } 20077 20078 // Find the launcher with the highest priority and return that component if there are no 20079 // other home activity with the same priority. 20080 int lastPriority = Integer.MIN_VALUE; 20081 ComponentName lastComponent = null; 20082 final int size = allHomeCandidates.size(); 20083 for (int i = 0; i < size; i++) { 20084 final ResolveInfo ri = allHomeCandidates.get(i); 20085 if (ri.priority > lastPriority) { 20086 lastComponent = ri.activityInfo.getComponentName(); 20087 lastPriority = ri.priority; 20088 } else if (ri.priority == lastPriority) { 20089 // Two components found with same priority. 20090 lastComponent = null; 20091 } 20092 } 20093 return lastComponent; 20094 } 20095 20096 private Intent getHomeIntent() { 20097 Intent intent = new Intent(Intent.ACTION_MAIN); 20098 intent.addCategory(Intent.CATEGORY_HOME); 20099 intent.addCategory(Intent.CATEGORY_DEFAULT); 20100 return intent; 20101 } 20102 20103 private IntentFilter getHomeFilter() { 20104 IntentFilter filter = new IntentFilter(Intent.ACTION_MAIN); 20105 filter.addCategory(Intent.CATEGORY_HOME); 20106 filter.addCategory(Intent.CATEGORY_DEFAULT); 20107 return filter; 20108 } 20109 20110 ComponentName getHomeActivitiesAsUser(List<ResolveInfo> allHomeCandidates, 20111 int userId) { 20112 Intent intent = getHomeIntent(); 20113 List<ResolveInfo> list = queryIntentActivitiesInternal(intent, null, 20114 PackageManager.GET_META_DATA, userId); 20115 ResolveInfo preferred = findPreferredActivity(intent, null, 0, list, 0, 20116 true, false, false, userId); 20117 20118 allHomeCandidates.clear(); 20119 if (list != null) { 20120 for (ResolveInfo ri : list) { 20121 allHomeCandidates.add(ri); 20122 } 20123 } 20124 return (preferred == null || preferred.activityInfo == null) 20125 ? null 20126 : new ComponentName(preferred.activityInfo.packageName, 20127 preferred.activityInfo.name); 20128 } 20129 20130 @Override 20131 public void setHomeActivity(ComponentName comp, int userId) { 20132 ArrayList<ResolveInfo> homeActivities = new ArrayList<>(); 20133 getHomeActivitiesAsUser(homeActivities, userId); 20134 20135 boolean found = false; 20136 20137 final int size = homeActivities.size(); 20138 final ComponentName[] set = new ComponentName[size]; 20139 for (int i = 0; i < size; i++) { 20140 final ResolveInfo candidate = homeActivities.get(i); 20141 final ActivityInfo info = candidate.activityInfo; 20142 final ComponentName activityName = new ComponentName(info.packageName, info.name); 20143 set[i] = activityName; 20144 if (!found && activityName.equals(comp)) { 20145 found = true; 20146 } 20147 } 20148 if (!found) { 20149 throw new IllegalArgumentException("Component " + comp + " cannot be home on user " 20150 + userId); 20151 } 20152 replacePreferredActivity(getHomeFilter(), IntentFilter.MATCH_CATEGORY_EMPTY, 20153 set, comp, userId); 20154 } 20155 20156 private @Nullable String getSetupWizardPackageName() { 20157 final Intent intent = new Intent(Intent.ACTION_MAIN); 20158 intent.addCategory(Intent.CATEGORY_SETUP_WIZARD); 20159 20160 final List<ResolveInfo> matches = queryIntentActivitiesInternal(intent, null, 20161 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE 20162 | MATCH_DISABLED_COMPONENTS, 20163 UserHandle.myUserId()); 20164 if (matches.size() == 1) { 20165 return matches.get(0).getComponentInfo().packageName; 20166 } else { 20167 Slog.e(TAG, "There should probably be exactly one setup wizard; found " + matches.size() 20168 + ": matches=" + matches); 20169 return null; 20170 } 20171 } 20172 20173 private @Nullable String getStorageManagerPackageName() { 20174 final Intent intent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 20175 20176 final List<ResolveInfo> matches = queryIntentActivitiesInternal(intent, null, 20177 MATCH_SYSTEM_ONLY | MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE 20178 | MATCH_DISABLED_COMPONENTS, 20179 UserHandle.myUserId()); 20180 if (matches.size() == 1) { 20181 return matches.get(0).getComponentInfo().packageName; 20182 } else { 20183 Slog.e(TAG, "There should probably be exactly one storage manager; found " 20184 + matches.size() + ": matches=" + matches); 20185 return null; 20186 } 20187 } 20188 20189 @Override 20190 public void setApplicationEnabledSetting(String appPackageName, 20191 int newState, int flags, int userId, String callingPackage) { 20192 if (!sUserManager.exists(userId)) return; 20193 if (callingPackage == null) { 20194 callingPackage = Integer.toString(Binder.getCallingUid()); 20195 } 20196 setEnabledSetting(appPackageName, null, newState, flags, userId, callingPackage); 20197 } 20198 20199 @Override 20200 public void setUpdateAvailable(String packageName, boolean updateAvailable) { 20201 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null); 20202 synchronized (mPackages) { 20203 final PackageSetting pkgSetting = mSettings.mPackages.get(packageName); 20204 if (pkgSetting != null) { 20205 pkgSetting.setUpdateAvailable(updateAvailable); 20206 } 20207 } 20208 } 20209 20210 @Override 20211 public void setComponentEnabledSetting(ComponentName componentName, 20212 int newState, int flags, int userId) { 20213 if (!sUserManager.exists(userId)) return; 20214 setEnabledSetting(componentName.getPackageName(), 20215 componentName.getClassName(), newState, flags, userId, null); 20216 } 20217 20218 private void setEnabledSetting(final String packageName, String className, int newState, 20219 final int flags, int userId, String callingPackage) { 20220 if (!(newState == COMPONENT_ENABLED_STATE_DEFAULT 20221 || newState == COMPONENT_ENABLED_STATE_ENABLED 20222 || newState == COMPONENT_ENABLED_STATE_DISABLED 20223 || newState == COMPONENT_ENABLED_STATE_DISABLED_USER 20224 || newState == COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED)) { 20225 throw new IllegalArgumentException("Invalid new component state: " 20226 + newState); 20227 } 20228 PackageSetting pkgSetting; 20229 final int uid = Binder.getCallingUid(); 20230 final int permission; 20231 if (uid == Process.SYSTEM_UID) { 20232 permission = PackageManager.PERMISSION_GRANTED; 20233 } else { 20234 permission = mContext.checkCallingOrSelfPermission( 20235 android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE); 20236 } 20237 enforceCrossUserPermission(uid, userId, 20238 false /* requireFullPermission */, true /* checkShell */, "set enabled"); 20239 final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED); 20240 boolean sendNow = false; 20241 boolean isApp = (className == null); 20242 String componentName = isApp ? packageName : className; 20243 int packageUid = -1; 20244 ArrayList<String> components; 20245 20246 // writer 20247 synchronized (mPackages) { 20248 pkgSetting = mSettings.mPackages.get(packageName); 20249 if (pkgSetting == null) { 20250 if (className == null) { 20251 throw new IllegalArgumentException("Unknown package: " + packageName); 20252 } 20253 throw new IllegalArgumentException( 20254 "Unknown component: " + packageName + "/" + className); 20255 } 20256 } 20257 20258 // Limit who can change which apps 20259 if (!UserHandle.isSameApp(uid, pkgSetting.appId)) { 20260 // Don't allow apps that don't have permission to modify other apps 20261 if (!allowedByPermission) { 20262 throw new SecurityException( 20263 "Permission Denial: attempt to change component state from pid=" 20264 + Binder.getCallingPid() 20265 + ", uid=" + uid + ", package uid=" + pkgSetting.appId); 20266 } 20267 // Don't allow changing protected packages. 20268 if (mProtectedPackages.isPackageStateProtected(userId, packageName)) { 20269 throw new SecurityException("Cannot disable a protected package: " + packageName); 20270 } 20271 } 20272 20273 synchronized (mPackages) { 20274 if (uid == Process.SHELL_UID 20275 && (pkgSetting.pkgFlags & ApplicationInfo.FLAG_TEST_ONLY) == 0) { 20276 // Shell can only change whole packages between ENABLED and DISABLED_USER states 20277 // unless it is a test package. 20278 int oldState = pkgSetting.getEnabled(userId); 20279 if (className == null 20280 && 20281 (oldState == COMPONENT_ENABLED_STATE_DISABLED_USER 20282 || oldState == COMPONENT_ENABLED_STATE_DEFAULT 20283 || oldState == COMPONENT_ENABLED_STATE_ENABLED) 20284 && 20285 (newState == COMPONENT_ENABLED_STATE_DISABLED_USER 20286 || newState == COMPONENT_ENABLED_STATE_DEFAULT 20287 || newState == COMPONENT_ENABLED_STATE_ENABLED)) { 20288 // ok 20289 } else { 20290 throw new SecurityException( 20291 "Shell cannot change component state for " + packageName + "/" 20292 + className + " to " + newState); 20293 } 20294 } 20295 if (className == null) { 20296 // We're dealing with an application/package level state change 20297 if (pkgSetting.getEnabled(userId) == newState) { 20298 // Nothing to do 20299 return; 20300 } 20301 if (newState == PackageManager.COMPONENT_ENABLED_STATE_DEFAULT 20302 || newState == PackageManager.COMPONENT_ENABLED_STATE_ENABLED) { 20303 // Don't care about who enables an app. 20304 callingPackage = null; 20305 } 20306 pkgSetting.setEnabled(newState, userId, callingPackage); 20307 // pkgSetting.pkg.mSetEnabled = newState; 20308 } else { 20309 // We're dealing with a component level state change 20310 // First, verify that this is a valid class name. 20311 PackageParser.Package pkg = pkgSetting.pkg; 20312 if (pkg == null || !pkg.hasComponentClassName(className)) { 20313 if (pkg != null && 20314 pkg.applicationInfo.targetSdkVersion >= 20315 Build.VERSION_CODES.JELLY_BEAN) { 20316 throw new IllegalArgumentException("Component class " + className 20317 + " does not exist in " + packageName); 20318 } else { 20319 Slog.w(TAG, "Failed setComponentEnabledSetting: component class " 20320 + className + " does not exist in " + packageName); 20321 } 20322 } 20323 switch (newState) { 20324 case COMPONENT_ENABLED_STATE_ENABLED: 20325 if (!pkgSetting.enableComponentLPw(className, userId)) { 20326 return; 20327 } 20328 break; 20329 case COMPONENT_ENABLED_STATE_DISABLED: 20330 if (!pkgSetting.disableComponentLPw(className, userId)) { 20331 return; 20332 } 20333 break; 20334 case COMPONENT_ENABLED_STATE_DEFAULT: 20335 if (!pkgSetting.restoreComponentLPw(className, userId)) { 20336 return; 20337 } 20338 break; 20339 default: 20340 Slog.e(TAG, "Invalid new component state: " + newState); 20341 return; 20342 } 20343 } 20344 scheduleWritePackageRestrictionsLocked(userId); 20345 updateSequenceNumberLP(packageName, new int[] { userId }); 20346 final long callingId = Binder.clearCallingIdentity(); 20347 try { 20348 updateInstantAppInstallerLocked(packageName); 20349 } finally { 20350 Binder.restoreCallingIdentity(callingId); 20351 } 20352 components = mPendingBroadcasts.get(userId, packageName); 20353 final boolean newPackage = components == null; 20354 if (newPackage) { 20355 components = new ArrayList<String>(); 20356 } 20357 if (!components.contains(componentName)) { 20358 components.add(componentName); 20359 } 20360 if ((flags&PackageManager.DONT_KILL_APP) == 0) { 20361 sendNow = true; 20362 // Purge entry from pending broadcast list if another one exists already 20363 // since we are sending one right away. 20364 mPendingBroadcasts.remove(userId, packageName); 20365 } else { 20366 if (newPackage) { 20367 mPendingBroadcasts.put(userId, packageName, components); 20368 } 20369 if (!mHandler.hasMessages(SEND_PENDING_BROADCAST)) { 20370 // Schedule a message 20371 mHandler.sendEmptyMessageDelayed(SEND_PENDING_BROADCAST, BROADCAST_DELAY); 20372 } 20373 } 20374 } 20375 20376 long callingId = Binder.clearCallingIdentity(); 20377 try { 20378 if (sendNow) { 20379 packageUid = UserHandle.getUid(userId, pkgSetting.appId); 20380 sendPackageChangedBroadcast(packageName, 20381 (flags&PackageManager.DONT_KILL_APP) != 0, components, packageUid); 20382 } 20383 } finally { 20384 Binder.restoreCallingIdentity(callingId); 20385 } 20386 } 20387 20388 @Override 20389 public void flushPackageRestrictionsAsUser(int userId) { 20390 if (!sUserManager.exists(userId)) { 20391 return; 20392 } 20393 enforceCrossUserPermission(Binder.getCallingUid(), userId, false /* requireFullPermission*/, 20394 false /* checkShell */, "flushPackageRestrictions"); 20395 synchronized (mPackages) { 20396 mSettings.writePackageRestrictionsLPr(userId); 20397 mDirtyUsers.remove(userId); 20398 if (mDirtyUsers.isEmpty()) { 20399 mHandler.removeMessages(WRITE_PACKAGE_RESTRICTIONS); 20400 } 20401 } 20402 } 20403 20404 private void sendPackageChangedBroadcast(String packageName, 20405 boolean killFlag, ArrayList<String> componentNames, int packageUid) { 20406 if (DEBUG_INSTALL) 20407 Log.v(TAG, "Sending package changed: package=" + packageName + " components=" 20408 + componentNames); 20409 Bundle extras = new Bundle(4); 20410 extras.putString(Intent.EXTRA_CHANGED_COMPONENT_NAME, componentNames.get(0)); 20411 String nameList[] = new String[componentNames.size()]; 20412 componentNames.toArray(nameList); 20413 extras.putStringArray(Intent.EXTRA_CHANGED_COMPONENT_NAME_LIST, nameList); 20414 extras.putBoolean(Intent.EXTRA_DONT_KILL_APP, killFlag); 20415 extras.putInt(Intent.EXTRA_UID, packageUid); 20416 // If this is not reporting a change of the overall package, then only send it 20417 // to registered receivers. We don't want to launch a swath of apps for every 20418 // little component state change. 20419 final int flags = !componentNames.contains(packageName) 20420 ? Intent.FLAG_RECEIVER_REGISTERED_ONLY : 0; 20421 sendPackageBroadcast(Intent.ACTION_PACKAGE_CHANGED, packageName, extras, flags, null, null, 20422 new int[] {UserHandle.getUserId(packageUid)}); 20423 } 20424 20425 @Override 20426 public void setPackageStoppedState(String packageName, boolean stopped, int userId) { 20427 if (!sUserManager.exists(userId)) return; 20428 final int uid = Binder.getCallingUid(); 20429 final int permission = mContext.checkCallingOrSelfPermission( 20430 android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE); 20431 final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED); 20432 enforceCrossUserPermission(uid, userId, 20433 true /* requireFullPermission */, true /* checkShell */, "stop package"); 20434 // writer 20435 synchronized (mPackages) { 20436 if (mSettings.setPackageStoppedStateLPw(this, packageName, stopped, 20437 allowedByPermission, uid, userId)) { 20438 scheduleWritePackageRestrictionsLocked(userId); 20439 } 20440 } 20441 } 20442 20443 @Override 20444 public String getInstallerPackageName(String packageName) { 20445 // reader 20446 synchronized (mPackages) { 20447 return mSettings.getInstallerPackageNameLPr(packageName); 20448 } 20449 } 20450 20451 public boolean isOrphaned(String packageName) { 20452 // reader 20453 synchronized (mPackages) { 20454 return mSettings.isOrphaned(packageName); 20455 } 20456 } 20457 20458 @Override 20459 public int getApplicationEnabledSetting(String packageName, int userId) { 20460 if (!sUserManager.exists(userId)) return COMPONENT_ENABLED_STATE_DISABLED; 20461 int uid = Binder.getCallingUid(); 20462 enforceCrossUserPermission(uid, userId, 20463 false /* requireFullPermission */, false /* checkShell */, "get enabled"); 20464 // reader 20465 synchronized (mPackages) { 20466 return mSettings.getApplicationEnabledSettingLPr(packageName, userId); 20467 } 20468 } 20469 20470 @Override 20471 public int getComponentEnabledSetting(ComponentName componentName, int userId) { 20472 if (!sUserManager.exists(userId)) return COMPONENT_ENABLED_STATE_DISABLED; 20473 int uid = Binder.getCallingUid(); 20474 enforceCrossUserPermission(uid, userId, 20475 false /* requireFullPermission */, false /* checkShell */, "get component enabled"); 20476 // reader 20477 synchronized (mPackages) { 20478 return mSettings.getComponentEnabledSettingLPr(componentName, userId); 20479 } 20480 } 20481 20482 @Override 20483 public void enterSafeMode() { 20484 enforceSystemOrRoot("Only the system can request entering safe mode"); 20485 20486 if (!mSystemReady) { 20487 mSafeMode = true; 20488 } 20489 } 20490 20491 @Override 20492 public void systemReady() { 20493 mSystemReady = true; 20494 final ContentResolver resolver = mContext.getContentResolver(); 20495 ContentObserver co = new ContentObserver(mHandler) { 20496 @Override 20497 public void onChange(boolean selfChange) { 20498 mEphemeralAppsDisabled = 20499 (Global.getInt(resolver, Global.ENABLE_EPHEMERAL_FEATURE, 1) == 0) || 20500 (Secure.getInt(resolver, Secure.INSTANT_APPS_ENABLED, 1) == 0); 20501 } 20502 }; 20503 mContext.getContentResolver().registerContentObserver(android.provider.Settings.Global 20504 .getUriFor(Global.ENABLE_EPHEMERAL_FEATURE), 20505 false, co, UserHandle.USER_SYSTEM); 20506 mContext.getContentResolver().registerContentObserver(android.provider.Settings.Global 20507 .getUriFor(Secure.INSTANT_APPS_ENABLED), false, co, UserHandle.USER_SYSTEM); 20508 co.onChange(true); 20509 20510 // Disable any carrier apps. We do this very early in boot to prevent the apps from being 20511 // disabled after already being started. 20512 CarrierAppUtils.disableCarrierAppsUntilPrivileged(mContext.getOpPackageName(), this, 20513 mContext.getContentResolver(), UserHandle.USER_SYSTEM); 20514 20515 // Read the compatibilty setting when the system is ready. 20516 boolean compatibilityModeEnabled = android.provider.Settings.Global.getInt( 20517 mContext.getContentResolver(), 20518 android.provider.Settings.Global.COMPATIBILITY_MODE, 1) == 1; 20519 PackageParser.setCompatibilityModeEnabled(compatibilityModeEnabled); 20520 if (DEBUG_SETTINGS) { 20521 Log.d(TAG, "compatibility mode:" + compatibilityModeEnabled); 20522 } 20523 20524 int[] grantPermissionsUserIds = EMPTY_INT_ARRAY; 20525 20526 synchronized (mPackages) { 20527 // Verify that all of the preferred activity components actually 20528 // exist. It is possible for applications to be updated and at 20529 // that point remove a previously declared activity component that 20530 // had been set as a preferred activity. We try to clean this up 20531 // the next time we encounter that preferred activity, but it is 20532 // possible for the user flow to never be able to return to that 20533 // situation so here we do a sanity check to make sure we haven't 20534 // left any junk around. 20535 ArrayList<PreferredActivity> removed = new ArrayList<PreferredActivity>(); 20536 for (int i=0; i<mSettings.mPreferredActivities.size(); i++) { 20537 PreferredIntentResolver pir = mSettings.mPreferredActivities.valueAt(i); 20538 removed.clear(); 20539 for (PreferredActivity pa : pir.filterSet()) { 20540 if (mActivities.mActivities.get(pa.mPref.mComponent) == null) { 20541 removed.add(pa); 20542 } 20543 } 20544 if (removed.size() > 0) { 20545 for (int r=0; r<removed.size(); r++) { 20546 PreferredActivity pa = removed.get(r); 20547 Slog.w(TAG, "Removing dangling preferred activity: " 20548 + pa.mPref.mComponent); 20549 pir.removeFilter(pa); 20550 } 20551 mSettings.writePackageRestrictionsLPr( 20552 mSettings.mPreferredActivities.keyAt(i)); 20553 } 20554 } 20555 20556 for (int userId : UserManagerService.getInstance().getUserIds()) { 20557 if (!mSettings.areDefaultRuntimePermissionsGrantedLPr(userId)) { 20558 grantPermissionsUserIds = ArrayUtils.appendInt( 20559 grantPermissionsUserIds, userId); 20560 } 20561 } 20562 } 20563 sUserManager.systemReady(); 20564 20565 // If we upgraded grant all default permissions before kicking off. 20566 for (int userId : grantPermissionsUserIds) { 20567 mDefaultPermissionPolicy.grantDefaultPermissions(userId); 20568 } 20569 20570 // If we did not grant default permissions, we preload from this the 20571 // default permission exceptions lazily to ensure we don't hit the 20572 // disk on a new user creation. 20573 if (grantPermissionsUserIds == EMPTY_INT_ARRAY) { 20574 mDefaultPermissionPolicy.scheduleReadDefaultPermissionExceptions(); 20575 } 20576 20577 // Kick off any messages waiting for system ready 20578 if (mPostSystemReadyMessages != null) { 20579 for (Message msg : mPostSystemReadyMessages) { 20580 msg.sendToTarget(); 20581 } 20582 mPostSystemReadyMessages = null; 20583 } 20584 20585 // Watch for external volumes that come and go over time 20586 final StorageManager storage = mContext.getSystemService(StorageManager.class); 20587 storage.registerListener(mStorageListener); 20588 20589 mInstallerService.systemReady(); 20590 mPackageDexOptimizer.systemReady(); 20591 20592 StorageManagerInternal StorageManagerInternal = LocalServices.getService( 20593 StorageManagerInternal.class); 20594 StorageManagerInternal.addExternalStoragePolicy( 20595 new StorageManagerInternal.ExternalStorageMountPolicy() { 20596 @Override 20597 public int getMountMode(int uid, String packageName) { 20598 if (Process.isIsolated(uid)) { 20599 return Zygote.MOUNT_EXTERNAL_NONE; 20600 } 20601 if (checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED) { 20602 return Zygote.MOUNT_EXTERNAL_DEFAULT; 20603 } 20604 if (checkUidPermission(READ_EXTERNAL_STORAGE, uid) == PERMISSION_DENIED) { 20605 return Zygote.MOUNT_EXTERNAL_DEFAULT; 20606 } 20607 if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_DENIED) { 20608 return Zygote.MOUNT_EXTERNAL_READ; 20609 } 20610 return Zygote.MOUNT_EXTERNAL_WRITE; 20611 } 20612 20613 @Override 20614 public boolean hasExternalStorage(int uid, String packageName) { 20615 return true; 20616 } 20617 }); 20618 20619 // Now that we're mostly running, clean up stale users and apps 20620 sUserManager.reconcileUsers(StorageManager.UUID_PRIVATE_INTERNAL); 20621 reconcileApps(StorageManager.UUID_PRIVATE_INTERNAL); 20622 20623 if (mPrivappPermissionsViolations != null) { 20624 Slog.wtf(TAG,"Signature|privileged permissions not in " 20625 + "privapp-permissions whitelist: " + mPrivappPermissionsViolations); 20626 mPrivappPermissionsViolations = null; 20627 } 20628 } 20629 20630 public void waitForAppDataPrepared() { 20631 if (mPrepareAppDataFuture == null) { 20632 return; 20633 } 20634 ConcurrentUtils.waitForFutureNoInterrupt(mPrepareAppDataFuture, "wait for prepareAppData"); 20635 mPrepareAppDataFuture = null; 20636 } 20637 20638 @Override 20639 public boolean isSafeMode() { 20640 return mSafeMode; 20641 } 20642 20643 @Override 20644 public boolean hasSystemUidErrors() { 20645 return mHasSystemUidErrors; 20646 } 20647 20648 static String arrayToString(int[] array) { 20649 StringBuffer buf = new StringBuffer(128); 20650 buf.append('['); 20651 if (array != null) { 20652 for (int i=0; i<array.length; i++) { 20653 if (i > 0) buf.append(", "); 20654 buf.append(array[i]); 20655 } 20656 } 20657 buf.append(']'); 20658 return buf.toString(); 20659 } 20660 20661 static class DumpState { 20662 public static final int DUMP_LIBS = 1 << 0; 20663 public static final int DUMP_FEATURES = 1 << 1; 20664 public static final int DUMP_ACTIVITY_RESOLVERS = 1 << 2; 20665 public static final int DUMP_SERVICE_RESOLVERS = 1 << 3; 20666 public static final int DUMP_RECEIVER_RESOLVERS = 1 << 4; 20667 public static final int DUMP_CONTENT_RESOLVERS = 1 << 5; 20668 public static final int DUMP_PERMISSIONS = 1 << 6; 20669 public static final int DUMP_PACKAGES = 1 << 7; 20670 public static final int DUMP_SHARED_USERS = 1 << 8; 20671 public static final int DUMP_MESSAGES = 1 << 9; 20672 public static final int DUMP_PROVIDERS = 1 << 10; 20673 public static final int DUMP_VERIFIERS = 1 << 11; 20674 public static final int DUMP_PREFERRED = 1 << 12; 20675 public static final int DUMP_PREFERRED_XML = 1 << 13; 20676 public static final int DUMP_KEYSETS = 1 << 14; 20677 public static final int DUMP_VERSION = 1 << 15; 20678 public static final int DUMP_INSTALLS = 1 << 16; 20679 public static final int DUMP_INTENT_FILTER_VERIFIERS = 1 << 17; 20680 public static final int DUMP_DOMAIN_PREFERRED = 1 << 18; 20681 public static final int DUMP_FROZEN = 1 << 19; 20682 public static final int DUMP_DEXOPT = 1 << 20; 20683 public static final int DUMP_COMPILER_STATS = 1 << 21; 20684 public static final int DUMP_ENABLED_OVERLAYS = 1 << 22; 20685 public static final int DUMP_CHANGES = 1 << 23; 20686 20687 public static final int OPTION_SHOW_FILTERS = 1 << 0; 20688 20689 private int mTypes; 20690 20691 private int mOptions; 20692 20693 private boolean mTitlePrinted; 20694 20695 private SharedUserSetting mSharedUser; 20696 20697 public boolean isDumping(int type) { 20698 if (mTypes == 0 && type != DUMP_PREFERRED_XML) { 20699 return true; 20700 } 20701 20702 return (mTypes & type) != 0; 20703 } 20704 20705 public void setDump(int type) { 20706 mTypes |= type; 20707 } 20708 20709 public boolean isOptionEnabled(int option) { 20710 return (mOptions & option) != 0; 20711 } 20712 20713 public void setOptionEnabled(int option) { 20714 mOptions |= option; 20715 } 20716 20717 public boolean onTitlePrinted() { 20718 final boolean printed = mTitlePrinted; 20719 mTitlePrinted = true; 20720 return printed; 20721 } 20722 20723 public boolean getTitlePrinted() { 20724 return mTitlePrinted; 20725 } 20726 20727 public void setTitlePrinted(boolean enabled) { 20728 mTitlePrinted = enabled; 20729 } 20730 20731 public SharedUserSetting getSharedUser() { 20732 return mSharedUser; 20733 } 20734 20735 public void setSharedUser(SharedUserSetting user) { 20736 mSharedUser = user; 20737 } 20738 } 20739 20740 @Override 20741 public void onShellCommand(FileDescriptor in, FileDescriptor out, 20742 FileDescriptor err, String[] args, ShellCallback callback, 20743 ResultReceiver resultReceiver) { 20744 (new PackageManagerShellCommand(this)).exec( 20745 this, in, out, err, args, callback, resultReceiver); 20746 } 20747 20748 @Override 20749 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { 20750 if (!DumpUtils.checkDumpAndUsageStatsPermission(mContext, TAG, pw)) return; 20751 20752 DumpState dumpState = new DumpState(); 20753 boolean fullPreferred = false; 20754 boolean checkin = false; 20755 20756 String packageName = null; 20757 ArraySet<String> permissionNames = null; 20758 20759 int opti = 0; 20760 while (opti < args.length) { 20761 String opt = args[opti]; 20762 if (opt == null || opt.length() <= 0 || opt.charAt(0) != '-') { 20763 break; 20764 } 20765 opti++; 20766 20767 if ("-a".equals(opt)) { 20768 // Right now we only know how to print all. 20769 } else if ("-h".equals(opt)) { 20770 pw.println("Package manager dump options:"); 20771 pw.println(" [-h] [-f] [--checkin] [cmd] ..."); 20772 pw.println(" --checkin: dump for a checkin"); 20773 pw.println(" -f: print details of intent filters"); 20774 pw.println(" -h: print this help"); 20775 pw.println(" cmd may be one of:"); 20776 pw.println(" l[ibraries]: list known shared libraries"); 20777 pw.println(" f[eatures]: list device features"); 20778 pw.println(" k[eysets]: print known keysets"); 20779 pw.println(" r[esolvers] [activity|service|receiver|content]: dump intent resolvers"); 20780 pw.println(" perm[issions]: dump permissions"); 20781 pw.println(" permission [name ...]: dump declaration and use of given permission"); 20782 pw.println(" pref[erred]: print preferred package settings"); 20783 pw.println(" preferred-xml [--full]: print preferred package settings as xml"); 20784 pw.println(" prov[iders]: dump content providers"); 20785 pw.println(" p[ackages]: dump installed packages"); 20786 pw.println(" s[hared-users]: dump shared user IDs"); 20787 pw.println(" m[essages]: print collected runtime messages"); 20788 pw.println(" v[erifiers]: print package verifier info"); 20789 pw.println(" d[omain-preferred-apps]: print domains preferred apps"); 20790 pw.println(" i[ntent-filter-verifiers]|ifv: print intent filter verifier info"); 20791 pw.println(" version: print database version info"); 20792 pw.println(" write: write current settings now"); 20793 pw.println(" installs: details about install sessions"); 20794 pw.println(" check-permission <permission> <package> [<user>]: does pkg hold perm?"); 20795 pw.println(" dexopt: dump dexopt state"); 20796 pw.println(" compiler-stats: dump compiler statistics"); 20797 pw.println(" enabled-overlays: dump list of enabled overlay packages"); 20798 pw.println(" <package.name>: info about given package"); 20799 return; 20800 } else if ("--checkin".equals(opt)) { 20801 checkin = true; 20802 } else if ("-f".equals(opt)) { 20803 dumpState.setOptionEnabled(DumpState.OPTION_SHOW_FILTERS); 20804 } else if ("--proto".equals(opt)) { 20805 dumpProto(fd); 20806 return; 20807 } else { 20808 pw.println("Unknown argument: " + opt + "; use -h for help"); 20809 } 20810 } 20811 20812 // Is the caller requesting to dump a particular piece of data? 20813 if (opti < args.length) { 20814 String cmd = args[opti]; 20815 opti++; 20816 // Is this a package name? 20817 if ("android".equals(cmd) || cmd.contains(".")) { 20818 packageName = cmd; 20819 // When dumping a single package, we always dump all of its 20820 // filter information since the amount of data will be reasonable. 20821 dumpState.setOptionEnabled(DumpState.OPTION_SHOW_FILTERS); 20822 } else if ("check-permission".equals(cmd)) { 20823 if (opti >= args.length) { 20824 pw.println("Error: check-permission missing permission argument"); 20825 return; 20826 } 20827 String perm = args[opti]; 20828 opti++; 20829 if (opti >= args.length) { 20830 pw.println("Error: check-permission missing package argument"); 20831 return; 20832 } 20833 20834 String pkg = args[opti]; 20835 opti++; 20836 int user = UserHandle.getUserId(Binder.getCallingUid()); 20837 if (opti < args.length) { 20838 try { 20839 user = Integer.parseInt(args[opti]); 20840 } catch (NumberFormatException e) { 20841 pw.println("Error: check-permission user argument is not a number: " 20842 + args[opti]); 20843 return; 20844 } 20845 } 20846 20847 // Normalize package name to handle renamed packages and static libs 20848 pkg = resolveInternalPackageNameLPr(pkg, PackageManager.VERSION_CODE_HIGHEST); 20849 20850 pw.println(checkPermission(perm, pkg, user)); 20851 return; 20852 } else if ("l".equals(cmd) || "libraries".equals(cmd)) { 20853 dumpState.setDump(DumpState.DUMP_LIBS); 20854 } else if ("f".equals(cmd) || "features".equals(cmd)) { 20855 dumpState.setDump(DumpState.DUMP_FEATURES); 20856 } else if ("r".equals(cmd) || "resolvers".equals(cmd)) { 20857 if (opti >= args.length) { 20858 dumpState.setDump(DumpState.DUMP_ACTIVITY_RESOLVERS 20859 | DumpState.DUMP_SERVICE_RESOLVERS 20860 | DumpState.DUMP_RECEIVER_RESOLVERS 20861 | DumpState.DUMP_CONTENT_RESOLVERS); 20862 } else { 20863 while (opti < args.length) { 20864 String name = args[opti]; 20865 if ("a".equals(name) || "activity".equals(name)) { 20866 dumpState.setDump(DumpState.DUMP_ACTIVITY_RESOLVERS); 20867 } else if ("s".equals(name) || "service".equals(name)) { 20868 dumpState.setDump(DumpState.DUMP_SERVICE_RESOLVERS); 20869 } else if ("r".equals(name) || "receiver".equals(name)) { 20870 dumpState.setDump(DumpState.DUMP_RECEIVER_RESOLVERS); 20871 } else if ("c".equals(name) || "content".equals(name)) { 20872 dumpState.setDump(DumpState.DUMP_CONTENT_RESOLVERS); 20873 } else { 20874 pw.println("Error: unknown resolver table type: " + name); 20875 return; 20876 } 20877 opti++; 20878 } 20879 } 20880 } else if ("perm".equals(cmd) || "permissions".equals(cmd)) { 20881 dumpState.setDump(DumpState.DUMP_PERMISSIONS); 20882 } else if ("permission".equals(cmd)) { 20883 if (opti >= args.length) { 20884 pw.println("Error: permission requires permission name"); 20885 return; 20886 } 20887 permissionNames = new ArraySet<>(); 20888 while (opti < args.length) { 20889 permissionNames.add(args[opti]); 20890 opti++; 20891 } 20892 dumpState.setDump(DumpState.DUMP_PERMISSIONS 20893 | DumpState.DUMP_PACKAGES | DumpState.DUMP_SHARED_USERS); 20894 } else if ("pref".equals(cmd) || "preferred".equals(cmd)) { 20895 dumpState.setDump(DumpState.DUMP_PREFERRED); 20896 } else if ("preferred-xml".equals(cmd)) { 20897 dumpState.setDump(DumpState.DUMP_PREFERRED_XML); 20898 if (opti < args.length && "--full".equals(args[opti])) { 20899 fullPreferred = true; 20900 opti++; 20901 } 20902 } else if ("d".equals(cmd) || "domain-preferred-apps".equals(cmd)) { 20903 dumpState.setDump(DumpState.DUMP_DOMAIN_PREFERRED); 20904 } else if ("p".equals(cmd) || "packages".equals(cmd)) { 20905 dumpState.setDump(DumpState.DUMP_PACKAGES); 20906 } else if ("s".equals(cmd) || "shared-users".equals(cmd)) { 20907 dumpState.setDump(DumpState.DUMP_SHARED_USERS); 20908 } else if ("prov".equals(cmd) || "providers".equals(cmd)) { 20909 dumpState.setDump(DumpState.DUMP_PROVIDERS); 20910 } else if ("m".equals(cmd) || "messages".equals(cmd)) { 20911 dumpState.setDump(DumpState.DUMP_MESSAGES); 20912 } else if ("v".equals(cmd) || "verifiers".equals(cmd)) { 20913 dumpState.setDump(DumpState.DUMP_VERIFIERS); 20914 } else if ("i".equals(cmd) || "ifv".equals(cmd) 20915 || "intent-filter-verifiers".equals(cmd)) { 20916 dumpState.setDump(DumpState.DUMP_INTENT_FILTER_VERIFIERS); 20917 } else if ("version".equals(cmd)) { 20918 dumpState.setDump(DumpState.DUMP_VERSION); 20919 } else if ("k".equals(cmd) || "keysets".equals(cmd)) { 20920 dumpState.setDump(DumpState.DUMP_KEYSETS); 20921 } else if ("installs".equals(cmd)) { 20922 dumpState.setDump(DumpState.DUMP_INSTALLS); 20923 } else if ("frozen".equals(cmd)) { 20924 dumpState.setDump(DumpState.DUMP_FROZEN); 20925 } else if ("dexopt".equals(cmd)) { 20926 dumpState.setDump(DumpState.DUMP_DEXOPT); 20927 } else if ("compiler-stats".equals(cmd)) { 20928 dumpState.setDump(DumpState.DUMP_COMPILER_STATS); 20929 } else if ("enabled-overlays".equals(cmd)) { 20930 dumpState.setDump(DumpState.DUMP_ENABLED_OVERLAYS); 20931 } else if ("changes".equals(cmd)) { 20932 dumpState.setDump(DumpState.DUMP_CHANGES); 20933 } else if ("write".equals(cmd)) { 20934 synchronized (mPackages) { 20935 mSettings.writeLPr(); 20936 pw.println("Settings written."); 20937 return; 20938 } 20939 } 20940 } 20941 20942 if (checkin) { 20943 pw.println("vers,1"); 20944 } 20945 20946 // reader 20947 synchronized (mPackages) { 20948 if (dumpState.isDumping(DumpState.DUMP_VERSION) && packageName == null) { 20949 if (!checkin) { 20950 if (dumpState.onTitlePrinted()) 20951 pw.println(); 20952 pw.println("Database versions:"); 20953 mSettings.dumpVersionLPr(new IndentingPrintWriter(pw, " ")); 20954 } 20955 } 20956 20957 if (dumpState.isDumping(DumpState.DUMP_VERIFIERS) && packageName == null) { 20958 if (!checkin) { 20959 if (dumpState.onTitlePrinted()) 20960 pw.println(); 20961 pw.println("Verifiers:"); 20962 pw.print(" Required: "); 20963 pw.print(mRequiredVerifierPackage); 20964 pw.print(" (uid="); 20965 pw.print(getPackageUid(mRequiredVerifierPackage, MATCH_DEBUG_TRIAGED_MISSING, 20966 UserHandle.USER_SYSTEM)); 20967 pw.println(")"); 20968 } else if (mRequiredVerifierPackage != null) { 20969 pw.print("vrfy,"); pw.print(mRequiredVerifierPackage); 20970 pw.print(","); 20971 pw.println(getPackageUid(mRequiredVerifierPackage, MATCH_DEBUG_TRIAGED_MISSING, 20972 UserHandle.USER_SYSTEM)); 20973 } 20974 } 20975 20976 if (dumpState.isDumping(DumpState.DUMP_INTENT_FILTER_VERIFIERS) && 20977 packageName == null) { 20978 if (mIntentFilterVerifierComponent != null) { 20979 String verifierPackageName = mIntentFilterVerifierComponent.getPackageName(); 20980 if (!checkin) { 20981 if (dumpState.onTitlePrinted()) 20982 pw.println(); 20983 pw.println("Intent Filter Verifier:"); 20984 pw.print(" Using: "); 20985 pw.print(verifierPackageName); 20986 pw.print(" (uid="); 20987 pw.print(getPackageUid(verifierPackageName, MATCH_DEBUG_TRIAGED_MISSING, 20988 UserHandle.USER_SYSTEM)); 20989 pw.println(")"); 20990 } else if (verifierPackageName != null) { 20991 pw.print("ifv,"); pw.print(verifierPackageName); 20992 pw.print(","); 20993 pw.println(getPackageUid(verifierPackageName, MATCH_DEBUG_TRIAGED_MISSING, 20994 UserHandle.USER_SYSTEM)); 20995 } 20996 } else { 20997 pw.println(); 20998 pw.println("No Intent Filter Verifier available!"); 20999 } 21000 } 21001 21002 if (dumpState.isDumping(DumpState.DUMP_LIBS) && packageName == null) { 21003 boolean printedHeader = false; 21004 final Iterator<String> it = mSharedLibraries.keySet().iterator(); 21005 while (it.hasNext()) { 21006 String libName = it.next(); 21007 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get(libName); 21008 if (versionedLib == null) { 21009 continue; 21010 } 21011 final int versionCount = versionedLib.size(); 21012 for (int i = 0; i < versionCount; i++) { 21013 SharedLibraryEntry libEntry = versionedLib.valueAt(i); 21014 if (!checkin) { 21015 if (!printedHeader) { 21016 if (dumpState.onTitlePrinted()) 21017 pw.println(); 21018 pw.println("Libraries:"); 21019 printedHeader = true; 21020 } 21021 pw.print(" "); 21022 } else { 21023 pw.print("lib,"); 21024 } 21025 pw.print(libEntry.info.getName()); 21026 if (libEntry.info.isStatic()) { 21027 pw.print(" version=" + libEntry.info.getVersion()); 21028 } 21029 if (!checkin) { 21030 pw.print(" -> "); 21031 } 21032 if (libEntry.path != null) { 21033 pw.print(" (jar) "); 21034 pw.print(libEntry.path); 21035 } else { 21036 pw.print(" (apk) "); 21037 pw.print(libEntry.apk); 21038 } 21039 pw.println(); 21040 } 21041 } 21042 } 21043 21044 if (dumpState.isDumping(DumpState.DUMP_FEATURES) && packageName == null) { 21045 if (dumpState.onTitlePrinted()) 21046 pw.println(); 21047 if (!checkin) { 21048 pw.println("Features:"); 21049 } 21050 21051 synchronized (mAvailableFeatures) { 21052 for (FeatureInfo feat : mAvailableFeatures.values()) { 21053 if (checkin) { 21054 pw.print("feat,"); 21055 pw.print(feat.name); 21056 pw.print(","); 21057 pw.println(feat.version); 21058 } else { 21059 pw.print(" "); 21060 pw.print(feat.name); 21061 if (feat.version > 0) { 21062 pw.print(" version="); 21063 pw.print(feat.version); 21064 } 21065 pw.println(); 21066 } 21067 } 21068 } 21069 } 21070 21071 if (!checkin && dumpState.isDumping(DumpState.DUMP_ACTIVITY_RESOLVERS)) { 21072 if (mActivities.dump(pw, dumpState.getTitlePrinted() ? "\nActivity Resolver Table:" 21073 : "Activity Resolver Table:", " ", packageName, 21074 dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS), true)) { 21075 dumpState.setTitlePrinted(true); 21076 } 21077 } 21078 if (!checkin && dumpState.isDumping(DumpState.DUMP_RECEIVER_RESOLVERS)) { 21079 if (mReceivers.dump(pw, dumpState.getTitlePrinted() ? "\nReceiver Resolver Table:" 21080 : "Receiver Resolver Table:", " ", packageName, 21081 dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS), true)) { 21082 dumpState.setTitlePrinted(true); 21083 } 21084 } 21085 if (!checkin && dumpState.isDumping(DumpState.DUMP_SERVICE_RESOLVERS)) { 21086 if (mServices.dump(pw, dumpState.getTitlePrinted() ? "\nService Resolver Table:" 21087 : "Service Resolver Table:", " ", packageName, 21088 dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS), true)) { 21089 dumpState.setTitlePrinted(true); 21090 } 21091 } 21092 if (!checkin && dumpState.isDumping(DumpState.DUMP_CONTENT_RESOLVERS)) { 21093 if (mProviders.dump(pw, dumpState.getTitlePrinted() ? "\nProvider Resolver Table:" 21094 : "Provider Resolver Table:", " ", packageName, 21095 dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS), true)) { 21096 dumpState.setTitlePrinted(true); 21097 } 21098 } 21099 21100 if (!checkin && dumpState.isDumping(DumpState.DUMP_PREFERRED)) { 21101 for (int i=0; i<mSettings.mPreferredActivities.size(); i++) { 21102 PreferredIntentResolver pir = mSettings.mPreferredActivities.valueAt(i); 21103 int user = mSettings.mPreferredActivities.keyAt(i); 21104 if (pir.dump(pw, 21105 dumpState.getTitlePrinted() 21106 ? "\nPreferred Activities User " + user + ":" 21107 : "Preferred Activities User " + user + ":", " ", 21108 packageName, true, false)) { 21109 dumpState.setTitlePrinted(true); 21110 } 21111 } 21112 } 21113 21114 if (!checkin && dumpState.isDumping(DumpState.DUMP_PREFERRED_XML)) { 21115 pw.flush(); 21116 FileOutputStream fout = new FileOutputStream(fd); 21117 BufferedOutputStream str = new BufferedOutputStream(fout); 21118 XmlSerializer serializer = new FastXmlSerializer(); 21119 try { 21120 serializer.setOutput(str, StandardCharsets.UTF_8.name()); 21121 serializer.startDocument(null, true); 21122 serializer.setFeature( 21123 "http://xmlpull.org/v1/doc/features.html#indent-output", true); 21124 mSettings.writePreferredActivitiesLPr(serializer, 0, fullPreferred); 21125 serializer.endDocument(); 21126 serializer.flush(); 21127 } catch (IllegalArgumentException e) { 21128 pw.println("Failed writing: " + e); 21129 } catch (IllegalStateException e) { 21130 pw.println("Failed writing: " + e); 21131 } catch (IOException e) { 21132 pw.println("Failed writing: " + e); 21133 } 21134 } 21135 21136 if (!checkin 21137 && dumpState.isDumping(DumpState.DUMP_DOMAIN_PREFERRED) 21138 && packageName == null) { 21139 pw.println(); 21140 int count = mSettings.mPackages.size(); 21141 if (count == 0) { 21142 pw.println("No applications!"); 21143 pw.println(); 21144 } else { 21145 final String prefix = " "; 21146 Collection<PackageSetting> allPackageSettings = mSettings.mPackages.values(); 21147 if (allPackageSettings.size() == 0) { 21148 pw.println("No domain preferred apps!"); 21149 pw.println(); 21150 } else { 21151 pw.println("App verification status:"); 21152 pw.println(); 21153 count = 0; 21154 for (PackageSetting ps : allPackageSettings) { 21155 IntentFilterVerificationInfo ivi = ps.getIntentFilterVerificationInfo(); 21156 if (ivi == null || ivi.getPackageName() == null) continue; 21157 pw.println(prefix + "Package: " + ivi.getPackageName()); 21158 pw.println(prefix + "Domains: " + ivi.getDomainsString()); 21159 pw.println(prefix + "Status: " + ivi.getStatusString()); 21160 pw.println(); 21161 count++; 21162 } 21163 if (count == 0) { 21164 pw.println(prefix + "No app verification established."); 21165 pw.println(); 21166 } 21167 for (int userId : sUserManager.getUserIds()) { 21168 pw.println("App linkages for user " + userId + ":"); 21169 pw.println(); 21170 count = 0; 21171 for (PackageSetting ps : allPackageSettings) { 21172 final long status = ps.getDomainVerificationStatusForUser(userId); 21173 if (status >> 32 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED 21174 && !DEBUG_DOMAIN_VERIFICATION) { 21175 continue; 21176 } 21177 pw.println(prefix + "Package: " + ps.name); 21178 pw.println(prefix + "Domains: " + dumpDomainString(ps.name)); 21179 String statusStr = IntentFilterVerificationInfo. 21180 getStatusStringFromValue(status); 21181 pw.println(prefix + "Status: " + statusStr); 21182 pw.println(); 21183 count++; 21184 } 21185 if (count == 0) { 21186 pw.println(prefix + "No configured app linkages."); 21187 pw.println(); 21188 } 21189 } 21190 } 21191 } 21192 } 21193 21194 if (!checkin && dumpState.isDumping(DumpState.DUMP_PERMISSIONS)) { 21195 mSettings.dumpPermissionsLPr(pw, packageName, permissionNames, dumpState); 21196 if (packageName == null && permissionNames == null) { 21197 for (int iperm=0; iperm<mAppOpPermissionPackages.size(); iperm++) { 21198 if (iperm == 0) { 21199 if (dumpState.onTitlePrinted()) 21200 pw.println(); 21201 pw.println("AppOp Permissions:"); 21202 } 21203 pw.print(" AppOp Permission "); 21204 pw.print(mAppOpPermissionPackages.keyAt(iperm)); 21205 pw.println(":"); 21206 ArraySet<String> pkgs = mAppOpPermissionPackages.valueAt(iperm); 21207 for (int ipkg=0; ipkg<pkgs.size(); ipkg++) { 21208 pw.print(" "); pw.println(pkgs.valueAt(ipkg)); 21209 } 21210 } 21211 } 21212 } 21213 21214 if (!checkin && dumpState.isDumping(DumpState.DUMP_PROVIDERS)) { 21215 boolean printedSomething = false; 21216 for (PackageParser.Provider p : mProviders.mProviders.values()) { 21217 if (packageName != null && !packageName.equals(p.info.packageName)) { 21218 continue; 21219 } 21220 if (!printedSomething) { 21221 if (dumpState.onTitlePrinted()) 21222 pw.println(); 21223 pw.println("Registered ContentProviders:"); 21224 printedSomething = true; 21225 } 21226 pw.print(" "); p.printComponentShortName(pw); pw.println(":"); 21227 pw.print(" "); pw.println(p.toString()); 21228 } 21229 printedSomething = false; 21230 for (Map.Entry<String, PackageParser.Provider> entry : 21231 mProvidersByAuthority.entrySet()) { 21232 PackageParser.Provider p = entry.getValue(); 21233 if (packageName != null && !packageName.equals(p.info.packageName)) { 21234 continue; 21235 } 21236 if (!printedSomething) { 21237 if (dumpState.onTitlePrinted()) 21238 pw.println(); 21239 pw.println("ContentProvider Authorities:"); 21240 printedSomething = true; 21241 } 21242 pw.print(" ["); pw.print(entry.getKey()); pw.println("]:"); 21243 pw.print(" "); pw.println(p.toString()); 21244 if (p.info != null && p.info.applicationInfo != null) { 21245 final String appInfo = p.info.applicationInfo.toString(); 21246 pw.print(" applicationInfo="); pw.println(appInfo); 21247 } 21248 } 21249 } 21250 21251 if (!checkin && dumpState.isDumping(DumpState.DUMP_KEYSETS)) { 21252 mSettings.mKeySetManagerService.dumpLPr(pw, packageName, dumpState); 21253 } 21254 21255 if (dumpState.isDumping(DumpState.DUMP_PACKAGES)) { 21256 mSettings.dumpPackagesLPr(pw, packageName, permissionNames, dumpState, checkin); 21257 } 21258 21259 if (dumpState.isDumping(DumpState.DUMP_SHARED_USERS)) { 21260 mSettings.dumpSharedUsersLPr(pw, packageName, permissionNames, dumpState, checkin); 21261 } 21262 21263 if (dumpState.isDumping(DumpState.DUMP_CHANGES)) { 21264 if (dumpState.onTitlePrinted()) pw.println(); 21265 pw.println("Package Changes:"); 21266 pw.print(" Sequence number="); pw.println(mChangedPackagesSequenceNumber); 21267 final int K = mChangedPackages.size(); 21268 for (int i = 0; i < K; i++) { 21269 final SparseArray<String> changes = mChangedPackages.valueAt(i); 21270 pw.print(" User "); pw.print(mChangedPackages.keyAt(i)); pw.println(":"); 21271 final int N = changes.size(); 21272 if (N == 0) { 21273 pw.print(" "); pw.println("No packages changed"); 21274 } else { 21275 for (int j = 0; j < N; j++) { 21276 final String pkgName = changes.valueAt(j); 21277 final int sequenceNumber = changes.keyAt(j); 21278 pw.print(" "); 21279 pw.print("seq="); 21280 pw.print(sequenceNumber); 21281 pw.print(", package="); 21282 pw.println(pkgName); 21283 } 21284 } 21285 } 21286 } 21287 21288 if (!checkin && dumpState.isDumping(DumpState.DUMP_PERMISSIONS) && packageName == null) { 21289 mSettings.dumpRestoredPermissionGrantsLPr(pw, dumpState); 21290 } 21291 21292 if (!checkin && dumpState.isDumping(DumpState.DUMP_FROZEN) && packageName == null) { 21293 // XXX should handle packageName != null by dumping only install data that 21294 // the given package is involved with. 21295 if (dumpState.onTitlePrinted()) pw.println(); 21296 21297 final IndentingPrintWriter ipw = new IndentingPrintWriter(pw, " ", 120); 21298 ipw.println(); 21299 ipw.println("Frozen packages:"); 21300 ipw.increaseIndent(); 21301 if (mFrozenPackages.size() == 0) { 21302 ipw.println("(none)"); 21303 } else { 21304 for (int i = 0; i < mFrozenPackages.size(); i++) { 21305 ipw.println(mFrozenPackages.valueAt(i)); 21306 } 21307 } 21308 ipw.decreaseIndent(); 21309 } 21310 21311 if (!checkin && dumpState.isDumping(DumpState.DUMP_DEXOPT)) { 21312 if (dumpState.onTitlePrinted()) pw.println(); 21313 dumpDexoptStateLPr(pw, packageName); 21314 } 21315 21316 if (!checkin && dumpState.isDumping(DumpState.DUMP_COMPILER_STATS)) { 21317 if (dumpState.onTitlePrinted()) pw.println(); 21318 dumpCompilerStatsLPr(pw, packageName); 21319 } 21320 21321 if (!checkin && dumpState.isDumping(DumpState.DUMP_ENABLED_OVERLAYS)) { 21322 if (dumpState.onTitlePrinted()) pw.println(); 21323 dumpEnabledOverlaysLPr(pw); 21324 } 21325 21326 if (!checkin && dumpState.isDumping(DumpState.DUMP_MESSAGES) && packageName == null) { 21327 if (dumpState.onTitlePrinted()) pw.println(); 21328 mSettings.dumpReadMessagesLPr(pw, dumpState); 21329 21330 pw.println(); 21331 pw.println("Package warning messages:"); 21332 BufferedReader in = null; 21333 String line = null; 21334 try { 21335 in = new BufferedReader(new FileReader(getSettingsProblemFile())); 21336 while ((line = in.readLine()) != null) { 21337 if (line.contains("ignored: updated version")) continue; 21338 pw.println(line); 21339 } 21340 } catch (IOException ignored) { 21341 } finally { 21342 IoUtils.closeQuietly(in); 21343 } 21344 } 21345 21346 if (checkin && dumpState.isDumping(DumpState.DUMP_MESSAGES)) { 21347 BufferedReader in = null; 21348 String line = null; 21349 try { 21350 in = new BufferedReader(new FileReader(getSettingsProblemFile())); 21351 while ((line = in.readLine()) != null) { 21352 if (line.contains("ignored: updated version")) continue; 21353 pw.print("msg,"); 21354 pw.println(line); 21355 } 21356 } catch (IOException ignored) { 21357 } finally { 21358 IoUtils.closeQuietly(in); 21359 } 21360 } 21361 } 21362 21363 // PackageInstaller should be called outside of mPackages lock 21364 if (!checkin && dumpState.isDumping(DumpState.DUMP_INSTALLS) && packageName == null) { 21365 // XXX should handle packageName != null by dumping only install data that 21366 // the given package is involved with. 21367 if (dumpState.onTitlePrinted()) pw.println(); 21368 mInstallerService.dump(new IndentingPrintWriter(pw, " ", 120)); 21369 } 21370 } 21371 21372 private void dumpProto(FileDescriptor fd) { 21373 final ProtoOutputStream proto = new ProtoOutputStream(fd); 21374 21375 synchronized (mPackages) { 21376 final long requiredVerifierPackageToken = 21377 proto.start(PackageServiceDumpProto.REQUIRED_VERIFIER_PACKAGE); 21378 proto.write(PackageServiceDumpProto.PackageShortProto.NAME, mRequiredVerifierPackage); 21379 proto.write( 21380 PackageServiceDumpProto.PackageShortProto.UID, 21381 getPackageUid( 21382 mRequiredVerifierPackage, 21383 MATCH_DEBUG_TRIAGED_MISSING, 21384 UserHandle.USER_SYSTEM)); 21385 proto.end(requiredVerifierPackageToken); 21386 21387 if (mIntentFilterVerifierComponent != null) { 21388 String verifierPackageName = mIntentFilterVerifierComponent.getPackageName(); 21389 final long verifierPackageToken = 21390 proto.start(PackageServiceDumpProto.VERIFIER_PACKAGE); 21391 proto.write(PackageServiceDumpProto.PackageShortProto.NAME, verifierPackageName); 21392 proto.write( 21393 PackageServiceDumpProto.PackageShortProto.UID, 21394 getPackageUid( 21395 verifierPackageName, 21396 MATCH_DEBUG_TRIAGED_MISSING, 21397 UserHandle.USER_SYSTEM)); 21398 proto.end(verifierPackageToken); 21399 } 21400 21401 dumpSharedLibrariesProto(proto); 21402 dumpFeaturesProto(proto); 21403 mSettings.dumpPackagesProto(proto); 21404 mSettings.dumpSharedUsersProto(proto); 21405 dumpMessagesProto(proto); 21406 } 21407 proto.flush(); 21408 } 21409 21410 private void dumpMessagesProto(ProtoOutputStream proto) { 21411 BufferedReader in = null; 21412 String line = null; 21413 try { 21414 in = new BufferedReader(new FileReader(getSettingsProblemFile())); 21415 while ((line = in.readLine()) != null) { 21416 if (line.contains("ignored: updated version")) continue; 21417 proto.write(PackageServiceDumpProto.MESSAGES, line); 21418 } 21419 } catch (IOException ignored) { 21420 } finally { 21421 IoUtils.closeQuietly(in); 21422 } 21423 } 21424 21425 private void dumpFeaturesProto(ProtoOutputStream proto) { 21426 synchronized (mAvailableFeatures) { 21427 final int count = mAvailableFeatures.size(); 21428 for (int i = 0; i < count; i++) { 21429 final FeatureInfo feat = mAvailableFeatures.valueAt(i); 21430 final long featureToken = proto.start(PackageServiceDumpProto.FEATURES); 21431 proto.write(PackageServiceDumpProto.FeatureProto.NAME, feat.name); 21432 proto.write(PackageServiceDumpProto.FeatureProto.VERSION, feat.version); 21433 proto.end(featureToken); 21434 } 21435 } 21436 } 21437 21438 private void dumpSharedLibrariesProto(ProtoOutputStream proto) { 21439 final int count = mSharedLibraries.size(); 21440 for (int i = 0; i < count; i++) { 21441 final String libName = mSharedLibraries.keyAt(i); 21442 SparseArray<SharedLibraryEntry> versionedLib = mSharedLibraries.get(libName); 21443 if (versionedLib == null) { 21444 continue; 21445 } 21446 final int versionCount = versionedLib.size(); 21447 for (int j = 0; j < versionCount; j++) { 21448 final SharedLibraryEntry libEntry = versionedLib.valueAt(j); 21449 final long sharedLibraryToken = 21450 proto.start(PackageServiceDumpProto.SHARED_LIBRARIES); 21451 proto.write(PackageServiceDumpProto.SharedLibraryProto.NAME, libEntry.info.getName()); 21452 final boolean isJar = (libEntry.path != null); 21453 proto.write(PackageServiceDumpProto.SharedLibraryProto.IS_JAR, isJar); 21454 if (isJar) { 21455 proto.write(PackageServiceDumpProto.SharedLibraryProto.PATH, libEntry.path); 21456 } else { 21457 proto.write(PackageServiceDumpProto.SharedLibraryProto.APK, libEntry.apk); 21458 } 21459 proto.end(sharedLibraryToken); 21460 } 21461 } 21462 } 21463 21464 private void dumpDexoptStateLPr(PrintWriter pw, String packageName) { 21465 final IndentingPrintWriter ipw = new IndentingPrintWriter(pw, " ", 120); 21466 ipw.println(); 21467 ipw.println("Dexopt state:"); 21468 ipw.increaseIndent(); 21469 Collection<PackageParser.Package> packages = null; 21470 if (packageName != null) { 21471 PackageParser.Package targetPackage = mPackages.get(packageName); 21472 if (targetPackage != null) { 21473 packages = Collections.singletonList(targetPackage); 21474 } else { 21475 ipw.println("Unable to find package: " + packageName); 21476 return; 21477 } 21478 } else { 21479 packages = mPackages.values(); 21480 } 21481 21482 for (PackageParser.Package pkg : packages) { 21483 ipw.println("[" + pkg.packageName + "]"); 21484 ipw.increaseIndent(); 21485 mPackageDexOptimizer.dumpDexoptState(ipw, pkg); 21486 ipw.decreaseIndent(); 21487 } 21488 } 21489 21490 private void dumpCompilerStatsLPr(PrintWriter pw, String packageName) { 21491 final IndentingPrintWriter ipw = new IndentingPrintWriter(pw, " ", 120); 21492 ipw.println(); 21493 ipw.println("Compiler stats:"); 21494 ipw.increaseIndent(); 21495 Collection<PackageParser.Package> packages = null; 21496 if (packageName != null) { 21497 PackageParser.Package targetPackage = mPackages.get(packageName); 21498 if (targetPackage != null) { 21499 packages = Collections.singletonList(targetPackage); 21500 } else { 21501 ipw.println("Unable to find package: " + packageName); 21502 return; 21503 } 21504 } else { 21505 packages = mPackages.values(); 21506 } 21507 21508 for (PackageParser.Package pkg : packages) { 21509 ipw.println("[" + pkg.packageName + "]"); 21510 ipw.increaseIndent(); 21511 21512 CompilerStats.PackageStats stats = getCompilerPackageStats(pkg.packageName); 21513 if (stats == null) { 21514 ipw.println("(No recorded stats)"); 21515 } else { 21516 stats.dump(ipw); 21517 } 21518 ipw.decreaseIndent(); 21519 } 21520 } 21521 21522 private void dumpEnabledOverlaysLPr(PrintWriter pw) { 21523 pw.println("Enabled overlay paths:"); 21524 final int N = mEnabledOverlayPaths.size(); 21525 for (int i = 0; i < N; i++) { 21526 final int userId = mEnabledOverlayPaths.keyAt(i); 21527 pw.println(String.format(" User %d:", userId)); 21528 final ArrayMap<String, ArrayList<String>> userSpecificOverlays = 21529 mEnabledOverlayPaths.valueAt(i); 21530 final int M = userSpecificOverlays.size(); 21531 for (int j = 0; j < M; j++) { 21532 final String targetPackageName = userSpecificOverlays.keyAt(j); 21533 final ArrayList<String> overlayPackagePaths = userSpecificOverlays.valueAt(j); 21534 pw.println(String.format(" %s: %s", targetPackageName, overlayPackagePaths)); 21535 } 21536 } 21537 } 21538 21539 private String dumpDomainString(String packageName) { 21540 List<IntentFilterVerificationInfo> iviList = getIntentFilterVerifications(packageName) 21541 .getList(); 21542 List<IntentFilter> filters = getAllIntentFilters(packageName).getList(); 21543 21544 ArraySet<String> result = new ArraySet<>(); 21545 if (iviList.size() > 0) { 21546 for (IntentFilterVerificationInfo ivi : iviList) { 21547 for (String host : ivi.getDomains()) { 21548 result.add(host); 21549 } 21550 } 21551 } 21552 if (filters != null && filters.size() > 0) { 21553 for (IntentFilter filter : filters) { 21554 if (filter.hasCategory(Intent.CATEGORY_BROWSABLE) 21555 && (filter.hasDataScheme(IntentFilter.SCHEME_HTTP) || 21556 filter.hasDataScheme(IntentFilter.SCHEME_HTTPS))) { 21557 result.addAll(filter.getHostsList()); 21558 } 21559 } 21560 } 21561 21562 StringBuilder sb = new StringBuilder(result.size() * 16); 21563 for (String domain : result) { 21564 if (sb.length() > 0) sb.append(" "); 21565 sb.append(domain); 21566 } 21567 return sb.toString(); 21568 } 21569 21570 // ------- apps on sdcard specific code ------- 21571 static final boolean DEBUG_SD_INSTALL = false; 21572 21573 private static final String SD_ENCRYPTION_KEYSTORE_NAME = "AppsOnSD"; 21574 21575 private static final String SD_ENCRYPTION_ALGORITHM = "AES"; 21576 21577 private boolean mMediaMounted = false; 21578 21579 static String getEncryptKey() { 21580 try { 21581 String sdEncKey = SystemKeyStore.getInstance().retrieveKeyHexString( 21582 SD_ENCRYPTION_KEYSTORE_NAME); 21583 if (sdEncKey == null) { 21584 sdEncKey = SystemKeyStore.getInstance().generateNewKeyHexString(128, 21585 SD_ENCRYPTION_ALGORITHM, SD_ENCRYPTION_KEYSTORE_NAME); 21586 if (sdEncKey == null) { 21587 Slog.e(TAG, "Failed to create encryption keys"); 21588 return null; 21589 } 21590 } 21591 return sdEncKey; 21592 } catch (NoSuchAlgorithmException nsae) { 21593 Slog.e(TAG, "Failed to create encryption keys with exception: " + nsae); 21594 return null; 21595 } catch (IOException ioe) { 21596 Slog.e(TAG, "Failed to retrieve encryption keys with exception: " + ioe); 21597 return null; 21598 } 21599 } 21600 21601 /* 21602 * Update media status on PackageManager. 21603 */ 21604 @Override 21605 public void updateExternalMediaStatus(final boolean mediaStatus, final boolean reportStatus) { 21606 int callingUid = Binder.getCallingUid(); 21607 if (callingUid != 0 && callingUid != Process.SYSTEM_UID) { 21608 throw new SecurityException("Media status can only be updated by the system"); 21609 } 21610 // reader; this apparently protects mMediaMounted, but should probably 21611 // be a different lock in that case. 21612 synchronized (mPackages) { 21613 Log.i(TAG, "Updating external media status from " 21614 + (mMediaMounted ? "mounted" : "unmounted") + " to " 21615 + (mediaStatus ? "mounted" : "unmounted")); 21616 if (DEBUG_SD_INSTALL) 21617 Log.i(TAG, "updateExternalMediaStatus:: mediaStatus=" + mediaStatus 21618 + ", mMediaMounted=" + mMediaMounted); 21619 if (mediaStatus == mMediaMounted) { 21620 final Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, reportStatus ? 1 21621 : 0, -1); 21622 mHandler.sendMessage(msg); 21623 return; 21624 } 21625 mMediaMounted = mediaStatus; 21626 } 21627 // Queue up an async operation since the package installation may take a 21628 // little while. 21629 mHandler.post(new Runnable() { 21630 public void run() { 21631 updateExternalMediaStatusInner(mediaStatus, reportStatus, true); 21632 } 21633 }); 21634 } 21635 21636 /** 21637 * Called by StorageManagerService when the initial ASECs to scan are available. 21638 * Should block until all the ASEC containers are finished being scanned. 21639 */ 21640 public void scanAvailableAsecs() { 21641 updateExternalMediaStatusInner(true, false, false); 21642 } 21643 21644 /* 21645 * Collect information of applications on external media, map them against 21646 * existing containers and update information based on current mount status. 21647 * Please note that we always have to report status if reportStatus has been 21648 * set to true especially when unloading packages. 21649 */ 21650 private void updateExternalMediaStatusInner(boolean isMounted, boolean reportStatus, 21651 boolean externalStorage) { 21652 ArrayMap<AsecInstallArgs, String> processCids = new ArrayMap<>(); 21653 int[] uidArr = EmptyArray.INT; 21654 21655 final String[] list = PackageHelper.getSecureContainerList(); 21656 if (ArrayUtils.isEmpty(list)) { 21657 Log.i(TAG, "No secure containers found"); 21658 } else { 21659 // Process list of secure containers and categorize them 21660 // as active or stale based on their package internal state. 21661 21662 // reader 21663 synchronized (mPackages) { 21664 for (String cid : list) { 21665 // Leave stages untouched for now; installer service owns them 21666 if (PackageInstallerService.isStageName(cid)) continue; 21667 21668 if (DEBUG_SD_INSTALL) 21669 Log.i(TAG, "Processing container " + cid); 21670 String pkgName = getAsecPackageName(cid); 21671 if (pkgName == null) { 21672 Slog.i(TAG, "Found stale container " + cid + " with no package name"); 21673 continue; 21674 } 21675 if (DEBUG_SD_INSTALL) 21676 Log.i(TAG, "Looking for pkg : " + pkgName); 21677 21678 final PackageSetting ps = mSettings.mPackages.get(pkgName); 21679 if (ps == null) { 21680 Slog.i(TAG, "Found stale container " + cid + " with no matching settings"); 21681 continue; 21682 } 21683 21684 /* 21685 * Skip packages that are not external if we're unmounting 21686 * external storage. 21687 */ 21688 if (externalStorage && !isMounted && !isExternal(ps)) { 21689 continue; 21690 } 21691 21692 final AsecInstallArgs args = new AsecInstallArgs(cid, 21693 getAppDexInstructionSets(ps), ps.isForwardLocked()); 21694 // The package status is changed only if the code path 21695 // matches between settings and the container id. 21696 if (ps.codePathString != null 21697 && ps.codePathString.startsWith(args.getCodePath())) { 21698 if (DEBUG_SD_INSTALL) { 21699 Log.i(TAG, "Container : " + cid + " corresponds to pkg : " + pkgName 21700 + " at code path: " + ps.codePathString); 21701 } 21702 21703 // We do have a valid package installed on sdcard 21704 processCids.put(args, ps.codePathString); 21705 final int uid = ps.appId; 21706 if (uid != -1) { 21707 uidArr = ArrayUtils.appendInt(uidArr, uid); 21708 } 21709 } else { 21710 Slog.i(TAG, "Found stale container " + cid + ": expected codePath=" 21711 + ps.codePathString); 21712 } 21713 } 21714 } 21715 21716 Arrays.sort(uidArr); 21717 } 21718 21719 // Process packages with valid entries. 21720 if (isMounted) { 21721 if (DEBUG_SD_INSTALL) 21722 Log.i(TAG, "Loading packages"); 21723 loadMediaPackages(processCids, uidArr, externalStorage); 21724 startCleaningPackages(); 21725 mInstallerService.onSecureContainersAvailable(); 21726 } else { 21727 if (DEBUG_SD_INSTALL) 21728 Log.i(TAG, "Unloading packages"); 21729 unloadMediaPackages(processCids, uidArr, reportStatus); 21730 } 21731 } 21732 21733 private void sendResourcesChangedBroadcast(boolean mediaStatus, boolean replacing, 21734 ArrayList<ApplicationInfo> infos, IIntentReceiver finishedReceiver) { 21735 final int size = infos.size(); 21736 final String[] packageNames = new String[size]; 21737 final int[] packageUids = new int[size]; 21738 for (int i = 0; i < size; i++) { 21739 final ApplicationInfo info = infos.get(i); 21740 packageNames[i] = info.packageName; 21741 packageUids[i] = info.uid; 21742 } 21743 sendResourcesChangedBroadcast(mediaStatus, replacing, packageNames, packageUids, 21744 finishedReceiver); 21745 } 21746 21747 private void sendResourcesChangedBroadcast(boolean mediaStatus, boolean replacing, 21748 ArrayList<String> pkgList, int uidArr[], IIntentReceiver finishedReceiver) { 21749 sendResourcesChangedBroadcast(mediaStatus, replacing, 21750 pkgList.toArray(new String[pkgList.size()]), uidArr, finishedReceiver); 21751 } 21752 21753 private void sendResourcesChangedBroadcast(boolean mediaStatus, boolean replacing, 21754 String[] pkgList, int uidArr[], IIntentReceiver finishedReceiver) { 21755 int size = pkgList.length; 21756 if (size > 0) { 21757 // Send broadcasts here 21758 Bundle extras = new Bundle(); 21759 extras.putStringArray(Intent.EXTRA_CHANGED_PACKAGE_LIST, pkgList); 21760 if (uidArr != null) { 21761 extras.putIntArray(Intent.EXTRA_CHANGED_UID_LIST, uidArr); 21762 } 21763 if (replacing) { 21764 extras.putBoolean(Intent.EXTRA_REPLACING, replacing); 21765 } 21766 String action = mediaStatus ? Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE 21767 : Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE; 21768 sendPackageBroadcast(action, null, extras, 0, null, finishedReceiver, null); 21769 } 21770 } 21771 21772 /* 21773 * Look at potentially valid container ids from processCids If package 21774 * information doesn't match the one on record or package scanning fails, 21775 * the cid is added to list of removeCids. We currently don't delete stale 21776 * containers. 21777 */ 21778 private void loadMediaPackages(ArrayMap<AsecInstallArgs, String> processCids, int[] uidArr, 21779 boolean externalStorage) { 21780 ArrayList<String> pkgList = new ArrayList<String>(); 21781 Set<AsecInstallArgs> keys = processCids.keySet(); 21782 21783 for (AsecInstallArgs args : keys) { 21784 String codePath = processCids.get(args); 21785 if (DEBUG_SD_INSTALL) 21786 Log.i(TAG, "Loading container : " + args.cid); 21787 int retCode = PackageManager.INSTALL_FAILED_CONTAINER_ERROR; 21788 try { 21789 // Make sure there are no container errors first. 21790 if (args.doPreInstall(PackageManager.INSTALL_SUCCEEDED) != PackageManager.INSTALL_SUCCEEDED) { 21791 Slog.e(TAG, "Failed to mount cid : " + args.cid 21792 + " when installing from sdcard"); 21793 continue; 21794 } 21795 // Check code path here. 21796 if (codePath == null || !codePath.startsWith(args.getCodePath())) { 21797 Slog.e(TAG, "Container " + args.cid + " cachepath " + args.getCodePath() 21798 + " does not match one in settings " + codePath); 21799 continue; 21800 } 21801 // Parse package 21802 int parseFlags = mDefParseFlags; 21803 if (args.isExternalAsec()) { 21804 parseFlags |= PackageParser.PARSE_EXTERNAL_STORAGE; 21805 } 21806 if (args.isFwdLocked()) { 21807 parseFlags |= PackageParser.PARSE_FORWARD_LOCK; 21808 } 21809 21810 synchronized (mInstallLock) { 21811 PackageParser.Package pkg = null; 21812 try { 21813 // Sadly we don't know the package name yet to freeze it 21814 pkg = scanPackageTracedLI(new File(codePath), parseFlags, 21815 SCAN_IGNORE_FROZEN, 0, null); 21816 } catch (PackageManagerException e) { 21817 Slog.w(TAG, "Failed to scan " + codePath + ": " + e.getMessage()); 21818 } 21819 // Scan the package 21820 if (pkg != null) { 21821 /* 21822 * TODO why is the lock being held? doPostInstall is 21823 * called in other places without the lock. This needs 21824 * to be straightened out. 21825 */ 21826 // writer 21827 synchronized (mPackages) { 21828 retCode = PackageManager.INSTALL_SUCCEEDED; 21829 pkgList.add(pkg.packageName); 21830 // Post process args 21831 args.doPostInstall(PackageManager.INSTALL_SUCCEEDED, 21832 pkg.applicationInfo.uid); 21833 } 21834 } else { 21835 Slog.i(TAG, "Failed to install pkg from " + codePath + " from sdcard"); 21836 } 21837 } 21838 21839 } finally { 21840 if (retCode != PackageManager.INSTALL_SUCCEEDED) { 21841 Log.w(TAG, "Container " + args.cid + " is stale, retCode=" + retCode); 21842 } 21843 } 21844 } 21845 // writer 21846 synchronized (mPackages) { 21847 // If the platform SDK has changed since the last time we booted, 21848 // we need to re-grant app permission to catch any new ones that 21849 // appear. This is really a hack, and means that apps can in some 21850 // cases get permissions that the user didn't initially explicitly 21851 // allow... it would be nice to have some better way to handle 21852 // this situation. 21853 final VersionInfo ver = externalStorage ? mSettings.getExternalVersion() 21854 : mSettings.getInternalVersion(); 21855 final String volumeUuid = externalStorage ? StorageManager.UUID_PRIMARY_PHYSICAL 21856 : StorageManager.UUID_PRIVATE_INTERNAL; 21857 21858 int updateFlags = UPDATE_PERMISSIONS_ALL; 21859 if (ver.sdkVersion != mSdkVersion) { 21860 logCriticalInfo(Log.INFO, "Platform changed from " + ver.sdkVersion + " to " 21861 + mSdkVersion + "; regranting permissions for external"); 21862 updateFlags |= UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL; 21863 } 21864 updatePermissionsLPw(null, null, volumeUuid, updateFlags); 21865 21866 // Yay, everything is now upgraded 21867 ver.forceCurrent(); 21868 21869 // can downgrade to reader 21870 // Persist settings 21871 mSettings.writeLPr(); 21872 } 21873 // Send a broadcast to let everyone know we are done processing 21874 if (pkgList.size() > 0) { 21875 sendResourcesChangedBroadcast(true, false, pkgList, uidArr, null); 21876 } 21877 } 21878 21879 /* 21880 * Utility method to unload a list of specified containers 21881 */ 21882 private void unloadAllContainers(Set<AsecInstallArgs> cidArgs) { 21883 // Just unmount all valid containers. 21884 for (AsecInstallArgs arg : cidArgs) { 21885 synchronized (mInstallLock) { 21886 arg.doPostDeleteLI(false); 21887 } 21888 } 21889 } 21890 21891 /* 21892 * Unload packages mounted on external media. This involves deleting package 21893 * data from internal structures, sending broadcasts about disabled packages, 21894 * gc'ing to free up references, unmounting all secure containers 21895 * corresponding to packages on external media, and posting a 21896 * UPDATED_MEDIA_STATUS message if status has been requested. Please note 21897 * that we always have to post this message if status has been requested no 21898 * matter what. 21899 */ 21900 private void unloadMediaPackages(ArrayMap<AsecInstallArgs, String> processCids, int uidArr[], 21901 final boolean reportStatus) { 21902 if (DEBUG_SD_INSTALL) 21903 Log.i(TAG, "unloading media packages"); 21904 ArrayList<String> pkgList = new ArrayList<String>(); 21905 ArrayList<AsecInstallArgs> failedList = new ArrayList<AsecInstallArgs>(); 21906 final Set<AsecInstallArgs> keys = processCids.keySet(); 21907 for (AsecInstallArgs args : keys) { 21908 String pkgName = args.getPackageName(); 21909 if (DEBUG_SD_INSTALL) 21910 Log.i(TAG, "Trying to unload pkg : " + pkgName); 21911 // Delete package internally 21912 PackageRemovedInfo outInfo = new PackageRemovedInfo(this); 21913 synchronized (mInstallLock) { 21914 final int deleteFlags = PackageManager.DELETE_KEEP_DATA; 21915 final boolean res; 21916 try (PackageFreezer freezer = freezePackageForDelete(pkgName, deleteFlags, 21917 "unloadMediaPackages")) { 21918 res = deletePackageLIF(pkgName, null, false, null, deleteFlags, outInfo, false, 21919 null); 21920 } 21921 if (res) { 21922 pkgList.add(pkgName); 21923 } else { 21924 Slog.e(TAG, "Failed to delete pkg from sdcard : " + pkgName); 21925 failedList.add(args); 21926 } 21927 } 21928 } 21929 21930 // reader 21931 synchronized (mPackages) { 21932 // We didn't update the settings after removing each package; 21933 // write them now for all packages. 21934 mSettings.writeLPr(); 21935 } 21936 21937 // We have to absolutely send UPDATED_MEDIA_STATUS only 21938 // after confirming that all the receivers processed the ordered 21939 // broadcast when packages get disabled, force a gc to clean things up. 21940 // and unload all the containers. 21941 if (pkgList.size() > 0) { 21942 sendResourcesChangedBroadcast(false, false, pkgList, uidArr, 21943 new IIntentReceiver.Stub() { 21944 public void performReceive(Intent intent, int resultCode, String data, 21945 Bundle extras, boolean ordered, boolean sticky, 21946 int sendingUser) throws RemoteException { 21947 Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, 21948 reportStatus ? 1 : 0, 1, keys); 21949 mHandler.sendMessage(msg); 21950 } 21951 }); 21952 } else { 21953 Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, reportStatus ? 1 : 0, -1, 21954 keys); 21955 mHandler.sendMessage(msg); 21956 } 21957 } 21958 21959 private void loadPrivatePackages(final VolumeInfo vol) { 21960 mHandler.post(new Runnable() { 21961 @Override 21962 public void run() { 21963 loadPrivatePackagesInner(vol); 21964 } 21965 }); 21966 } 21967 21968 private void loadPrivatePackagesInner(VolumeInfo vol) { 21969 final String volumeUuid = vol.fsUuid; 21970 if (TextUtils.isEmpty(volumeUuid)) { 21971 Slog.e(TAG, "Loading internal storage is probably a mistake; ignoring"); 21972 return; 21973 } 21974 21975 final ArrayList<PackageFreezer> freezers = new ArrayList<>(); 21976 final ArrayList<ApplicationInfo> loaded = new ArrayList<>(); 21977 final int parseFlags = mDefParseFlags | PackageParser.PARSE_EXTERNAL_STORAGE; 21978 21979 final VersionInfo ver; 21980 final List<PackageSetting> packages; 21981 synchronized (mPackages) { 21982 ver = mSettings.findOrCreateVersion(volumeUuid); 21983 packages = mSettings.getVolumePackagesLPr(volumeUuid); 21984 } 21985 21986 for (PackageSetting ps : packages) { 21987 freezers.add(freezePackage(ps.name, "loadPrivatePackagesInner")); 21988 synchronized (mInstallLock) { 21989 final PackageParser.Package pkg; 21990 try { 21991 pkg = scanPackageTracedLI(ps.codePath, parseFlags, SCAN_INITIAL, 0, null); 21992 loaded.add(pkg.applicationInfo); 21993 21994 } catch (PackageManagerException e) { 21995 Slog.w(TAG, "Failed to scan " + ps.codePath + ": " + e.getMessage()); 21996 } 21997 21998 if (!Build.FINGERPRINT.equals(ver.fingerprint)) { 21999 clearAppDataLIF(ps.pkg, UserHandle.USER_ALL, 22000 StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE 22001 | Installer.FLAG_CLEAR_CODE_CACHE_ONLY); 22002 } 22003 } 22004 } 22005 22006 // Reconcile app data for all started/unlocked users 22007 final StorageManager sm = mContext.getSystemService(StorageManager.class); 22008 final UserManager um = mContext.getSystemService(UserManager.class); 22009 UserManagerInternal umInternal = getUserManagerInternal(); 22010 for (UserInfo user : um.getUsers()) { 22011 final int flags; 22012 if (umInternal.isUserUnlockingOrUnlocked(user.id)) { 22013 flags = StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE; 22014 } else if (umInternal.isUserRunning(user.id)) { 22015 flags = StorageManager.FLAG_STORAGE_DE; 22016 } else { 22017 continue; 22018 } 22019 22020 try { 22021 sm.prepareUserStorage(volumeUuid, user.id, user.serialNumber, flags); 22022 synchronized (mInstallLock) { 22023 reconcileAppsDataLI(volumeUuid, user.id, flags, true /* migrateAppData */); 22024 } 22025 } catch (IllegalStateException e) { 22026 // Device was probably ejected, and we'll process that event momentarily 22027 Slog.w(TAG, "Failed to prepare storage: " + e); 22028 } 22029 } 22030 22031 synchronized (mPackages) { 22032 int updateFlags = UPDATE_PERMISSIONS_ALL; 22033 if (ver.sdkVersion != mSdkVersion) { 22034 logCriticalInfo(Log.INFO, "Platform changed from " + ver.sdkVersion + " to " 22035 + mSdkVersion + "; regranting permissions for " + volumeUuid); 22036 updateFlags |= UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL; 22037 } 22038 updatePermissionsLPw(null, null, volumeUuid, updateFlags); 22039 22040 // Yay, everything is now upgraded 22041 ver.forceCurrent(); 22042 22043 mSettings.writeLPr(); 22044 } 22045 22046 for (PackageFreezer freezer : freezers) { 22047 freezer.close(); 22048 } 22049 22050 if (DEBUG_INSTALL) Slog.d(TAG, "Loaded packages " + loaded); 22051 sendResourcesChangedBroadcast(true, false, loaded, null); 22052 } 22053 22054 private void unloadPrivatePackages(final VolumeInfo vol) { 22055 mHandler.post(new Runnable() { 22056 @Override 22057 public void run() { 22058 unloadPrivatePackagesInner(vol); 22059 } 22060 }); 22061 } 22062 22063 private void unloadPrivatePackagesInner(VolumeInfo vol) { 22064 final String volumeUuid = vol.fsUuid; 22065 if (TextUtils.isEmpty(volumeUuid)) { 22066 Slog.e(TAG, "Unloading internal storage is probably a mistake; ignoring"); 22067 return; 22068 } 22069 22070 final ArrayList<ApplicationInfo> unloaded = new ArrayList<>(); 22071 synchronized (mInstallLock) { 22072 synchronized (mPackages) { 22073 final List<PackageSetting> packages = mSettings.getVolumePackagesLPr(volumeUuid); 22074 for (PackageSetting ps : packages) { 22075 if (ps.pkg == null) continue; 22076 22077 final ApplicationInfo info = ps.pkg.applicationInfo; 22078 final int deleteFlags = PackageManager.DELETE_KEEP_DATA; 22079 final PackageRemovedInfo outInfo = new PackageRemovedInfo(this); 22080 22081 try (PackageFreezer freezer = freezePackageForDelete(ps.name, deleteFlags, 22082 "unloadPrivatePackagesInner")) { 22083 if (deletePackageLIF(ps.name, null, false, null, deleteFlags, outInfo, 22084 false, null)) { 22085 unloaded.add(info); 22086 } else { 22087 Slog.w(TAG, "Failed to unload " + ps.codePath); 22088 } 22089 } 22090 22091 // Try very hard to release any references to this package 22092 // so we don't risk the system server being killed due to 22093 // open FDs 22094 AttributeCache.instance().removePackage(ps.name); 22095 } 22096 22097 mSettings.writeLPr(); 22098 } 22099 } 22100 22101 if (DEBUG_INSTALL) Slog.d(TAG, "Unloaded packages " + unloaded); 22102 sendResourcesChangedBroadcast(false, false, unloaded, null); 22103 22104 // Try very hard to release any references to this path so we don't risk 22105 // the system server being killed due to open FDs 22106 ResourcesManager.getInstance().invalidatePath(vol.getPath().getAbsolutePath()); 22107 22108 for (int i = 0; i < 3; i++) { 22109 System.gc(); 22110 System.runFinalization(); 22111 } 22112 } 22113 22114 private void assertPackageKnown(String volumeUuid, String packageName) 22115 throws PackageManagerException { 22116 synchronized (mPackages) { 22117 // Normalize package name to handle renamed packages 22118 packageName = normalizePackageNameLPr(packageName); 22119 22120 final PackageSetting ps = mSettings.mPackages.get(packageName); 22121 if (ps == null) { 22122 throw new PackageManagerException("Package " + packageName + " is unknown"); 22123 } else if (!TextUtils.equals(volumeUuid, ps.volumeUuid)) { 22124 throw new PackageManagerException( 22125 "Package " + packageName + " found on unknown volume " + volumeUuid 22126 + "; expected volume " + ps.volumeUuid); 22127 } 22128 } 22129 } 22130 22131 private void assertPackageKnownAndInstalled(String volumeUuid, String packageName, int userId) 22132 throws PackageManagerException { 22133 synchronized (mPackages) { 22134 // Normalize package name to handle renamed packages 22135 packageName = normalizePackageNameLPr(packageName); 22136 22137 final PackageSetting ps = mSettings.mPackages.get(packageName); 22138 if (ps == null) { 22139 throw new PackageManagerException("Package " + packageName + " is unknown"); 22140 } else if (!TextUtils.equals(volumeUuid, ps.volumeUuid)) { 22141 throw new PackageManagerException( 22142 "Package " + packageName + " found on unknown volume " + volumeUuid 22143 + "; expected volume " + ps.volumeUuid); 22144 } else if (!ps.getInstalled(userId)) { 22145 throw new PackageManagerException( 22146 "Package " + packageName + " not installed for user " + userId); 22147 } 22148 } 22149 } 22150 22151 private List<String> collectAbsoluteCodePaths() { 22152 synchronized (mPackages) { 22153 List<String> codePaths = new ArrayList<>(); 22154 final int packageCount = mSettings.mPackages.size(); 22155 for (int i = 0; i < packageCount; i++) { 22156 final PackageSetting ps = mSettings.mPackages.valueAt(i); 22157 codePaths.add(ps.codePath.getAbsolutePath()); 22158 } 22159 return codePaths; 22160 } 22161 } 22162 22163 /** 22164 * Examine all apps present on given mounted volume, and destroy apps that 22165 * aren't expected, either due to uninstallation or reinstallation on 22166 * another volume. 22167 */ 22168 private void reconcileApps(String volumeUuid) { 22169 List<String> absoluteCodePaths = collectAbsoluteCodePaths(); 22170 List<File> filesToDelete = null; 22171 22172 final File[] files = FileUtils.listFilesOrEmpty( 22173 Environment.getDataAppDirectory(volumeUuid)); 22174 for (File file : files) { 22175 final boolean isPackage = (isApkFile(file) || file.isDirectory()) 22176 && !PackageInstallerService.isStageName(file.getName()); 22177 if (!isPackage) { 22178 // Ignore entries which are not packages 22179 continue; 22180 } 22181 22182 String absolutePath = file.getAbsolutePath(); 22183 22184 boolean pathValid = false; 22185 final int absoluteCodePathCount = absoluteCodePaths.size(); 22186 for (int i = 0; i < absoluteCodePathCount; i++) { 22187 String absoluteCodePath = absoluteCodePaths.get(i); 22188 if (absolutePath.startsWith(absoluteCodePath)) { 22189 pathValid = true; 22190 break; 22191 } 22192 } 22193 22194 if (!pathValid) { 22195 if (filesToDelete == null) { 22196 filesToDelete = new ArrayList<>(); 22197 } 22198 filesToDelete.add(file); 22199 } 22200 } 22201 22202 if (filesToDelete != null) { 22203 final int fileToDeleteCount = filesToDelete.size(); 22204 for (int i = 0; i < fileToDeleteCount; i++) { 22205 File fileToDelete = filesToDelete.get(i); 22206 logCriticalInfo(Log.WARN, "Destroying orphaned" + fileToDelete); 22207 synchronized (mInstallLock) { 22208 removeCodePathLI(fileToDelete); 22209 } 22210 } 22211 } 22212 } 22213 22214 /** 22215 * Reconcile all app data for the given user. 22216 * <p> 22217 * Verifies that directories exist and that ownership and labeling is 22218 * correct for all installed apps on all mounted volumes. 22219 */ 22220 void reconcileAppsData(int userId, int flags, boolean migrateAppsData) { 22221 final StorageManager storage = mContext.getSystemService(StorageManager.class); 22222 for (VolumeInfo vol : storage.getWritablePrivateVolumes()) { 22223 final String volumeUuid = vol.getFsUuid(); 22224 synchronized (mInstallLock) { 22225 reconcileAppsDataLI(volumeUuid, userId, flags, migrateAppsData); 22226 } 22227 } 22228 } 22229 22230 private void reconcileAppsDataLI(String volumeUuid, int userId, int flags, 22231 boolean migrateAppData) { 22232 reconcileAppsDataLI(volumeUuid, userId, flags, migrateAppData, false /* onlyCoreApps */); 22233 } 22234 22235 /** 22236 * Reconcile all app data on given mounted volume. 22237 * <p> 22238 * Destroys app data that isn't expected, either due to uninstallation or 22239 * reinstallation on another volume. 22240 * <p> 22241 * Verifies that directories exist and that ownership and labeling is 22242 * correct for all installed apps. 22243 * @returns list of skipped non-core packages (if {@code onlyCoreApps} is true) 22244 */ 22245 private List<String> reconcileAppsDataLI(String volumeUuid, int userId, int flags, 22246 boolean migrateAppData, boolean onlyCoreApps) { 22247 Slog.v(TAG, "reconcileAppsData for " + volumeUuid + " u" + userId + " 0x" 22248 + Integer.toHexString(flags) + " migrateAppData=" + migrateAppData); 22249 List<String> result = onlyCoreApps ? new ArrayList<>() : null; 22250 22251 final File ceDir = Environment.getDataUserCeDirectory(volumeUuid, userId); 22252 final File deDir = Environment.getDataUserDeDirectory(volumeUuid, userId); 22253 22254 // First look for stale data that doesn't belong, and check if things 22255 // have changed since we did our last restorecon 22256 if ((flags & StorageManager.FLAG_STORAGE_CE) != 0) { 22257 if (StorageManager.isFileEncryptedNativeOrEmulated() 22258 && !StorageManager.isUserKeyUnlocked(userId)) { 22259 throw new RuntimeException( 22260 "Yikes, someone asked us to reconcile CE storage while " + userId 22261 + " was still locked; this would have caused massive data loss!"); 22262 } 22263 22264 final File[] files = FileUtils.listFilesOrEmpty(ceDir); 22265 for (File file : files) { 22266 final String packageName = file.getName(); 22267 try { 22268 assertPackageKnownAndInstalled(volumeUuid, packageName, userId); 22269 } catch (PackageManagerException e) { 22270 logCriticalInfo(Log.WARN, "Destroying " + file + " due to: " + e); 22271 try { 22272 mInstaller.destroyAppData(volumeUuid, packageName, userId, 22273 StorageManager.FLAG_STORAGE_CE, 0); 22274 } catch (InstallerException e2) { 22275 logCriticalInfo(Log.WARN, "Failed to destroy: " + e2); 22276 } 22277 } 22278 } 22279 } 22280 if ((flags & StorageManager.FLAG_STORAGE_DE) != 0) { 22281 final File[] files = FileUtils.listFilesOrEmpty(deDir); 22282 for (File file : files) { 22283 final String packageName = file.getName(); 22284 try { 22285 assertPackageKnownAndInstalled(volumeUuid, packageName, userId); 22286 } catch (PackageManagerException e) { 22287 logCriticalInfo(Log.WARN, "Destroying " + file + " due to: " + e); 22288 try { 22289 mInstaller.destroyAppData(volumeUuid, packageName, userId, 22290 StorageManager.FLAG_STORAGE_DE, 0); 22291 } catch (InstallerException e2) { 22292 logCriticalInfo(Log.WARN, "Failed to destroy: " + e2); 22293 } 22294 } 22295 } 22296 } 22297 22298 // Ensure that data directories are ready to roll for all packages 22299 // installed for this volume and user 22300 final List<PackageSetting> packages; 22301 synchronized (mPackages) { 22302 packages = mSettings.getVolumePackagesLPr(volumeUuid); 22303 } 22304 int preparedCount = 0; 22305 for (PackageSetting ps : packages) { 22306 final String packageName = ps.name; 22307 if (ps.pkg == null) { 22308 Slog.w(TAG, "Odd, missing scanned package " + packageName); 22309 // TODO: might be due to legacy ASEC apps; we should circle back 22310 // and reconcile again once they're scanned 22311 continue; 22312 } 22313 // Skip non-core apps if requested 22314 if (onlyCoreApps && !ps.pkg.coreApp) { 22315 result.add(packageName); 22316 continue; 22317 } 22318 22319 if (ps.getInstalled(userId)) { 22320 prepareAppDataAndMigrateLIF(ps.pkg, userId, flags, migrateAppData); 22321 preparedCount++; 22322 } 22323 } 22324 22325 Slog.v(TAG, "reconcileAppsData finished " + preparedCount + " packages"); 22326 return result; 22327 } 22328 22329 /** 22330 * Prepare app data for the given app just after it was installed or 22331 * upgraded. This method carefully only touches users that it's installed 22332 * for, and it forces a restorecon to handle any seinfo changes. 22333 * <p> 22334 * Verifies that directories exist and that ownership and labeling is 22335 * correct for all installed apps. If there is an ownership mismatch, it 22336 * will try recovering system apps by wiping data; third-party app data is 22337 * left intact. 22338 * <p> 22339 * <em>Note: To avoid a deadlock, do not call this method with {@code mPackages} lock held</em> 22340 */ 22341 private void prepareAppDataAfterInstallLIF(PackageParser.Package pkg) { 22342 final PackageSetting ps; 22343 synchronized (mPackages) { 22344 ps = mSettings.mPackages.get(pkg.packageName); 22345 mSettings.writeKernelMappingLPr(ps); 22346 } 22347 22348 final UserManager um = mContext.getSystemService(UserManager.class); 22349 UserManagerInternal umInternal = getUserManagerInternal(); 22350 for (UserInfo user : um.getUsers()) { 22351 final int flags; 22352 if (umInternal.isUserUnlockingOrUnlocked(user.id)) { 22353 flags = StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE; 22354 } else if (umInternal.isUserRunning(user.id)) { 22355 flags = StorageManager.FLAG_STORAGE_DE; 22356 } else { 22357 continue; 22358 } 22359 22360 if (ps.getInstalled(user.id)) { 22361 // TODO: when user data is locked, mark that we're still dirty 22362 prepareAppDataLIF(pkg, user.id, flags); 22363 } 22364 } 22365 } 22366 22367 /** 22368 * Prepare app data for the given app. 22369 * <p> 22370 * Verifies that directories exist and that ownership and labeling is 22371 * correct for all installed apps. If there is an ownership mismatch, this 22372 * will try recovering system apps by wiping data; third-party app data is 22373 * left intact. 22374 */ 22375 private void prepareAppDataLIF(PackageParser.Package pkg, int userId, int flags) { 22376 if (pkg == null) { 22377 Slog.wtf(TAG, "Package was null!", new Throwable()); 22378 return; 22379 } 22380 prepareAppDataLeafLIF(pkg, userId, flags); 22381 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 22382 for (int i = 0; i < childCount; i++) { 22383 prepareAppDataLeafLIF(pkg.childPackages.get(i), userId, flags); 22384 } 22385 } 22386 22387 private void prepareAppDataAndMigrateLIF(PackageParser.Package pkg, int userId, int flags, 22388 boolean maybeMigrateAppData) { 22389 prepareAppDataLIF(pkg, userId, flags); 22390 22391 if (maybeMigrateAppData && maybeMigrateAppDataLIF(pkg, userId)) { 22392 // We may have just shuffled around app data directories, so 22393 // prepare them one more time 22394 prepareAppDataLIF(pkg, userId, flags); 22395 } 22396 } 22397 22398 private void prepareAppDataLeafLIF(PackageParser.Package pkg, int userId, int flags) { 22399 if (DEBUG_APP_DATA) { 22400 Slog.v(TAG, "prepareAppData for " + pkg.packageName + " u" + userId + " 0x" 22401 + Integer.toHexString(flags)); 22402 } 22403 22404 final String volumeUuid = pkg.volumeUuid; 22405 final String packageName = pkg.packageName; 22406 final ApplicationInfo app = pkg.applicationInfo; 22407 final int appId = UserHandle.getAppId(app.uid); 22408 22409 Preconditions.checkNotNull(app.seInfo); 22410 22411 long ceDataInode = -1; 22412 try { 22413 ceDataInode = mInstaller.createAppData(volumeUuid, packageName, userId, flags, 22414 appId, app.seInfo, app.targetSdkVersion); 22415 } catch (InstallerException e) { 22416 if (app.isSystemApp()) { 22417 logCriticalInfo(Log.ERROR, "Failed to create app data for " + packageName 22418 + ", but trying to recover: " + e); 22419 destroyAppDataLeafLIF(pkg, userId, flags); 22420 try { 22421 ceDataInode = mInstaller.createAppData(volumeUuid, packageName, userId, flags, 22422 appId, app.seInfo, app.targetSdkVersion); 22423 logCriticalInfo(Log.DEBUG, "Recovery succeeded!"); 22424 } catch (InstallerException e2) { 22425 logCriticalInfo(Log.DEBUG, "Recovery failed!"); 22426 } 22427 } else { 22428 Slog.e(TAG, "Failed to create app data for " + packageName + ": " + e); 22429 } 22430 } 22431 22432 if ((flags & StorageManager.FLAG_STORAGE_CE) != 0 && ceDataInode != -1) { 22433 // TODO: mark this structure as dirty so we persist it! 22434 synchronized (mPackages) { 22435 final PackageSetting ps = mSettings.mPackages.get(packageName); 22436 if (ps != null) { 22437 ps.setCeDataInode(ceDataInode, userId); 22438 } 22439 } 22440 } 22441 22442 prepareAppDataContentsLeafLIF(pkg, userId, flags); 22443 } 22444 22445 private void prepareAppDataContentsLIF(PackageParser.Package pkg, int userId, int flags) { 22446 if (pkg == null) { 22447 Slog.wtf(TAG, "Package was null!", new Throwable()); 22448 return; 22449 } 22450 prepareAppDataContentsLeafLIF(pkg, userId, flags); 22451 final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0; 22452 for (int i = 0; i < childCount; i++) { 22453 prepareAppDataContentsLeafLIF(pkg.childPackages.get(i), userId, flags); 22454 } 22455 } 22456 22457 private void prepareAppDataContentsLeafLIF(PackageParser.Package pkg, int userId, int flags) { 22458 final String volumeUuid = pkg.volumeUuid; 22459 final String packageName = pkg.packageName; 22460 final ApplicationInfo app = pkg.applicationInfo; 22461 22462 if ((flags & StorageManager.FLAG_STORAGE_CE) != 0) { 22463 // Create a native library symlink only if we have native libraries 22464 // and if the native libraries are 32 bit libraries. We do not provide 22465 // this symlink for 64 bit libraries. 22466 if (app.primaryCpuAbi != null && !VMRuntime.is64BitAbi(app.primaryCpuAbi)) { 22467 final String nativeLibPath = app.nativeLibraryDir; 22468 try { 22469 mInstaller.linkNativeLibraryDirectory(volumeUuid, packageName, 22470 nativeLibPath, userId); 22471 } catch (InstallerException e) { 22472 Slog.e(TAG, "Failed to link native for " + packageName + ": " + e); 22473 } 22474 } 22475 } 22476 } 22477 22478 /** 22479 * For system apps on non-FBE devices, this method migrates any existing 22480 * CE/DE data to match the {@code defaultToDeviceProtectedStorage} flag 22481 * requested by the app. 22482 */ 22483 private boolean maybeMigrateAppDataLIF(PackageParser.Package pkg, int userId) { 22484 if (pkg.isSystemApp() && !StorageManager.isFileEncryptedNativeOrEmulated() 22485 && PackageManager.APPLY_DEFAULT_TO_DEVICE_PROTECTED_STORAGE) { 22486 final int storageTarget = pkg.applicationInfo.isDefaultToDeviceProtectedStorage() 22487 ? StorageManager.FLAG_STORAGE_DE : StorageManager.FLAG_STORAGE_CE; 22488 try { 22489 mInstaller.migrateAppData(pkg.volumeUuid, pkg.packageName, userId, 22490 storageTarget); 22491 } catch (InstallerException e) { 22492 logCriticalInfo(Log.WARN, 22493 "Failed to migrate " + pkg.packageName + ": " + e.getMessage()); 22494 } 22495 return true; 22496 } else { 22497 return false; 22498 } 22499 } 22500 22501 public PackageFreezer freezePackage(String packageName, String killReason) { 22502 return freezePackage(packageName, UserHandle.USER_ALL, killReason); 22503 } 22504 22505 public PackageFreezer freezePackage(String packageName, int userId, String killReason) { 22506 return new PackageFreezer(packageName, userId, killReason); 22507 } 22508 22509 public PackageFreezer freezePackageForInstall(String packageName, int installFlags, 22510 String killReason) { 22511 return freezePackageForInstall(packageName, UserHandle.USER_ALL, installFlags, killReason); 22512 } 22513 22514 public PackageFreezer freezePackageForInstall(String packageName, int userId, int installFlags, 22515 String killReason) { 22516 if ((installFlags & PackageManager.INSTALL_DONT_KILL_APP) != 0) { 22517 return new PackageFreezer(); 22518 } else { 22519 return freezePackage(packageName, userId, killReason); 22520 } 22521 } 22522 22523 public PackageFreezer freezePackageForDelete(String packageName, int deleteFlags, 22524 String killReason) { 22525 return freezePackageForDelete(packageName, UserHandle.USER_ALL, deleteFlags, killReason); 22526 } 22527 22528 public PackageFreezer freezePackageForDelete(String packageName, int userId, int deleteFlags, 22529 String killReason) { 22530 if ((deleteFlags & PackageManager.DELETE_DONT_KILL_APP) != 0) { 22531 return new PackageFreezer(); 22532 } else { 22533 return freezePackage(packageName, userId, killReason); 22534 } 22535 } 22536 22537 /** 22538 * Class that freezes and kills the given package upon creation, and 22539 * unfreezes it upon closing. This is typically used when doing surgery on 22540 * app code/data to prevent the app from running while you're working. 22541 */ 22542 private class PackageFreezer implements AutoCloseable { 22543 private final String mPackageName; 22544 private final PackageFreezer[] mChildren; 22545 22546 private final boolean mWeFroze; 22547 22548 private final AtomicBoolean mClosed = new AtomicBoolean(); 22549 private final CloseGuard mCloseGuard = CloseGuard.get(); 22550 22551 /** 22552 * Create and return a stub freezer that doesn't actually do anything, 22553 * typically used when someone requested 22554 * {@link PackageManager#INSTALL_DONT_KILL_APP} or 22555 * {@link PackageManager#DELETE_DONT_KILL_APP}. 22556 */ 22557 public PackageFreezer() { 22558 mPackageName = null; 22559 mChildren = null; 22560 mWeFroze = false; 22561 mCloseGuard.open("close"); 22562 } 22563 22564 public PackageFreezer(String packageName, int userId, String killReason) { 22565 synchronized (mPackages) { 22566 mPackageName = packageName; 22567 mWeFroze = mFrozenPackages.add(mPackageName); 22568 22569 final PackageSetting ps = mSettings.mPackages.get(mPackageName); 22570 if (ps != null) { 22571 killApplication(ps.name, ps.appId, userId, killReason); 22572 } 22573 22574 final PackageParser.Package p = mPackages.get(packageName); 22575 if (p != null && p.childPackages != null) { 22576 final int N = p.childPackages.size(); 22577 mChildren = new PackageFreezer[N]; 22578 for (int i = 0; i < N; i++) { 22579 mChildren[i] = new PackageFreezer(p.childPackages.get(i).packageName, 22580 userId, killReason); 22581 } 22582 } else { 22583 mChildren = null; 22584 } 22585 } 22586 mCloseGuard.open("close"); 22587 } 22588 22589 @Override 22590 protected void finalize() throws Throwable { 22591 try { 22592 mCloseGuard.warnIfOpen(); 22593 close(); 22594 } finally { 22595 super.finalize(); 22596 } 22597 } 22598 22599 @Override 22600 public void close() { 22601 mCloseGuard.close(); 22602 if (mClosed.compareAndSet(false, true)) { 22603 synchronized (mPackages) { 22604 if (mWeFroze) { 22605 mFrozenPackages.remove(mPackageName); 22606 } 22607 22608 if (mChildren != null) { 22609 for (PackageFreezer freezer : mChildren) { 22610 freezer.close(); 22611 } 22612 } 22613 } 22614 } 22615 } 22616 } 22617 22618 /** 22619 * Verify that given package is currently frozen. 22620 */ 22621 private void checkPackageFrozen(String packageName) { 22622 synchronized (mPackages) { 22623 if (!mFrozenPackages.contains(packageName)) { 22624 Slog.wtf(TAG, "Expected " + packageName + " to be frozen!", new Throwable()); 22625 } 22626 } 22627 } 22628 22629 @Override 22630 public int movePackage(final String packageName, final String volumeUuid) { 22631 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MOVE_PACKAGE, null); 22632 22633 final UserHandle user = new UserHandle(UserHandle.getCallingUserId()); 22634 final int moveId = mNextMoveId.getAndIncrement(); 22635 mHandler.post(new Runnable() { 22636 @Override 22637 public void run() { 22638 try { 22639 movePackageInternal(packageName, volumeUuid, moveId, user); 22640 } catch (PackageManagerException e) { 22641 Slog.w(TAG, "Failed to move " + packageName, e); 22642 mMoveCallbacks.notifyStatusChanged(moveId, 22643 PackageManager.MOVE_FAILED_INTERNAL_ERROR); 22644 } 22645 } 22646 }); 22647 return moveId; 22648 } 22649 22650 private void movePackageInternal(final String packageName, final String volumeUuid, 22651 final int moveId, UserHandle user) throws PackageManagerException { 22652 final StorageManager storage = mContext.getSystemService(StorageManager.class); 22653 final PackageManager pm = mContext.getPackageManager(); 22654 22655 final boolean currentAsec; 22656 final String currentVolumeUuid; 22657 final File codeFile; 22658 final String installerPackageName; 22659 final String packageAbiOverride; 22660 final int appId; 22661 final String seinfo; 22662 final String label; 22663 final int targetSdkVersion; 22664 final PackageFreezer freezer; 22665 final int[] installedUserIds; 22666 22667 // reader 22668 synchronized (mPackages) { 22669 final PackageParser.Package pkg = mPackages.get(packageName); 22670 final PackageSetting ps = mSettings.mPackages.get(packageName); 22671 if (pkg == null || ps == null) { 22672 throw new PackageManagerException(MOVE_FAILED_DOESNT_EXIST, "Missing package"); 22673 } 22674 22675 if (pkg.applicationInfo.isSystemApp()) { 22676 throw new PackageManagerException(MOVE_FAILED_SYSTEM_PACKAGE, 22677 "Cannot move system application"); 22678 } 22679 22680 final boolean isInternalStorage = VolumeInfo.ID_PRIVATE_INTERNAL.equals(volumeUuid); 22681 final boolean allow3rdPartyOnInternal = mContext.getResources().getBoolean( 22682 com.android.internal.R.bool.config_allow3rdPartyAppOnInternal); 22683 if (isInternalStorage && !allow3rdPartyOnInternal) { 22684 throw new PackageManagerException(MOVE_FAILED_3RD_PARTY_NOT_ALLOWED_ON_INTERNAL, 22685 "3rd party apps are not allowed on internal storage"); 22686 } 22687 22688 if (pkg.applicationInfo.isExternalAsec()) { 22689 currentAsec = true; 22690 currentVolumeUuid = StorageManager.UUID_PRIMARY_PHYSICAL; 22691 } else if (pkg.applicationInfo.isForwardLocked()) { 22692 currentAsec = true; 22693 currentVolumeUuid = "forward_locked"; 22694 } else { 22695 currentAsec = false; 22696 currentVolumeUuid = ps.volumeUuid; 22697 22698 final File probe = new File(pkg.codePath); 22699 final File probeOat = new File(probe, "oat"); 22700 if (!probe.isDirectory() || !probeOat.isDirectory()) { 22701 throw new PackageManagerException(MOVE_FAILED_INTERNAL_ERROR, 22702 "Move only supported for modern cluster style installs"); 22703 } 22704 } 22705 22706 if (Objects.equals(currentVolumeUuid, volumeUuid)) { 22707 throw new PackageManagerException(MOVE_FAILED_INTERNAL_ERROR, 22708 "Package already moved to " + volumeUuid); 22709 } 22710 if (pkg.applicationInfo.isInternal() && isPackageDeviceAdminOnAnyUser(packageName)) { 22711 throw new PackageManagerException(MOVE_FAILED_DEVICE_ADMIN, 22712 "Device admin cannot be moved"); 22713 } 22714 22715 if (mFrozenPackages.contains(packageName)) { 22716 throw new PackageManagerException(MOVE_FAILED_OPERATION_PENDING, 22717 "Failed to move already frozen package"); 22718 } 22719 22720 codeFile = new File(pkg.codePath); 22721 installerPackageName = ps.installerPackageName; 22722 packageAbiOverride = ps.cpuAbiOverrideString; 22723 appId = UserHandle.getAppId(pkg.applicationInfo.uid); 22724 seinfo = pkg.applicationInfo.seInfo; 22725 label = String.valueOf(pm.getApplicationLabel(pkg.applicationInfo)); 22726 targetSdkVersion = pkg.applicationInfo.targetSdkVersion; 22727 freezer = freezePackage(packageName, "movePackageInternal"); 22728 installedUserIds = ps.queryInstalledUsers(sUserManager.getUserIds(), true); 22729 } 22730 22731 final Bundle extras = new Bundle(); 22732 extras.putString(Intent.EXTRA_PACKAGE_NAME, packageName); 22733 extras.putString(Intent.EXTRA_TITLE, label); 22734 mMoveCallbacks.notifyCreated(moveId, extras); 22735 22736 int installFlags; 22737 final boolean moveCompleteApp; 22738 final File measurePath; 22739 22740 if (Objects.equals(StorageManager.UUID_PRIVATE_INTERNAL, volumeUuid)) { 22741 installFlags = INSTALL_INTERNAL; 22742 moveCompleteApp = !currentAsec; 22743 measurePath = Environment.getDataAppDirectory(volumeUuid); 22744 } else if (Objects.equals(StorageManager.UUID_PRIMARY_PHYSICAL, volumeUuid)) { 22745 installFlags = INSTALL_EXTERNAL; 22746 moveCompleteApp = false; 22747 measurePath = storage.getPrimaryPhysicalVolume().getPath(); 22748 } else { 22749 final VolumeInfo volume = storage.findVolumeByUuid(volumeUuid); 22750 if (volume == null || volume.getType() != VolumeInfo.TYPE_PRIVATE 22751 || !volume.isMountedWritable()) { 22752 freezer.close(); 22753 throw new PackageManagerException(MOVE_FAILED_INTERNAL_ERROR, 22754 "Move location not mounted private volume"); 22755 } 22756 22757 Preconditions.checkState(!currentAsec); 22758 22759 installFlags = INSTALL_INTERNAL; 22760 moveCompleteApp = true; 22761 measurePath = Environment.getDataAppDirectory(volumeUuid); 22762 } 22763 22764 final PackageStats stats = new PackageStats(null, -1); 22765 synchronized (mInstaller) { 22766 for (int userId : installedUserIds) { 22767 if (!getPackageSizeInfoLI(packageName, userId, stats)) { 22768 freezer.close(); 22769 throw new PackageManagerException(MOVE_FAILED_INTERNAL_ERROR, 22770 "Failed to measure package size"); 22771 } 22772 } 22773 } 22774 22775 if (DEBUG_INSTALL) Slog.d(TAG, "Measured code size " + stats.codeSize + ", data size " 22776 + stats.dataSize); 22777 22778 final long startFreeBytes = measurePath.getUsableSpace(); 22779 final long sizeBytes; 22780 if (moveCompleteApp) { 22781 sizeBytes = stats.codeSize + stats.dataSize; 22782 } else { 22783 sizeBytes = stats.codeSize; 22784 } 22785 22786 if (sizeBytes > storage.getStorageBytesUntilLow(measurePath)) { 22787 freezer.close(); 22788 throw new PackageManagerException(MOVE_FAILED_INTERNAL_ERROR, 22789 "Not enough free space to move"); 22790 } 22791 22792 mMoveCallbacks.notifyStatusChanged(moveId, 10); 22793 22794 final CountDownLatch installedLatch = new CountDownLatch(1); 22795 final IPackageInstallObserver2 installObserver = new IPackageInstallObserver2.Stub() { 22796 @Override 22797 public void onUserActionRequired(Intent intent) throws RemoteException { 22798 throw new IllegalStateException(); 22799 } 22800 22801 @Override 22802 public void onPackageInstalled(String basePackageName, int returnCode, String msg, 22803 Bundle extras) throws RemoteException { 22804 if (DEBUG_INSTALL) Slog.d(TAG, "Install result for move: " 22805 + PackageManager.installStatusToString(returnCode, msg)); 22806 22807 installedLatch.countDown(); 22808 freezer.close(); 22809 22810 final int status = PackageManager.installStatusToPublicStatus(returnCode); 22811 switch (status) { 22812 case PackageInstaller.STATUS_SUCCESS: 22813 mMoveCallbacks.notifyStatusChanged(moveId, 22814 PackageManager.MOVE_SUCCEEDED); 22815 break; 22816 case PackageInstaller.STATUS_FAILURE_STORAGE: 22817 mMoveCallbacks.notifyStatusChanged(moveId, 22818 PackageManager.MOVE_FAILED_INSUFFICIENT_STORAGE); 22819 break; 22820 default: 22821 mMoveCallbacks.notifyStatusChanged(moveId, 22822 PackageManager.MOVE_FAILED_INTERNAL_ERROR); 22823 break; 22824 } 22825 } 22826 }; 22827 22828 final MoveInfo move; 22829 if (moveCompleteApp) { 22830 // Kick off a thread to report progress estimates 22831 new Thread() { 22832 @Override 22833 public void run() { 22834 while (true) { 22835 try { 22836 if (installedLatch.await(1, TimeUnit.SECONDS)) { 22837 break; 22838 } 22839 } catch (InterruptedException ignored) { 22840 } 22841 22842 final long deltaFreeBytes = startFreeBytes - measurePath.getUsableSpace(); 22843 final int progress = 10 + (int) MathUtils.constrain( 22844 ((deltaFreeBytes * 80) / sizeBytes), 0, 80); 22845 mMoveCallbacks.notifyStatusChanged(moveId, progress); 22846 } 22847 } 22848 }.start(); 22849 22850 final String dataAppName = codeFile.getName(); 22851 move = new MoveInfo(moveId, currentVolumeUuid, volumeUuid, packageName, 22852 dataAppName, appId, seinfo, targetSdkVersion); 22853 } else { 22854 move = null; 22855 } 22856 22857 installFlags |= PackageManager.INSTALL_REPLACE_EXISTING; 22858 22859 final Message msg = mHandler.obtainMessage(INIT_COPY); 22860 final OriginInfo origin = OriginInfo.fromExistingFile(codeFile); 22861 final InstallParams params = new InstallParams(origin, move, installObserver, installFlags, 22862 installerPackageName, volumeUuid, null /*verificationInfo*/, user, 22863 packageAbiOverride, null /*grantedPermissions*/, null /*certificates*/, 22864 PackageManager.INSTALL_REASON_UNKNOWN); 22865 params.setTraceMethod("movePackage").setTraceCookie(System.identityHashCode(params)); 22866 msg.obj = params; 22867 22868 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "movePackage", 22869 System.identityHashCode(msg.obj)); 22870 Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "queueInstall", 22871 System.identityHashCode(msg.obj)); 22872 22873 mHandler.sendMessage(msg); 22874 } 22875 22876 @Override 22877 public int movePrimaryStorage(String volumeUuid) throws RemoteException { 22878 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MOVE_PACKAGE, null); 22879 22880 final int realMoveId = mNextMoveId.getAndIncrement(); 22881 final Bundle extras = new Bundle(); 22882 extras.putString(VolumeRecord.EXTRA_FS_UUID, volumeUuid); 22883 mMoveCallbacks.notifyCreated(realMoveId, extras); 22884 22885 final IPackageMoveObserver callback = new IPackageMoveObserver.Stub() { 22886 @Override 22887 public void onCreated(int moveId, Bundle extras) { 22888 // Ignored 22889 } 22890 22891 @Override 22892 public void onStatusChanged(int moveId, int status, long estMillis) { 22893 mMoveCallbacks.notifyStatusChanged(realMoveId, status, estMillis); 22894 } 22895 }; 22896 22897 final StorageManager storage = mContext.getSystemService(StorageManager.class); 22898 storage.setPrimaryStorageUuid(volumeUuid, callback); 22899 return realMoveId; 22900 } 22901 22902 @Override 22903 public int getMoveStatus(int moveId) { 22904 mContext.enforceCallingOrSelfPermission( 22905 android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null); 22906 return mMoveCallbacks.mLastStatus.get(moveId); 22907 } 22908 22909 @Override 22910 public void registerMoveCallback(IPackageMoveObserver callback) { 22911 mContext.enforceCallingOrSelfPermission( 22912 android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null); 22913 mMoveCallbacks.register(callback); 22914 } 22915 22916 @Override 22917 public void unregisterMoveCallback(IPackageMoveObserver callback) { 22918 mContext.enforceCallingOrSelfPermission( 22919 android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null); 22920 mMoveCallbacks.unregister(callback); 22921 } 22922 22923 @Override 22924 public boolean setInstallLocation(int loc) { 22925 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS, 22926 null); 22927 if (getInstallLocation() == loc) { 22928 return true; 22929 } 22930 if (loc == PackageHelper.APP_INSTALL_AUTO || loc == PackageHelper.APP_INSTALL_INTERNAL 22931 || loc == PackageHelper.APP_INSTALL_EXTERNAL) { 22932 android.provider.Settings.Global.putInt(mContext.getContentResolver(), 22933 android.provider.Settings.Global.DEFAULT_INSTALL_LOCATION, loc); 22934 return true; 22935 } 22936 return false; 22937 } 22938 22939 @Override 22940 public int getInstallLocation() { 22941 return android.provider.Settings.Global.getInt(mContext.getContentResolver(), 22942 android.provider.Settings.Global.DEFAULT_INSTALL_LOCATION, 22943 PackageHelper.APP_INSTALL_AUTO); 22944 } 22945 22946 /** Called by UserManagerService */ 22947 void cleanUpUser(UserManagerService userManager, int userHandle) { 22948 synchronized (mPackages) { 22949 mDirtyUsers.remove(userHandle); 22950 mUserNeedsBadging.delete(userHandle); 22951 mSettings.removeUserLPw(userHandle); 22952 mPendingBroadcasts.remove(userHandle); 22953 mInstantAppRegistry.onUserRemovedLPw(userHandle); 22954 removeUnusedPackagesLPw(userManager, userHandle); 22955 } 22956 } 22957 22958 /** 22959 * We're removing userHandle and would like to remove any downloaded packages 22960 * that are no longer in use by any other user. 22961 * @param userHandle the user being removed 22962 */ 22963 private void removeUnusedPackagesLPw(UserManagerService userManager, final int userHandle) { 22964 final boolean DEBUG_CLEAN_APKS = false; 22965 int [] users = userManager.getUserIds(); 22966 Iterator<PackageSetting> psit = mSettings.mPackages.values().iterator(); 22967 while (psit.hasNext()) { 22968 PackageSetting ps = psit.next(); 22969 if (ps.pkg == null) { 22970 continue; 22971 } 22972 final String packageName = ps.pkg.packageName; 22973 // Skip over if system app 22974 if ((ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0) { 22975 continue; 22976 } 22977 if (DEBUG_CLEAN_APKS) { 22978 Slog.i(TAG, "Checking package " + packageName); 22979 } 22980 boolean keep = shouldKeepUninstalledPackageLPr(packageName); 22981 if (keep) { 22982 if (DEBUG_CLEAN_APKS) { 22983 Slog.i(TAG, " Keeping package " + packageName + " - requested by DO"); 22984 } 22985 } else { 22986 for (int i = 0; i < users.length; i++) { 22987 if (users[i] != userHandle && ps.getInstalled(users[i])) { 22988 keep = true; 22989 if (DEBUG_CLEAN_APKS) { 22990 Slog.i(TAG, " Keeping package " + packageName + " for user " 22991 + users[i]); 22992 } 22993 break; 22994 } 22995 } 22996 } 22997 if (!keep) { 22998 if (DEBUG_CLEAN_APKS) { 22999 Slog.i(TAG, " Removing package " + packageName); 23000 } 23001 mHandler.post(new Runnable() { 23002 public void run() { 23003 deletePackageX(packageName, PackageManager.VERSION_CODE_HIGHEST, 23004 userHandle, 0); 23005 } //end run 23006 }); 23007 } 23008 } 23009 } 23010 23011 /** Called by UserManagerService */ 23012 void createNewUser(int userId, String[] disallowedPackages) { 23013 synchronized (mInstallLock) { 23014 mSettings.createNewUserLI(this, mInstaller, userId, disallowedPackages); 23015 } 23016 synchronized (mPackages) { 23017 scheduleWritePackageRestrictionsLocked(userId); 23018 scheduleWritePackageListLocked(userId); 23019 applyFactoryDefaultBrowserLPw(userId); 23020 primeDomainVerificationsLPw(userId); 23021 } 23022 } 23023 23024 void onNewUserCreated(final int userId) { 23025 mDefaultPermissionPolicy.grantDefaultPermissions(userId); 23026 // If permission review for legacy apps is required, we represent 23027 // dagerous permissions for such apps as always granted runtime 23028 // permissions to keep per user flag state whether review is needed. 23029 // Hence, if a new user is added we have to propagate dangerous 23030 // permission grants for these legacy apps. 23031 if (mPermissionReviewRequired) { 23032 updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL 23033 | UPDATE_PERMISSIONS_REPLACE_ALL); 23034 } 23035 } 23036 23037 @Override 23038 public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException { 23039 mContext.enforceCallingOrSelfPermission( 23040 android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, 23041 "Only package verification agents can read the verifier device identity"); 23042 23043 synchronized (mPackages) { 23044 return mSettings.getVerifierDeviceIdentityLPw(); 23045 } 23046 } 23047 23048 @Override 23049 public void setPermissionEnforced(String permission, boolean enforced) { 23050 // TODO: Now that we no longer change GID for storage, this should to away. 23051 mContext.enforceCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS, 23052 "setPermissionEnforced"); 23053 if (READ_EXTERNAL_STORAGE.equals(permission)) { 23054 synchronized (mPackages) { 23055 if (mSettings.mReadExternalStorageEnforced == null 23056 || mSettings.mReadExternalStorageEnforced != enforced) { 23057 mSettings.mReadExternalStorageEnforced = enforced; 23058 mSettings.writeLPr(); 23059 } 23060 } 23061 // kill any non-foreground processes so we restart them and 23062 // grant/revoke the GID. 23063 final IActivityManager am = ActivityManager.getService(); 23064 if (am != null) { 23065 final long token = Binder.clearCallingIdentity(); 23066 try { 23067 am.killProcessesBelowForeground("setPermissionEnforcement"); 23068 } catch (RemoteException e) { 23069 } finally { 23070 Binder.restoreCallingIdentity(token); 23071 } 23072 } 23073 } else { 23074 throw new IllegalArgumentException("No selective enforcement for " + permission); 23075 } 23076 } 23077 23078 @Override 23079 @Deprecated 23080 public boolean isPermissionEnforced(String permission) { 23081 return true; 23082 } 23083 23084 @Override 23085 public boolean isStorageLow() { 23086 final long token = Binder.clearCallingIdentity(); 23087 try { 23088 final DeviceStorageMonitorInternal 23089 dsm = LocalServices.getService(DeviceStorageMonitorInternal.class); 23090 if (dsm != null) { 23091 return dsm.isMemoryLow(); 23092 } else { 23093 return false; 23094 } 23095 } finally { 23096 Binder.restoreCallingIdentity(token); 23097 } 23098 } 23099 23100 @Override 23101 public IPackageInstaller getPackageInstaller() { 23102 return mInstallerService; 23103 } 23104 23105 private boolean userNeedsBadging(int userId) { 23106 int index = mUserNeedsBadging.indexOfKey(userId); 23107 if (index < 0) { 23108 final UserInfo userInfo; 23109 final long token = Binder.clearCallingIdentity(); 23110 try { 23111 userInfo = sUserManager.getUserInfo(userId); 23112 } finally { 23113 Binder.restoreCallingIdentity(token); 23114 } 23115 final boolean b; 23116 if (userInfo != null && userInfo.isManagedProfile()) { 23117 b = true; 23118 } else { 23119 b = false; 23120 } 23121 mUserNeedsBadging.put(userId, b); 23122 return b; 23123 } 23124 return mUserNeedsBadging.valueAt(index); 23125 } 23126 23127 @Override 23128 public KeySet getKeySetByAlias(String packageName, String alias) { 23129 if (packageName == null || alias == null) { 23130 return null; 23131 } 23132 synchronized(mPackages) { 23133 final PackageParser.Package pkg = mPackages.get(packageName); 23134 if (pkg == null) { 23135 Slog.w(TAG, "KeySet requested for unknown package: " + packageName); 23136 throw new IllegalArgumentException("Unknown package: " + packageName); 23137 } 23138 KeySetManagerService ksms = mSettings.mKeySetManagerService; 23139 return new KeySet(ksms.getKeySetByAliasAndPackageNameLPr(packageName, alias)); 23140 } 23141 } 23142 23143 @Override 23144 public KeySet getSigningKeySet(String packageName) { 23145 if (packageName == null) { 23146 return null; 23147 } 23148 synchronized(mPackages) { 23149 final PackageParser.Package pkg = mPackages.get(packageName); 23150 if (pkg == null) { 23151 Slog.w(TAG, "KeySet requested for unknown package: " + packageName); 23152 throw new IllegalArgumentException("Unknown package: " + packageName); 23153 } 23154 if (pkg.applicationInfo.uid != Binder.getCallingUid() 23155 && Process.SYSTEM_UID != Binder.getCallingUid()) { 23156 throw new SecurityException("May not access signing KeySet of other apps."); 23157 } 23158 KeySetManagerService ksms = mSettings.mKeySetManagerService; 23159 return new KeySet(ksms.getSigningKeySetByPackageNameLPr(packageName)); 23160 } 23161 } 23162 23163 @Override 23164 public boolean isPackageSignedByKeySet(String packageName, KeySet ks) { 23165 if (packageName == null || ks == null) { 23166 return false; 23167 } 23168 synchronized(mPackages) { 23169 final PackageParser.Package pkg = mPackages.get(packageName); 23170 if (pkg == null) { 23171 Slog.w(TAG, "KeySet requested for unknown package: " + packageName); 23172 throw new IllegalArgumentException("Unknown package: " + packageName); 23173 } 23174 IBinder ksh = ks.getToken(); 23175 if (ksh instanceof KeySetHandle) { 23176 KeySetManagerService ksms = mSettings.mKeySetManagerService; 23177 return ksms.packageIsSignedByLPr(packageName, (KeySetHandle) ksh); 23178 } 23179 return false; 23180 } 23181 } 23182 23183 @Override 23184 public boolean isPackageSignedByKeySetExactly(String packageName, KeySet ks) { 23185 if (packageName == null || ks == null) { 23186 return false; 23187 } 23188 synchronized(mPackages) { 23189 final PackageParser.Package pkg = mPackages.get(packageName); 23190 if (pkg == null) { 23191 Slog.w(TAG, "KeySet requested for unknown package: " + packageName); 23192 throw new IllegalArgumentException("Unknown package: " + packageName); 23193 } 23194 IBinder ksh = ks.getToken(); 23195 if (ksh instanceof KeySetHandle) { 23196 KeySetManagerService ksms = mSettings.mKeySetManagerService; 23197 return ksms.packageIsSignedByExactlyLPr(packageName, (KeySetHandle) ksh); 23198 } 23199 return false; 23200 } 23201 } 23202 23203 private void deletePackageIfUnusedLPr(final String packageName) { 23204 PackageSetting ps = mSettings.mPackages.get(packageName); 23205 if (ps == null) { 23206 return; 23207 } 23208 if (!ps.isAnyInstalled(sUserManager.getUserIds())) { 23209 // TODO Implement atomic delete if package is unused 23210 // It is currently possible that the package will be deleted even if it is installed 23211 // after this method returns. 23212 mHandler.post(new Runnable() { 23213 public void run() { 23214 deletePackageX(packageName, PackageManager.VERSION_CODE_HIGHEST, 23215 0, PackageManager.DELETE_ALL_USERS); 23216 } 23217 }); 23218 } 23219 } 23220 23221 /** 23222 * Check and throw if the given before/after packages would be considered a 23223 * downgrade. 23224 */ 23225 private static void checkDowngrade(PackageParser.Package before, PackageInfoLite after) 23226 throws PackageManagerException { 23227 if (after.versionCode < before.mVersionCode) { 23228 throw new PackageManagerException(INSTALL_FAILED_VERSION_DOWNGRADE, 23229 "Update version code " + after.versionCode + " is older than current " 23230 + before.mVersionCode); 23231 } else if (after.versionCode == before.mVersionCode) { 23232 if (after.baseRevisionCode < before.baseRevisionCode) { 23233 throw new PackageManagerException(INSTALL_FAILED_VERSION_DOWNGRADE, 23234 "Update base revision code " + after.baseRevisionCode 23235 + " is older than current " + before.baseRevisionCode); 23236 } 23237 23238 if (!ArrayUtils.isEmpty(after.splitNames)) { 23239 for (int i = 0; i < after.splitNames.length; i++) { 23240 final String splitName = after.splitNames[i]; 23241 final int j = ArrayUtils.indexOf(before.splitNames, splitName); 23242 if (j != -1) { 23243 if (after.splitRevisionCodes[i] < before.splitRevisionCodes[j]) { 23244 throw new PackageManagerException(INSTALL_FAILED_VERSION_DOWNGRADE, 23245 "Update split " + splitName + " revision code " 23246 + after.splitRevisionCodes[i] + " is older than current " 23247 + before.splitRevisionCodes[j]); 23248 } 23249 } 23250 } 23251 } 23252 } 23253 } 23254 23255 private static class MoveCallbacks extends Handler { 23256 private static final int MSG_CREATED = 1; 23257 private static final int MSG_STATUS_CHANGED = 2; 23258 23259 private final RemoteCallbackList<IPackageMoveObserver> 23260 mCallbacks = new RemoteCallbackList<>(); 23261 23262 private final SparseIntArray mLastStatus = new SparseIntArray(); 23263 23264 public MoveCallbacks(Looper looper) { 23265 super(looper); 23266 } 23267 23268 public void register(IPackageMoveObserver callback) { 23269 mCallbacks.register(callback); 23270 } 23271 23272 public void unregister(IPackageMoveObserver callback) { 23273 mCallbacks.unregister(callback); 23274 } 23275 23276 @Override 23277 public void handleMessage(Message msg) { 23278 final SomeArgs args = (SomeArgs) msg.obj; 23279 final int n = mCallbacks.beginBroadcast(); 23280 for (int i = 0; i < n; i++) { 23281 final IPackageMoveObserver callback = mCallbacks.getBroadcastItem(i); 23282 try { 23283 invokeCallback(callback, msg.what, args); 23284 } catch (RemoteException ignored) { 23285 } 23286 } 23287 mCallbacks.finishBroadcast(); 23288 args.recycle(); 23289 } 23290 23291 private void invokeCallback(IPackageMoveObserver callback, int what, SomeArgs args) 23292 throws RemoteException { 23293 switch (what) { 23294 case MSG_CREATED: { 23295 callback.onCreated(args.argi1, (Bundle) args.arg2); 23296 break; 23297 } 23298 case MSG_STATUS_CHANGED: { 23299 callback.onStatusChanged(args.argi1, args.argi2, (long) args.arg3); 23300 break; 23301 } 23302 } 23303 } 23304 23305 private void notifyCreated(int moveId, Bundle extras) { 23306 Slog.v(TAG, "Move " + moveId + " created " + extras.toString()); 23307 23308 final SomeArgs args = SomeArgs.obtain(); 23309 args.argi1 = moveId; 23310 args.arg2 = extras; 23311 obtainMessage(MSG_CREATED, args).sendToTarget(); 23312 } 23313 23314 private void notifyStatusChanged(int moveId, int status) { 23315 notifyStatusChanged(moveId, status, -1); 23316 } 23317 23318 private void notifyStatusChanged(int moveId, int status, long estMillis) { 23319 Slog.v(TAG, "Move " + moveId + " status " + status); 23320 23321 final SomeArgs args = SomeArgs.obtain(); 23322 args.argi1 = moveId; 23323 args.argi2 = status; 23324 args.arg3 = estMillis; 23325 obtainMessage(MSG_STATUS_CHANGED, args).sendToTarget(); 23326 23327 synchronized (mLastStatus) { 23328 mLastStatus.put(moveId, status); 23329 } 23330 } 23331 } 23332 23333 private final static class OnPermissionChangeListeners extends Handler { 23334 private static final int MSG_ON_PERMISSIONS_CHANGED = 1; 23335 23336 private final RemoteCallbackList<IOnPermissionsChangeListener> mPermissionListeners = 23337 new RemoteCallbackList<>(); 23338 23339 public OnPermissionChangeListeners(Looper looper) { 23340 super(looper); 23341 } 23342 23343 @Override 23344 public void handleMessage(Message msg) { 23345 switch (msg.what) { 23346 case MSG_ON_PERMISSIONS_CHANGED: { 23347 final int uid = msg.arg1; 23348 handleOnPermissionsChanged(uid); 23349 } break; 23350 } 23351 } 23352 23353 public void addListenerLocked(IOnPermissionsChangeListener listener) { 23354 mPermissionListeners.register(listener); 23355 23356 } 23357 23358 public void removeListenerLocked(IOnPermissionsChangeListener listener) { 23359 mPermissionListeners.unregister(listener); 23360 } 23361 23362 public void onPermissionsChanged(int uid) { 23363 if (mPermissionListeners.getRegisteredCallbackCount() > 0) { 23364 obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0).sendToTarget(); 23365 } 23366 } 23367 23368 private void handleOnPermissionsChanged(int uid) { 23369 final int count = mPermissionListeners.beginBroadcast(); 23370 try { 23371 for (int i = 0; i < count; i++) { 23372 IOnPermissionsChangeListener callback = mPermissionListeners 23373 .getBroadcastItem(i); 23374 try { 23375 callback.onPermissionsChanged(uid); 23376 } catch (RemoteException e) { 23377 Log.e(TAG, "Permission listener is dead", e); 23378 } 23379 } 23380 } finally { 23381 mPermissionListeners.finishBroadcast(); 23382 } 23383 } 23384 } 23385 23386 private class PackageManagerInternalImpl extends PackageManagerInternal { 23387 @Override 23388 public void setLocationPackagesProvider(PackagesProvider provider) { 23389 synchronized (mPackages) { 23390 mDefaultPermissionPolicy.setLocationPackagesProviderLPw(provider); 23391 } 23392 } 23393 23394 @Override 23395 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 23396 synchronized (mPackages) { 23397 mDefaultPermissionPolicy.setVoiceInteractionPackagesProviderLPw(provider); 23398 } 23399 } 23400 23401 @Override 23402 public void setSmsAppPackagesProvider(PackagesProvider provider) { 23403 synchronized (mPackages) { 23404 mDefaultPermissionPolicy.setSmsAppPackagesProviderLPw(provider); 23405 } 23406 } 23407 23408 @Override 23409 public void setDialerAppPackagesProvider(PackagesProvider provider) { 23410 synchronized (mPackages) { 23411 mDefaultPermissionPolicy.setDialerAppPackagesProviderLPw(provider); 23412 } 23413 } 23414 23415 @Override 23416 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 23417 synchronized (mPackages) { 23418 mDefaultPermissionPolicy.setSimCallManagerPackagesProviderLPw(provider); 23419 } 23420 } 23421 23422 @Override 23423 public void setSyncAdapterPackagesprovider(SyncAdapterPackagesProvider provider) { 23424 synchronized (mPackages) { 23425 mDefaultPermissionPolicy.setSyncAdapterPackagesProviderLPw(provider); 23426 } 23427 } 23428 23429 @Override 23430 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 23431 synchronized (mPackages) { 23432 mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSmsAppLPr( 23433 packageName, userId); 23434 } 23435 } 23436 23437 @Override 23438 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 23439 synchronized (mPackages) { 23440 mSettings.setDefaultDialerPackageNameLPw(packageName, userId); 23441 mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultDialerAppLPr( 23442 packageName, userId); 23443 } 23444 } 23445 23446 @Override 23447 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 23448 synchronized (mPackages) { 23449 mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSimCallManagerLPr( 23450 packageName, userId); 23451 } 23452 } 23453 23454 @Override 23455 public void setKeepUninstalledPackages(final List<String> packageList) { 23456 Preconditions.checkNotNull(packageList); 23457 List<String> removedFromList = null; 23458 synchronized (mPackages) { 23459 if (mKeepUninstalledPackages != null) { 23460 final int packagesCount = mKeepUninstalledPackages.size(); 23461 for (int i = 0; i < packagesCount; i++) { 23462 String oldPackage = mKeepUninstalledPackages.get(i); 23463 if (packageList != null && packageList.contains(oldPackage)) { 23464 continue; 23465 } 23466 if (removedFromList == null) { 23467 removedFromList = new ArrayList<>(); 23468 } 23469 removedFromList.add(oldPackage); 23470 } 23471 } 23472 mKeepUninstalledPackages = new ArrayList<>(packageList); 23473 if (removedFromList != null) { 23474 final int removedCount = removedFromList.size(); 23475 for (int i = 0; i < removedCount; i++) { 23476 deletePackageIfUnusedLPr(removedFromList.get(i)); 23477 } 23478 } 23479 } 23480 } 23481 23482 @Override 23483 public boolean isPermissionsReviewRequired(String packageName, int userId) { 23484 synchronized (mPackages) { 23485 // If we do not support permission review, done. 23486 if (!mPermissionReviewRequired) { 23487 return false; 23488 } 23489 23490 PackageSetting packageSetting = mSettings.mPackages.get(packageName); 23491 if (packageSetting == null) { 23492 return false; 23493 } 23494 23495 // Permission review applies only to apps not supporting the new permission model. 23496 if (packageSetting.pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M) { 23497 return false; 23498 } 23499 23500 // Legacy apps have the permission and get user consent on launch. 23501 PermissionsState permissionsState = packageSetting.getPermissionsState(); 23502 return permissionsState.isPermissionReviewRequired(userId); 23503 } 23504 } 23505 23506 @Override 23507 public ApplicationInfo getApplicationInfo(String packageName, int userId) { 23508 return PackageManagerService.this.getApplicationInfo(packageName, 0 /*flags*/, userId); 23509 } 23510 23511 @Override 23512 public ComponentName getHomeActivitiesAsUser(List<ResolveInfo> allHomeCandidates, 23513 int userId) { 23514 return PackageManagerService.this.getHomeActivitiesAsUser(allHomeCandidates, userId); 23515 } 23516 23517 @Override 23518 public void setDeviceAndProfileOwnerPackages( 23519 int deviceOwnerUserId, String deviceOwnerPackage, 23520 SparseArray<String> profileOwnerPackages) { 23521 mProtectedPackages.setDeviceAndProfileOwnerPackages( 23522 deviceOwnerUserId, deviceOwnerPackage, profileOwnerPackages); 23523 } 23524 23525 @Override 23526 public boolean isPackageDataProtected(int userId, String packageName) { 23527 return mProtectedPackages.isPackageDataProtected(userId, packageName); 23528 } 23529 23530 @Override 23531 public boolean isPackageEphemeral(int userId, String packageName) { 23532 synchronized (mPackages) { 23533 final PackageSetting ps = mSettings.mPackages.get(packageName); 23534 return ps != null ? ps.getInstantApp(userId) : false; 23535 } 23536 } 23537 23538 @Override 23539 public boolean wasPackageEverLaunched(String packageName, int userId) { 23540 synchronized (mPackages) { 23541 return mSettings.wasPackageEverLaunchedLPr(packageName, userId); 23542 } 23543 } 23544 23545 @Override 23546 public void grantRuntimePermission(String packageName, String name, int userId, 23547 boolean overridePolicy) { 23548 PackageManagerService.this.grantRuntimePermission(packageName, name, userId, 23549 overridePolicy); 23550 } 23551 23552 @Override 23553 public void revokeRuntimePermission(String packageName, String name, int userId, 23554 boolean overridePolicy) { 23555 PackageManagerService.this.revokeRuntimePermission(packageName, name, userId, 23556 overridePolicy); 23557 } 23558 23559 @Override 23560 public String getNameForUid(int uid) { 23561 return PackageManagerService.this.getNameForUid(uid); 23562 } 23563 23564 @Override 23565 public void requestInstantAppResolutionPhaseTwo(AuxiliaryResolveInfo responseObj, 23566 Intent origIntent, String resolvedType, String callingPackage, 23567 Bundle verificationBundle, int userId) { 23568 PackageManagerService.this.requestInstantAppResolutionPhaseTwo( 23569 responseObj, origIntent, resolvedType, callingPackage, verificationBundle, 23570 userId); 23571 } 23572 23573 @Override 23574 public void grantEphemeralAccess(int userId, Intent intent, 23575 int targetAppId, int ephemeralAppId) { 23576 synchronized (mPackages) { 23577 mInstantAppRegistry.grantInstantAccessLPw(userId, intent, 23578 targetAppId, ephemeralAppId); 23579 } 23580 } 23581 23582 @Override 23583 public boolean isInstantAppInstallerComponent(ComponentName component) { 23584 synchronized (mPackages) { 23585 return mInstantAppInstallerActivity != null 23586 && mInstantAppInstallerActivity.getComponentName().equals(component); 23587 } 23588 } 23589 23590 @Override 23591 public void pruneInstantApps() { 23592 synchronized (mPackages) { 23593 mInstantAppRegistry.pruneInstantAppsLPw(); 23594 } 23595 } 23596 23597 @Override 23598 public String getSetupWizardPackageName() { 23599 return mSetupWizardPackage; 23600 } 23601 23602 public void setExternalSourcesPolicy(ExternalSourcesPolicy policy) { 23603 if (policy != null) { 23604 mExternalSourcesPolicy = policy; 23605 } 23606 } 23607 23608 @Override 23609 public boolean isPackagePersistent(String packageName) { 23610 synchronized (mPackages) { 23611 PackageParser.Package pkg = mPackages.get(packageName); 23612 return pkg != null 23613 ? ((pkg.applicationInfo.flags&(ApplicationInfo.FLAG_SYSTEM 23614 | ApplicationInfo.FLAG_PERSISTENT)) == 23615 (ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_PERSISTENT)) 23616 : false; 23617 } 23618 } 23619 23620 @Override 23621 public List<PackageInfo> getOverlayPackages(int userId) { 23622 final ArrayList<PackageInfo> overlayPackages = new ArrayList<PackageInfo>(); 23623 synchronized (mPackages) { 23624 for (PackageParser.Package p : mPackages.values()) { 23625 if (p.mOverlayTarget != null) { 23626 PackageInfo pkg = generatePackageInfo((PackageSetting)p.mExtras, 0, userId); 23627 if (pkg != null) { 23628 overlayPackages.add(pkg); 23629 } 23630 } 23631 } 23632 } 23633 return overlayPackages; 23634 } 23635 23636 @Override 23637 public List<String> getTargetPackageNames(int userId) { 23638 List<String> targetPackages = new ArrayList<>(); 23639 synchronized (mPackages) { 23640 for (PackageParser.Package p : mPackages.values()) { 23641 if (p.mOverlayTarget == null) { 23642 targetPackages.add(p.packageName); 23643 } 23644 } 23645 } 23646 return targetPackages; 23647 } 23648 23649 @Override 23650 public boolean setEnabledOverlayPackages(int userId, @NonNull String targetPackageName, 23651 @Nullable List<String> overlayPackageNames) { 23652 synchronized (mPackages) { 23653 if (targetPackageName == null || mPackages.get(targetPackageName) == null) { 23654 Slog.e(TAG, "failed to find package " + targetPackageName); 23655 return false; 23656 } 23657 23658 ArrayList<String> paths = null; 23659 if (overlayPackageNames != null) { 23660 final int N = overlayPackageNames.size(); 23661 paths = new ArrayList<>(N); 23662 for (int i = 0; i < N; i++) { 23663 final String packageName = overlayPackageNames.get(i); 23664 final PackageParser.Package pkg = mPackages.get(packageName); 23665 if (pkg == null) { 23666 Slog.e(TAG, "failed to find package " + packageName); 23667 return false; 23668 } 23669 paths.add(pkg.baseCodePath); 23670 } 23671 } 23672 23673 ArrayMap<String, ArrayList<String>> userSpecificOverlays = 23674 mEnabledOverlayPaths.get(userId); 23675 if (userSpecificOverlays == null) { 23676 userSpecificOverlays = new ArrayMap<>(); 23677 mEnabledOverlayPaths.put(userId, userSpecificOverlays); 23678 } 23679 23680 if (paths != null && paths.size() > 0) { 23681 userSpecificOverlays.put(targetPackageName, paths); 23682 } else { 23683 userSpecificOverlays.remove(targetPackageName); 23684 } 23685 return true; 23686 } 23687 } 23688 23689 @Override 23690 public ResolveInfo resolveIntent(Intent intent, String resolvedType, 23691 int flags, int userId) { 23692 return resolveIntentInternal( 23693 intent, resolvedType, flags, userId, true /*resolveForStart*/); 23694 } 23695 23696 @Override 23697 public ResolveInfo resolveService(Intent intent, String resolvedType, 23698 int flags, int userId, int callingUid) { 23699 return resolveServiceInternal(intent, resolvedType, flags, userId, callingUid); 23700 } 23701 23702 @Override 23703 public void addIsolatedUid(int isolatedUid, int ownerUid) { 23704 synchronized (mPackages) { 23705 mIsolatedOwners.put(isolatedUid, ownerUid); 23706 } 23707 } 23708 23709 @Override 23710 public void removeIsolatedUid(int isolatedUid) { 23711 synchronized (mPackages) { 23712 mIsolatedOwners.delete(isolatedUid); 23713 } 23714 } 23715 23716 @Override 23717 public int getUidTargetSdkVersion(int uid) { 23718 synchronized (mPackages) { 23719 return getUidTargetSdkVersionLockedLPr(uid); 23720 } 23721 } 23722 } 23723 23724 @Override 23725 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 23726 enforceSystemOrPhoneCaller("grantPermissionsToEnabledCarrierApps"); 23727 synchronized (mPackages) { 23728 final long identity = Binder.clearCallingIdentity(); 23729 try { 23730 mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledCarrierAppsLPr( 23731 packageNames, userId); 23732 } finally { 23733 Binder.restoreCallingIdentity(identity); 23734 } 23735 } 23736 } 23737 23738 @Override 23739 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 23740 enforceSystemOrPhoneCaller("grantDefaultPermissionsToEnabledImsServices"); 23741 synchronized (mPackages) { 23742 final long identity = Binder.clearCallingIdentity(); 23743 try { 23744 mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledImsServicesLPr( 23745 packageNames, userId); 23746 } finally { 23747 Binder.restoreCallingIdentity(identity); 23748 } 23749 } 23750 } 23751 23752 private static void enforceSystemOrPhoneCaller(String tag) { 23753 int callingUid = Binder.getCallingUid(); 23754 if (callingUid != Process.PHONE_UID && callingUid != Process.SYSTEM_UID) { 23755 throw new SecurityException( 23756 "Cannot call " + tag + " from UID " + callingUid); 23757 } 23758 } 23759 23760 boolean isHistoricalPackageUsageAvailable() { 23761 return mPackageUsage.isHistoricalPackageUsageAvailable(); 23762 } 23763 23764 /** 23765 * Return a <b>copy</b> of the collection of packages known to the package manager. 23766 * @return A copy of the values of mPackages. 23767 */ 23768 Collection<PackageParser.Package> getPackages() { 23769 synchronized (mPackages) { 23770 return new ArrayList<>(mPackages.values()); 23771 } 23772 } 23773 23774 /** 23775 * Logs process start information (including base APK hash) to the security log. 23776 * @hide 23777 */ 23778 public void logAppProcessStartIfNeeded(String processName, int uid, String seinfo, 23779 String apkFile, int pid) { 23780 if (!SecurityLog.isLoggingEnabled()) { 23781 return; 23782 } 23783 Bundle data = new Bundle(); 23784 data.putLong("startTimestamp", System.currentTimeMillis()); 23785 data.putString("processName", processName); 23786 data.putInt("uid", uid); 23787 data.putString("seinfo", seinfo); 23788 data.putString("apkFile", apkFile); 23789 data.putInt("pid", pid); 23790 Message msg = mProcessLoggingHandler.obtainMessage( 23791 ProcessLoggingHandler.LOG_APP_PROCESS_START_MSG); 23792 msg.setData(data); 23793 mProcessLoggingHandler.sendMessage(msg); 23794 } 23795 23796 public CompilerStats.PackageStats getCompilerPackageStats(String pkgName) { 23797 return mCompilerStats.getPackageStats(pkgName); 23798 } 23799 23800 public CompilerStats.PackageStats getOrCreateCompilerPackageStats(PackageParser.Package pkg) { 23801 return getOrCreateCompilerPackageStats(pkg.packageName); 23802 } 23803 23804 public CompilerStats.PackageStats getOrCreateCompilerPackageStats(String pkgName) { 23805 return mCompilerStats.getOrCreatePackageStats(pkgName); 23806 } 23807 23808 public void deleteCompilerPackageStats(String pkgName) { 23809 mCompilerStats.deletePackageStats(pkgName); 23810 } 23811 23812 @Override 23813 public int getInstallReason(String packageName, int userId) { 23814 enforceCrossUserPermission(Binder.getCallingUid(), userId, 23815 true /* requireFullPermission */, false /* checkShell */, 23816 "get install reason"); 23817 synchronized (mPackages) { 23818 final PackageSetting ps = mSettings.mPackages.get(packageName); 23819 if (ps != null) { 23820 return ps.getInstallReason(userId); 23821 } 23822 } 23823 return PackageManager.INSTALL_REASON_UNKNOWN; 23824 } 23825 23826 @Override 23827 public boolean canRequestPackageInstalls(String packageName, int userId) { 23828 int callingUid = Binder.getCallingUid(); 23829 int uid = getPackageUid(packageName, 0, userId); 23830 if (callingUid != uid && callingUid != Process.ROOT_UID 23831 && callingUid != Process.SYSTEM_UID) { 23832 throw new SecurityException( 23833 "Caller uid " + callingUid + " does not own package " + packageName); 23834 } 23835 ApplicationInfo info = getApplicationInfo(packageName, 0, userId); 23836 if (info == null) { 23837 return false; 23838 } 23839 if (info.targetSdkVersion < Build.VERSION_CODES.O) { 23840 throw new UnsupportedOperationException( 23841 "Operation only supported on apps targeting Android O or higher"); 23842 } 23843 String appOpPermission = Manifest.permission.REQUEST_INSTALL_PACKAGES; 23844 String[] packagesDeclaringPermission = getAppOpPermissionPackages(appOpPermission); 23845 if (!ArrayUtils.contains(packagesDeclaringPermission, packageName)) { 23846 throw new SecurityException("Need to declare " + appOpPermission + " to call this api"); 23847 } 23848 if (sUserManager.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, userId)) { 23849 return false; 23850 } 23851 if (mExternalSourcesPolicy != null) { 23852 int isTrusted = mExternalSourcesPolicy.getPackageTrustedToInstallApps(packageName, uid); 23853 if (isTrusted != PackageManagerInternal.ExternalSourcesPolicy.USER_DEFAULT) { 23854 return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; 23855 } 23856 } 23857 return checkUidPermission(appOpPermission, uid) == PERMISSION_GRANTED; 23858 } 23859 23860 @Override 23861 public ComponentName getInstantAppResolverSettingsComponent() { 23862 return mInstantAppResolverSettingsComponent; 23863 } 23864 23865 @Override 23866 public ComponentName getInstantAppInstallerComponent() { 23867 return mInstantAppInstallerActivity == null 23868 ? null : mInstantAppInstallerActivity.getComponentName(); 23869 } 23870 23871 @Override 23872 public String getInstantAppAndroidId(String packageName, int userId) { 23873 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.ACCESS_INSTANT_APPS, 23874 "getInstantAppAndroidId"); 23875 enforceCrossUserPermission(Binder.getCallingUid(), userId, 23876 true /* requireFullPermission */, false /* checkShell */, 23877 "getInstantAppAndroidId"); 23878 // Make sure the target is an Instant App. 23879 if (!isInstantApp(packageName, userId)) { 23880 return null; 23881 } 23882 synchronized (mPackages) { 23883 return mInstantAppRegistry.getInstantAppAndroidIdLPw(packageName, userId); 23884 } 23885 } 23886} 23887 23888interface PackageSender { 23889 void sendPackageBroadcast(final String action, final String pkg, 23890 final Bundle extras, final int flags, final String targetPkg, 23891 final IIntentReceiver finishedReceiver, final int[] userIds); 23892 void sendPackageAddedForNewUsers(String packageName, boolean isSystem, 23893 int appId, int... userIds); 23894} 23895