HELLO·Android
系统源代码
IT资讯
技术文章
我的收藏
注册
登录
-
我收藏的文章
创建代码块
我的代码块
我的账号
Marshmallow
|
6.0.1_r16
下载
查看原文件
收藏
根目录
frameworks
base
services
core
java
com
android
server
pm
PackageManagerService.java
/* * Copyright (C) 2006 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.pm; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; import static android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; import static android.content.pm.PackageManager.FLAG_PERMISSION_POLICY_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.INSTALL_EXTERNAL; import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; import static android.content.pm.PackageManager.INSTALL_FAILED_CONFLICTING_PROVIDER; import static android.content.pm.PackageManager.INSTALL_FAILED_DEXOPT; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PERMISSION; import static android.content.pm.PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; import static android.content.pm.PackageManager.INSTALL_FAILED_INTERNAL_ERROR; import static android.content.pm.PackageManager.INSTALL_FAILED_INVALID_APK; import static android.content.pm.PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; import static android.content.pm.PackageManager.INSTALL_FAILED_MISSING_SHARED_LIBRARY; import static android.content.pm.PackageManager.INSTALL_FAILED_PACKAGE_CHANGED; import static android.content.pm.PackageManager.INSTALL_FAILED_REPLACE_COULDNT_DELETE; import static android.content.pm.PackageManager.INSTALL_FAILED_SHARED_USER_INCOMPATIBLE; import static android.content.pm.PackageManager.INSTALL_FAILED_TEST_ONLY; import static android.content.pm.PackageManager.INSTALL_FAILED_UID_CHANGED; import static android.content.pm.PackageManager.INSTALL_FAILED_UPDATE_INCOMPATIBLE; import static android.content.pm.PackageManager.INSTALL_FAILED_USER_RESTRICTED; import static android.content.pm.PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE; import static android.content.pm.PackageManager.INSTALL_FORWARD_LOCK; import static android.content.pm.PackageManager.INSTALL_INTERNAL; import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES; import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS; import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK; import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER; import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED; import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK; import static android.content.pm.PackageManager.MATCH_ALL; import static android.content.pm.PackageManager.MOVE_FAILED_DOESNT_EXIST; import static android.content.pm.PackageManager.MOVE_FAILED_INTERNAL_ERROR; import static android.content.pm.PackageManager.MOVE_FAILED_OPERATION_PENDING; import static android.content.pm.PackageManager.MOVE_FAILED_SYSTEM_PACKAGE; import static android.content.pm.PackageManager.PERMISSION_DENIED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.content.pm.PackageParser.isApkFile; import static android.os.Process.PACKAGE_INFO_GID; import static android.os.Process.SYSTEM_UID; import static android.system.OsConstants.O_CREAT; import static android.system.OsConstants.O_RDWR; import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE; import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_USER_OWNER; import static com.android.internal.content.NativeLibraryHelper.LIB64_DIR_NAME; import static com.android.internal.content.NativeLibraryHelper.LIB_DIR_NAME; import static com.android.internal.util.ArrayUtils.appendInt; import static com.android.server.pm.InstructionSets.getAppDexInstructionSets; import static com.android.server.pm.InstructionSets.getDexCodeInstructionSet; import static com.android.server.pm.InstructionSets.getDexCodeInstructionSets; import static com.android.server.pm.InstructionSets.getPreferredInstructionSet; import static com.android.server.pm.InstructionSets.getPrimaryInstructionSet; import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_FAILURE; import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS; import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED; import android.Manifest; import android.app.ActivityManager; import android.app.ActivityManagerNative; import android.app.AppGlobals; import android.app.IActivityManager; import android.app.admin.IDevicePolicyManager; import android.app.backup.IBackupManager; import android.app.usage.UsageStats; import android.app.usage.UsageStatsManager; import android.content.BroadcastReceiver; import android.content.ComponentName; import android.content.Context; import android.content.IIntentReceiver; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentSender; import android.content.IntentSender.SendIntentException; import android.content.ServiceConnection; import android.content.pm.ActivityInfo; import android.content.pm.ApplicationInfo; import android.content.pm.FeatureInfo; import android.content.pm.IOnPermissionsChangeListener; import android.content.pm.IPackageDataObserver; import android.content.pm.IPackageDeleteObserver; import android.content.pm.IPackageDeleteObserver2; import android.content.pm.IPackageInstallObserver2; import android.content.pm.IPackageInstaller; import android.content.pm.IPackageManager; import android.content.pm.IPackageMoveObserver; import android.content.pm.IPackageStatsObserver; import android.content.pm.InstrumentationInfo; import android.content.pm.IntentFilterVerificationInfo; import android.content.pm.KeySet; import android.content.pm.ManifestDigest; import android.content.pm.PackageCleanItem; import android.content.pm.PackageInfo; import android.content.pm.PackageInfoLite; import android.content.pm.PackageInstaller; import android.content.pm.PackageManager; import android.content.pm.PackageManager.LegacyPackageDeleteObserver; import android.content.pm.PackageManagerInternal; import android.content.pm.PackageParser; import android.content.pm.PackageParser.ActivityIntentInfo; import android.content.pm.PackageParser.PackageLite; import android.content.pm.PackageParser.PackageParserException; import android.content.pm.PackageStats; import android.content.pm.PackageUserState; import android.content.pm.ParceledListSlice; import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; import android.content.pm.ServiceInfo; import android.content.pm.Signature; import android.content.pm.UserInfo; import android.content.pm.VerificationParams; import android.content.pm.VerifierDeviceIdentity; import android.content.pm.VerifierInfo; import android.content.res.Resources; import android.hardware.display.DisplayManager; import android.net.Uri; import android.os.Debug; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.Environment; import android.os.Environment.UserEnvironment; import android.os.FileUtils; import android.os.Handler; import android.os.IBinder; import android.os.Looper; import android.os.Message; import android.os.Parcel; import android.os.ParcelFileDescriptor; import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.SystemProperties; import android.os.UserHandle; import android.os.UserManager; import android.os.storage.IMountService; import android.os.storage.MountServiceInternal; import android.os.storage.StorageEventListener; import android.os.storage.StorageManager; import android.os.storage.VolumeInfo; import android.os.storage.VolumeRecord; import android.security.KeyStore; import android.security.SystemKeyStore; import android.system.ErrnoException; import android.system.Os; import android.system.StructStat; import android.text.TextUtils; import android.text.format.DateUtils; import android.util.ArrayMap; import android.util.ArraySet; import android.util.AtomicFile; import android.util.DisplayMetrics; import android.util.EventLog; import android.util.ExceptionUtils; import android.util.Log; import android.util.LogPrinter; import android.util.MathUtils; import android.util.PrintStreamPrinter; import android.util.Slog; import android.util.SparseArray; import android.util.SparseBooleanArray; import android.util.SparseIntArray; import android.util.Xml; import android.view.Display; import dalvik.system.DexFile; import dalvik.system.VMRuntime; import libcore.io.IoUtils; import libcore.util.EmptyArray; import com.android.internal.R; import com.android.internal.annotations.GuardedBy; import com.android.internal.app.IMediaContainerService; import com.android.internal.app.ResolverActivity; import com.android.internal.content.NativeLibraryHelper; import com.android.internal.content.PackageHelper; import com.android.internal.os.IParcelFileDescriptorFactory; import com.android.internal.os.SomeArgs; import com.android.internal.os.Zygote; import com.android.internal.util.ArrayUtils; import com.android.internal.util.FastPrintWriter; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.Preconditions; import com.android.server.EventLogTags; import com.android.server.FgThread; import com.android.server.IntentResolver; import com.android.server.LocalServices; import com.android.server.ServiceThread; import com.android.server.SystemConfig; import com.android.server.Watchdog; import com.android.server.pm.PermissionsState.PermissionState; import com.android.server.pm.Settings.DatabaseVersion; import com.android.server.pm.Settings.VersionInfo; import com.android.server.storage.DeviceStorageMonitorInternal; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlSerializer; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileDescriptor; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.FilenameFilter; import java.io.IOException; import java.io.InputStream; import java.io.PrintWriter; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.Comparator; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; /** * Keep track of all those .apks everywhere. * * This is very central to the platform's security; please run the unit * tests whenever making modifications here: * mmm frameworks/base/tests/AndroidTests adb install -r -f out/target/product/passion/data/app/AndroidTests.apk adb shell am instrument -w -e class com.android.unit_tests.PackageManagerTests com.android.unit_tests/android.test.InstrumentationTestRunner * * {@hide} */ public class PackageManagerService extends IPackageManager.Stub { static final String TAG = "PackageManager"; static final boolean DEBUG_SETTINGS = false; static final boolean DEBUG_PREFERRED = false; static final boolean DEBUG_UPGRADE = false; static final boolean DEBUG_DOMAIN_VERIFICATION = false; private static final boolean DEBUG_BACKUP = false; private static final boolean DEBUG_INSTALL = false; private static final boolean DEBUG_REMOVE = false; private static final boolean DEBUG_BROADCASTS = false; private static final boolean DEBUG_SHOW_INFO = false; private static final boolean DEBUG_PACKAGE_INFO = false; private static final boolean DEBUG_INTENT_MATCHING = false; private static final boolean DEBUG_PACKAGE_SCANNING = false; private static final boolean DEBUG_VERIFY = false; private static final boolean DEBUG_DEXOPT = false; private static final boolean DEBUG_ABI_SELECTION = false; static final boolean CLEAR_RUNTIME_PERMISSIONS_ON_UPGRADE = false; private static final int RADIO_UID = Process.PHONE_UID; private static final int LOG_UID = Process.LOG_UID; private static final int NFC_UID = Process.NFC_UID; private static final int BLUETOOTH_UID = Process.BLUETOOTH_UID; private static final int SHELL_UID = Process.SHELL_UID; // Cap the size of permission trees that 3rd party apps can define private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768; // characters of text // Suffix used during package installation when copying/moving // package apks to install directory. private static final String INSTALL_PACKAGE_SUFFIX = "-"; static final int SCAN_NO_DEX = 1<<1; static final int SCAN_FORCE_DEX = 1<<2; static final int SCAN_UPDATE_SIGNATURE = 1<<3; static final int SCAN_NEW_INSTALL = 1<<4; static final int SCAN_NO_PATHS = 1<<5; static final int SCAN_UPDATE_TIME = 1<<6; static final int SCAN_DEFER_DEX = 1<<7; static final int SCAN_BOOTING = 1<<8; static final int SCAN_TRUSTED_OVERLAY = 1<<9; static final int SCAN_DELETE_DATA_ON_FAILURES = 1<<10; static final int SCAN_REPLACING = 1<<11; static final int SCAN_REQUIRE_KNOWN = 1<<12; static final int SCAN_MOVE = 1<<13; static final int SCAN_INITIAL = 1<<14; static final int REMOVE_CHATTY = 1<<16; private static final int[] EMPTY_INT_ARRAY = new int[0]; /** * Timeout (in milliseconds) after which the watchdog should declare that * our handler thread is wedged. The usual default for such things is one * minute but we sometimes do very lengthy I/O operations on this thread, * such as installing multi-gigabyte applications, so ours needs to be longer. */ private static final long WATCHDOG_TIMEOUT = 1000*60*10; // ten minutes /** * Wall-clock timeout (in milliseconds) after which we *require* that an fstrim * be run on this device. We use the value in the Settings.Global.MANDATORY_FSTRIM_INTERVAL * settings entry if available, otherwise we use the hardcoded default. If it's been * more than this long since the last fstrim, we force one during the boot sequence. * * This backstops other fstrim scheduling: if the device is alive at midnight+idle, * one gets run at the next available charging+idle time. This final mandatory * no-fstrim check kicks in only of the other scheduling criteria is never met. */ private static final long DEFAULT_MANDATORY_FSTRIM_INTERVAL = 3 * DateUtils.DAY_IN_MILLIS; /** * Whether verification is enabled by default. */ private static final boolean DEFAULT_VERIFY_ENABLE = true; /** * The default maximum time to wait for the verification agent to return in * milliseconds. */ private static final long DEFAULT_VERIFICATION_TIMEOUT = 10 * 1000; /** * The default response for package verification timeout. * * This can be either PackageManager.VERIFICATION_ALLOW or * PackageManager.VERIFICATION_REJECT. */ private static final int DEFAULT_VERIFICATION_RESPONSE = PackageManager.VERIFICATION_ALLOW; static final String DEFAULT_CONTAINER_PACKAGE = "com.android.defcontainer"; static final ComponentName DEFAULT_CONTAINER_COMPONENT = new ComponentName( DEFAULT_CONTAINER_PACKAGE, "com.android.defcontainer.DefaultContainerService"); private static final String KILL_APP_REASON_GIDS_CHANGED = "permission grant or revoke changed gids"; private static final String KILL_APP_REASON_PERMISSIONS_REVOKED = "permissions revoked"; private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private static final String VENDOR_OVERLAY_DIR = "/vendor/overlay"; /** Permission grant: not grant the permission. */ private static final int GRANT_DENIED = 1; /** Permission grant: grant the permission as an install permission. */ private static final int GRANT_INSTALL = 2; /** Permission grant: grant the permission as an install permission for a legacy app. */ private static final int GRANT_INSTALL_LEGACY = 3; /** Permission grant: grant the permission as a runtime one. */ private static final int GRANT_RUNTIME = 4; /** Permission grant: grant as runtime a permission that was granted as an install time one. */ private static final int GRANT_UPGRADE = 5; /** Canonical intent used to identify what counts as a "web browser" app */ private static final Intent sBrowserIntent; static { sBrowserIntent = new Intent(); sBrowserIntent.setAction(Intent.ACTION_VIEW); sBrowserIntent.addCategory(Intent.CATEGORY_BROWSABLE); sBrowserIntent.setData(Uri.parse("http:")); } final ServiceThread mHandlerThread; final PackageHandler mHandler; /** * Messages for {@link #mHandler} that need to wait for system ready before * being dispatched. */ private ArrayList
mPostSystemReadyMessages; final int mSdkVersion = Build.VERSION.SDK_INT; final Context mContext; final boolean mFactoryTest; final boolean mOnlyCore; final boolean mLazyDexOpt; final long mDexOptLRUThresholdInMills; final DisplayMetrics mMetrics; final int mDefParseFlags; final String[] mSeparateProcesses; final boolean mIsUpgrade; // This is where all application persistent data goes. final File mAppDataDir; // This is where all application persistent data goes for secondary users. final File mUserAppDataDir; /** The location for ASEC container files on internal storage. */ final String mAsecInternalPath; // Used for privilege escalation. MUST NOT BE CALLED WITH mPackages // LOCK HELD. Can be called with mInstallLock held. @GuardedBy("mInstallLock") final Installer mInstaller; /** Directory where installed third-party apps stored */ final File mAppInstallDir; /** * Directory to which applications installed internally have their * 32 bit native libraries copied. */ private File mAppLib32InstallDir; // Directory containing the private parts (e.g. code and non-resource assets) of forward-locked // apps. final File mDrmAppPrivateInstallDir; // ---------------------------------------------------------------- // Lock for state used when installing and doing other long running // operations. Methods that must be called with this lock held have // the suffix "LI". final Object mInstallLock = new Object(); // ---------------------------------------------------------------- // Keys are String (package name), values are Package. This also serves // as the lock for the global state. Methods that must be called with // this lock held have the prefix "LP". @GuardedBy("mPackages") final ArrayMap
mPackages = new ArrayMap
(); // Tracks available target package names -> overlay package paths. final ArrayMap
> mOverlays = new ArrayMap
>(); /** * Tracks new system packages [received in an OTA] that we expect to * find updated user-installed versions. Keys are package name, values * are package location. */ final private ArrayMap
mExpectingBetter = new ArrayMap<>(); /** * Tracks existing system packages prior to receiving an OTA. Keys are package name. */ final private ArraySet
mExistingSystemPackages = new ArraySet<>(); /** * Whether or not system app permissions should be promoted from install to runtime. */ boolean mPromoteSystemApps; final Settings mSettings; boolean mRestoredSettings; // System configuration read by SystemConfig. final int[] mGlobalGids; final SparseArray
> mSystemPermissions; final ArrayMap
mAvailableFeatures; // If mac_permissions.xml was found for seinfo labeling. boolean mFoundPolicyFile; // If a recursive restorecon of /data/data/
is needed. private boolean mShouldRestoreconData = SELinuxMMAC.shouldRestorecon(); public static final class SharedLibraryEntry { public final String path; public final String apk; SharedLibraryEntry(String _path, String _apk) { path = _path; apk = _apk; } } // Currently known shared libraries. final ArrayMap
mSharedLibraries = new ArrayMap
(); // All available activities, for your resolving pleasure. final ActivityIntentResolver mActivities = new ActivityIntentResolver(); // All available receivers, for your resolving pleasure. final ActivityIntentResolver mReceivers = new ActivityIntentResolver(); // All available services, for your resolving pleasure. final ServiceIntentResolver mServices = new ServiceIntentResolver(); // All available providers, for your resolving pleasure. final ProviderIntentResolver mProviders = new ProviderIntentResolver(); // Mapping from provider base names (first directory in content URI codePath) // to the provider information. final ArrayMap
mProvidersByAuthority = new ArrayMap
(); // Mapping from instrumentation class names to info about them. final ArrayMap
mInstrumentation = new ArrayMap
(); // Mapping from permission names to info about them. final ArrayMap
mPermissionGroups = new ArrayMap
(); // Packages whose data we have transfered into another package, thus // should no longer exist. final ArraySet
mTransferedPackages = new ArraySet
(); // Broadcast actions that are only available to the system. final ArraySet
mProtectedBroadcasts = new ArraySet
(); /** List of packages waiting for verification. */ final SparseArray
mPendingVerification = new SparseArray
(); /** Set of packages associated with each app op permission. */ final ArrayMap
> mAppOpPermissionPackages = new ArrayMap<>(); final PackageInstallerService mInstallerService; private final PackageDexOptimizer mPackageDexOptimizer; private AtomicInteger mNextMoveId = new AtomicInteger(); private final MoveCallbacks mMoveCallbacks; private final OnPermissionChangeListeners mOnPermissionChangeListeners; // Cache of users who need badging. SparseBooleanArray mUserNeedsBadging = new SparseBooleanArray(); /** Token for keys in mPendingVerification. */ private int mPendingVerificationToken = 0; volatile boolean mSystemReady; volatile boolean mSafeMode; volatile boolean mHasSystemUidErrors; ApplicationInfo mAndroidApplication; final ActivityInfo mResolveActivity = new ActivityInfo(); final ResolveInfo mResolveInfo = new ResolveInfo(); ComponentName mResolveComponentName; PackageParser.Package mPlatformPackage; ComponentName mCustomResolverComponentName; boolean mResolverReplaced = false; private final ComponentName mIntentFilterVerifierComponent; private int mIntentFilterVerificationToken = 0; final SparseArray
mIntentFilterVerificationStates = new SparseArray
(); final DefaultPermissionGrantPolicy mDefaultPermissionPolicy = new DefaultPermissionGrantPolicy(this); private static class IFVerificationParams { PackageParser.Package pkg; boolean replacing; int userId; int verifierUid; public IFVerificationParams(PackageParser.Package _pkg, boolean _replacing, int _userId, int _verifierUid) { pkg = _pkg; replacing = _replacing; userId = _userId; replacing = _replacing; verifierUid = _verifierUid; } } private interface IntentFilterVerifier
{ boolean addOneIntentFilterVerification(int verifierId, int userId, int verificationId, T filter, String packageName); void startVerifications(int userId); void receiveVerificationResponse(int verificationId); } private class IntentVerifierProxy implements IntentFilterVerifier
{ private Context mContext; private ComponentName mIntentFilterVerifierComponent; private ArrayList
mCurrentIntentFilterVerifications = new ArrayList
(); public IntentVerifierProxy(Context context, ComponentName verifierComponent) { mContext = context; mIntentFilterVerifierComponent = verifierComponent; } private String getDefaultScheme() { return IntentFilter.SCHEME_HTTPS; } @Override public void startVerifications(int userId) { // Launch verifications requests int count = mCurrentIntentFilterVerifications.size(); for (int n=0; n
filters = ivs.getFilters(); final int filterCount = filters.size(); ArraySet
domainsSet = new ArraySet<>(); for (int m=0; m
domainsList = new ArrayList<>(domainsSet); synchronized (mPackages) { if (mSettings.createIntentFilterVerificationIfNeededLPw( packageName, domainsList) != null) { scheduleWriteSettingsLocked(); } } sendVerificationRequest(userId, verificationId, ivs); } mCurrentIntentFilterVerifications.clear(); } private void sendVerificationRequest(int userId, int verificationId, IntentFilterVerificationState ivs) { Intent verificationIntent = new Intent(Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION); verificationIntent.putExtra( PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_ID, verificationId); verificationIntent.putExtra( PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_URI_SCHEME, getDefaultScheme()); verificationIntent.putExtra( PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_HOSTS, ivs.getHostsString()); verificationIntent.putExtra( PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_PACKAGE_NAME, ivs.getPackageName()); verificationIntent.setComponent(mIntentFilterVerifierComponent); verificationIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); UserHandle user = new UserHandle(userId); mContext.sendBroadcastAsUser(verificationIntent, user); if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Sending IntentFilter verification broadcast"); } public void receiveVerificationResponse(int verificationId) { IntentFilterVerificationState ivs = mIntentFilterVerificationStates.get(verificationId); final boolean verified = ivs.isVerified(); ArrayList
filters = ivs.getFilters(); final int count = filters.size(); if (DEBUG_DOMAIN_VERIFICATION) { Slog.i(TAG, "Received verification response " + verificationId + " for " + count + " filters, verified=" + verified); } for (int n=0; n
components within that package> final SparseArray
>> mUidMap; public PendingPackageBroadcasts() { mUidMap = new SparseArray
>>(2); } public ArrayList
get(int userId, String packageName) { ArrayMap
> packages = getOrAllocate(userId); return packages.get(packageName); } public void put(int userId, String packageName, ArrayList
components) { ArrayMap
> packages = getOrAllocate(userId); packages.put(packageName, components); } public void remove(int userId, String packageName) { ArrayMap
> packages = mUidMap.get(userId); if (packages != null) { packages.remove(packageName); } } public void remove(int userId) { mUidMap.remove(userId); } public int userIdCount() { return mUidMap.size(); } public int userIdAt(int n) { return mUidMap.keyAt(n); } public ArrayMap
> packagesForUserId(int userId) { return mUidMap.get(userId); } public int size() { // total number of pending broadcast entries across all userIds int num = 0; for (int i = 0; i< mUidMap.size(); i++) { num += mUidMap.valueAt(i).size(); } return num; } public void clear() { mUidMap.clear(); } private ArrayMap
> getOrAllocate(int userId) { ArrayMap
> map = mUidMap.get(userId); if (map == null) { map = new ArrayMap
>(); mUidMap.put(userId, map); } return map; } } final PendingPackageBroadcasts mPendingBroadcasts = new PendingPackageBroadcasts(); // Service Connection to remote media container service to copy // package uri's from external media onto secure containers // or internal storage. private IMediaContainerService mContainerService = null; static final int SEND_PENDING_BROADCAST = 1; static final int MCS_BOUND = 3; static final int END_COPY = 4; static final int INIT_COPY = 5; static final int MCS_UNBIND = 6; static final int START_CLEANING_PACKAGE = 7; static final int FIND_INSTALL_LOC = 8; static final int POST_INSTALL = 9; static final int MCS_RECONNECT = 10; static final int MCS_GIVE_UP = 11; static final int UPDATED_MEDIA_STATUS = 12; static final int WRITE_SETTINGS = 13; static final int WRITE_PACKAGE_RESTRICTIONS = 14; static final int PACKAGE_VERIFIED = 15; static final int CHECK_PENDING_VERIFICATION = 16; static final int START_INTENT_FILTER_VERIFICATIONS = 17; static final int INTENT_FILTER_VERIFIED = 18; static final int WRITE_SETTINGS_DELAY = 10*1000; // 10 seconds // Delay time in millisecs static final int BROADCAST_DELAY = 10 * 1000; static UserManagerService sUserManager; // Stores a list of users whose package restrictions file needs to be updated private ArraySet
mDirtyUsers = new ArraySet
(); final private DefaultContainerConnection mDefContainerConn = new DefaultContainerConnection(); class DefaultContainerConnection implements ServiceConnection { public void onServiceConnected(ComponentName name, IBinder service) { if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceConnected"); IMediaContainerService imcs = IMediaContainerService.Stub.asInterface(service); mHandler.sendMessage(mHandler.obtainMessage(MCS_BOUND, imcs)); } public void onServiceDisconnected(ComponentName name) { if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceDisconnected"); } } // Recordkeeping of restore-after-install operations that are currently in flight // between the Package Manager and the Backup Manager class PostInstallData { public InstallArgs args; public PackageInstalledInfo res; PostInstallData(InstallArgs _a, PackageInstalledInfo _r) { args = _a; res = _r; } } final SparseArray
mRunningInstalls = new SparseArray
(); int mNextInstallToken = 1; // nonzero; will be wrapped back to 1 when ++ overflows // XML tags for backup/restore of various bits of state private static final String TAG_PREFERRED_BACKUP = "pa"; private static final String TAG_DEFAULT_APPS = "da"; private static final String TAG_INTENT_FILTER_VERIFICATION = "iv"; final String mRequiredVerifierPackage; final String mRequiredInstallerPackage; private final PackageUsage mPackageUsage = new PackageUsage(); private class PackageUsage { private static final int WRITE_INTERVAL = (DEBUG_DEXOPT) ? 0 : 30*60*1000; // 30m in ms private final Object mFileLock = new Object(); private final AtomicLong mLastWritten = new AtomicLong(0); private final AtomicBoolean mBackgroundWriteRunning = new AtomicBoolean(false); private boolean mIsHistoricalPackageUsageAvailable = true; boolean isHistoricalPackageUsageAvailable() { return mIsHistoricalPackageUsageAvailable; } void write(boolean force) { if (force) { writeInternal(); return; } if (SystemClock.elapsedRealtime() - mLastWritten.get() < WRITE_INTERVAL && !DEBUG_DEXOPT) { return; } if (mBackgroundWriteRunning.compareAndSet(false, true)) { new Thread("PackageUsage_DiskWriter") { @Override public void run() { try { writeInternal(); } finally { mBackgroundWriteRunning.set(false); } } }.start(); } } private void writeInternal() { synchronized (mPackages) { synchronized (mFileLock) { AtomicFile file = getFile(); FileOutputStream f = null; try { f = file.startWrite(); BufferedOutputStream out = new BufferedOutputStream(f); FileUtils.setPermissions(file.getBaseFile().getPath(), 0640, SYSTEM_UID, PACKAGE_INFO_GID); StringBuilder sb = new StringBuilder(); for (PackageParser.Package pkg : mPackages.values()) { if (pkg.mLastPackageUsageTimeInMills == 0) { continue; } sb.setLength(0); sb.append(pkg.packageName); sb.append(' '); sb.append((long)pkg.mLastPackageUsageTimeInMills); sb.append('\n'); out.write(sb.toString().getBytes(StandardCharsets.US_ASCII)); } out.flush(); file.finishWrite(f); } catch (IOException e) { if (f != null) { file.failWrite(f); } Log.e(TAG, "Failed to write package usage times", e); } } } mLastWritten.set(SystemClock.elapsedRealtime()); } void readLP() { synchronized (mFileLock) { AtomicFile file = getFile(); BufferedInputStream in = null; try { in = new BufferedInputStream(file.openRead()); StringBuffer sb = new StringBuffer(); while (true) { String packageName = readToken(in, sb, ' '); if (packageName == null) { break; } String timeInMillisString = readToken(in, sb, '\n'); if (timeInMillisString == null) { throw new IOException("Failed to find last usage time for package " + packageName); } PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { continue; } long timeInMillis; try { timeInMillis = Long.parseLong(timeInMillisString.toString()); } catch (NumberFormatException e) { throw new IOException("Failed to parse " + timeInMillisString + " as a long.", e); } pkg.mLastPackageUsageTimeInMills = timeInMillis; } } catch (FileNotFoundException expected) { mIsHistoricalPackageUsageAvailable = false; } catch (IOException e) { Log.w(TAG, "Failed to read package usage times", e); } finally { IoUtils.closeQuietly(in); } } mLastWritten.set(SystemClock.elapsedRealtime()); } private String readToken(InputStream in, StringBuffer sb, char endOfToken) throws IOException { sb.setLength(0); while (true) { int ch = in.read(); if (ch == -1) { if (sb.length() == 0) { return null; } throw new IOException("Unexpected EOF"); } if (ch == endOfToken) { return sb.toString(); } sb.append((char)ch); } } private AtomicFile getFile() { File dataDir = Environment.getDataDirectory(); File systemDir = new File(dataDir, "system"); File fname = new File(systemDir, "package-usage.list"); return new AtomicFile(fname); } } class PackageHandler extends Handler { private boolean mBound = false; final ArrayList
mPendingInstalls = new ArrayList
(); private boolean connectToService() { if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to bind to" + " DefaultContainerService"); Intent service = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); if (mContext.bindServiceAsUser(service, mDefContainerConn, Context.BIND_AUTO_CREATE, UserHandle.OWNER)) { Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); mBound = true; return true; } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); return false; } private void disconnectService() { mContainerService = null; mBound = false; Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); mContext.unbindService(mDefContainerConn); Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } PackageHandler(Looper looper) { super(looper); } public void handleMessage(Message msg) { try { doHandleMessage(msg); } finally { Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } } void doHandleMessage(Message msg) { switch (msg.what) { case INIT_COPY: { HandlerParams params = (HandlerParams) msg.obj; int idx = mPendingInstalls.size(); if (DEBUG_INSTALL) Slog.i(TAG, "init_copy idx=" + idx + ": " + params); // If a bind was already initiated we dont really // need to do anything. The pending install // will be processed later on. if (!mBound) { // If this is the only one pending we might // have to bind to the service again. if (!connectToService()) { Slog.e(TAG, "Failed to bind to media container service"); params.serviceError(); return; } else { // Once we bind to the service, the first // pending request will be processed. mPendingInstalls.add(idx, params); } } else { mPendingInstalls.add(idx, params); // Already bound to the service. Just make // sure we trigger off processing the first request. if (idx == 0) { mHandler.sendEmptyMessage(MCS_BOUND); } } break; } case MCS_BOUND: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_bound"); if (msg.obj != null) { mContainerService = (IMediaContainerService) msg.obj; } if (mContainerService == null) { if (!mBound) { // Something seriously wrong since we are not bound and we are not // waiting for connection. Bail out. Slog.e(TAG, "Cannot bind to media container service"); for (HandlerParams params : mPendingInstalls) { // Indicate service bind error params.serviceError(); } mPendingInstalls.clear(); } else { Slog.w(TAG, "Waiting to connect to media container service"); } } else if (mPendingInstalls.size() > 0) { HandlerParams params = mPendingInstalls.get(0); if (params != null) { if (params.startCopy()) { // We are done... look for more work or to // go idle. if (DEBUG_SD_INSTALL) Log.i(TAG, "Checking for more work or unbind..."); // Delete pending install if (mPendingInstalls.size() > 0) { mPendingInstalls.remove(0); } if (mPendingInstalls.size() == 0) { if (mBound) { if (DEBUG_SD_INSTALL) Log.i(TAG, "Posting delayed MCS_UNBIND"); removeMessages(MCS_UNBIND); Message ubmsg = obtainMessage(MCS_UNBIND); // Unbind after a little delay, to avoid // continual thrashing. sendMessageDelayed(ubmsg, 10000); } } else { // There are more pending requests in queue. // Just post MCS_BOUND message to trigger processing // of next pending install. if (DEBUG_SD_INSTALL) Log.i(TAG, "Posting MCS_BOUND for next work"); mHandler.sendEmptyMessage(MCS_BOUND); } } } } else { // Should never happen ideally. Slog.w(TAG, "Empty queue"); } break; } case MCS_RECONNECT: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_reconnect"); if (mPendingInstalls.size() > 0) { if (mBound) { disconnectService(); } if (!connectToService()) { Slog.e(TAG, "Failed to bind to media container service"); for (HandlerParams params : mPendingInstalls) { // Indicate service bind error params.serviceError(); } mPendingInstalls.clear(); } } break; } case MCS_UNBIND: { // If there is no actual work left, then time to unbind. if (DEBUG_INSTALL) Slog.i(TAG, "mcs_unbind"); if (mPendingInstalls.size() == 0 && mPendingVerification.size() == 0) { if (mBound) { if (DEBUG_INSTALL) Slog.i(TAG, "calling disconnectService()"); disconnectService(); } } else if (mPendingInstalls.size() > 0) { // There are more pending requests in queue. // Just post MCS_BOUND message to trigger processing // of next pending install. mHandler.sendEmptyMessage(MCS_BOUND); } break; } case MCS_GIVE_UP: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_giveup too many retries"); mPendingInstalls.remove(0); break; } case SEND_PENDING_BROADCAST: { String packages[]; ArrayList
components[]; int size = 0; int uids[]; Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { if (mPendingBroadcasts == null) { return; } size = mPendingBroadcasts.size(); if (size <= 0) { // Nothing to be done. Just return return; } packages = new String[size]; components = new ArrayList[size]; uids = new int[size]; int i = 0; // filling out the above arrays for (int n = 0; n < mPendingBroadcasts.userIdCount(); n++) { int packageUserId = mPendingBroadcasts.userIdAt(n); Iterator
>> it = mPendingBroadcasts.packagesForUserId(packageUserId) .entrySet().iterator(); while (it.hasNext() && i < size) { Map.Entry
> ent = it.next(); packages[i] = ent.getKey(); components[i] = ent.getValue(); PackageSetting ps = mSettings.mPackages.get(ent.getKey()); uids[i] = (ps != null) ? UserHandle.getUid(packageUserId, ps.appId) : -1; i++; } } size = i; mPendingBroadcasts.clear(); } // Send broadcasts for (int i = 0; i < size; i++) { sendPackageChangedBroadcast(packages[i], true, components[i], uids[i]); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); break; } case START_CLEANING_PACKAGE: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); final String packageName = (String)msg.obj; final int userId = msg.arg1; final boolean andCode = msg.arg2 != 0; synchronized (mPackages) { if (userId == UserHandle.USER_ALL) { int[] users = sUserManager.getUserIds(); for (int user : users) { mSettings.addPackageToCleanLPw( new PackageCleanItem(user, packageName, andCode)); } } else { mSettings.addPackageToCleanLPw( new PackageCleanItem(userId, packageName, andCode)); } } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); startCleaningPackages(); } break; case POST_INSTALL: { if (DEBUG_INSTALL) Log.v(TAG, "Handling post-install for " + msg.arg1); PostInstallData data = mRunningInstalls.get(msg.arg1); mRunningInstalls.delete(msg.arg1); boolean deleteOld = false; if (data != null) { InstallArgs args = data.args; PackageInstalledInfo res = data.res; if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { final String packageName = res.pkg.applicationInfo.packageName; res.removedInfo.sendBroadcast(false, true, false); Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, res.uid); // Now that we successfully installed the package, grant runtime // permissions if requested before broadcasting the install. if ((args.installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0) { grantRequestedRuntimePermissions(res.pkg, args.user.getIdentifier(), args.installGrantPermissions); } // Determine the set of users who are adding this // package for the first time vs. those who are seeing // an update. int[] firstUsers; int[] updateUsers = new int[0]; if (res.origUsers == null || res.origUsers.length == 0) { firstUsers = res.newUsers; } else { firstUsers = new int[0]; for (int i=0; i
AVAILABLE"); } int[] uidArray = new int[] { res.pkg.applicationInfo.uid }; ArrayList
pkgList = new ArrayList
(1); pkgList.add(packageName); sendResourcesChangedBroadcast(true, true, pkgList,uidArray, null); } } if (res.removedInfo.args != null) { // Remove the replaced package's older resources safely now deleteOld = true; } // If this app is a browser and it's newly-installed for some // users, clear any default-browser state in those users if (firstUsers.length > 0) { // the app's nature doesn't depend on the user, so we can just // check its browser nature in any user and generalize. if (packageIsBrowser(packageName, firstUsers[0])) { synchronized (mPackages) { for (int userId : firstUsers) { mSettings.setDefaultBrowserPackageNameLPw(null, userId); } } } } // Log current value of "unknown sources" setting EventLog.writeEvent(EventLogTags.UNKNOWN_SOURCES_ENABLED, getUnknownSourcesSettings()); } // Force a gc to clear up things Runtime.getRuntime().gc(); // We delete after a gc for applications on sdcard. if (deleteOld) { synchronized (mInstallLock) { res.removedInfo.args.doPostDeleteLI(true); } } if (args.observer != null) { try { Bundle extras = extrasForInstallResult(res); args.observer.onPackageInstalled(res.name, res.returnCode, res.returnMsg, extras); } catch (RemoteException e) { Slog.i(TAG, "Observer no longer exists."); } } } else { Slog.e(TAG, "Bogus post-install token " + msg.arg1); } } break; case UPDATED_MEDIA_STATUS: { if (DEBUG_SD_INSTALL) Log.i(TAG, "Got message UPDATED_MEDIA_STATUS"); boolean reportStatus = msg.arg1 == 1; boolean doGc = msg.arg2 == 1; if (DEBUG_SD_INSTALL) Log.i(TAG, "reportStatus=" + reportStatus + ", doGc = " + doGc); if (doGc) { // Force a gc to clear up stale containers. Runtime.getRuntime().gc(); } if (msg.obj != null) { @SuppressWarnings("unchecked") Set
args = (Set
) msg.obj; if (DEBUG_SD_INSTALL) Log.i(TAG, "Unloading all containers"); // Unload containers unloadAllContainers(args); } if (reportStatus) { try { if (DEBUG_SD_INSTALL) Log.i(TAG, "Invoking MountService call back"); PackageHelper.getMountService().finishMediaUpdate(); } catch (RemoteException e) { Log.e(TAG, "MountService not running?"); } } } break; case WRITE_SETTINGS: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { removeMessages(WRITE_SETTINGS); removeMessages(WRITE_PACKAGE_RESTRICTIONS); mSettings.writeLPr(); mDirtyUsers.clear(); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } break; case WRITE_PACKAGE_RESTRICTIONS: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { removeMessages(WRITE_PACKAGE_RESTRICTIONS); for (int userId : mDirtyUsers) { mSettings.writePackageRestrictionsLPr(userId); } mDirtyUsers.clear(); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } break; case CHECK_PENDING_VERIFICATION: { final int verificationId = msg.arg1; final PackageVerificationState state = mPendingVerification.get(verificationId); if ((state != null) && !state.timeoutExtended()) { final InstallArgs args = state.getInstallArgs(); final Uri originUri = Uri.fromFile(args.origin.resolvedFile); Slog.i(TAG, "Verification timed out for " + originUri); mPendingVerification.remove(verificationId); int ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; if (getDefaultVerificationResponse() == PackageManager.VERIFICATION_ALLOW) { Slog.i(TAG, "Continuing with installation of " + originUri); state.setVerifierResponse(Binder.getCallingUid(), PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT); broadcastPackageVerified(verificationId, originUri, PackageManager.VERIFICATION_ALLOW, state.getInstallArgs().getUser()); try { ret = args.copyApk(mContainerService, true); } catch (RemoteException e) { Slog.e(TAG, "Could not contact the ContainerService"); } } else { broadcastPackageVerified(verificationId, originUri, PackageManager.VERIFICATION_REJECT, state.getInstallArgs().getUser()); } processPendingInstall(args, ret); mHandler.sendEmptyMessage(MCS_UNBIND); } break; } case PACKAGE_VERIFIED: { final int verificationId = msg.arg1; final PackageVerificationState state = mPendingVerification.get(verificationId); if (state == null) { Slog.w(TAG, "Invalid verification token " + verificationId + " received"); break; } final PackageVerificationResponse response = (PackageVerificationResponse) msg.obj; state.setVerifierResponse(response.callerUid, response.code); if (state.isVerificationComplete()) { mPendingVerification.remove(verificationId); final InstallArgs args = state.getInstallArgs(); final Uri originUri = Uri.fromFile(args.origin.resolvedFile); int ret; if (state.isInstallAllowed()) { ret = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; broadcastPackageVerified(verificationId, originUri, response.code, state.getInstallArgs().getUser()); try { ret = args.copyApk(mContainerService, true); } catch (RemoteException e) { Slog.e(TAG, "Could not contact the ContainerService"); } } else { ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; } processPendingInstall(args, ret); mHandler.sendEmptyMessage(MCS_UNBIND); } break; } case START_INTENT_FILTER_VERIFICATIONS: { IFVerificationParams params = (IFVerificationParams) msg.obj; verifyIntentFiltersIfNeeded(params.userId, params.verifierUid, params.replacing, params.pkg); break; } case INTENT_FILTER_VERIFIED: { final int verificationId = msg.arg1; final IntentFilterVerificationState state = mIntentFilterVerificationStates.get( verificationId); if (state == null) { Slog.w(TAG, "Invalid IntentFilter verification token " + verificationId + " received"); break; } final int userId = state.getUserId(); if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Processing IntentFilter verification with token:" + verificationId + " and userId:" + userId); final IntentFilterVerificationResponse response = (IntentFilterVerificationResponse) msg.obj; state.setVerifierResponse(response.callerUid, response.code); if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "IntentFilter verification with token:" + verificationId + " and userId:" + userId + " is settings verifier response with response code:" + response.code); if (response.code == PackageManager.INTENT_FILTER_VERIFICATION_FAILURE) { if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Domains failing verification: " + response.getFailedDomainsString()); } if (state.isVerificationComplete()) { mIntentFilterVerifier.receiveVerificationResponse(verificationId); } else { if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "IntentFilter verification with token:" + verificationId + " was not said to be complete"); } break; } } } } private StorageEventListener mStorageListener = new StorageEventListener() { @Override public void onVolumeStateChanged(VolumeInfo vol, int oldState, int newState) { if (vol.type == VolumeInfo.TYPE_PRIVATE) { if (vol.state == VolumeInfo.STATE_MOUNTED) { final String volumeUuid = vol.getFsUuid(); // Clean up any users or apps that were removed or recreated // while this volume was missing reconcileUsers(volumeUuid); reconcileApps(volumeUuid); // Clean up any install sessions that expired or were // cancelled while this volume was missing mInstallerService.onPrivateVolumeMounted(volumeUuid); loadPrivatePackages(vol); } else if (vol.state == VolumeInfo.STATE_EJECTING) { unloadPrivatePackages(vol); } } if (vol.type == VolumeInfo.TYPE_PUBLIC && vol.isPrimary()) { if (vol.state == VolumeInfo.STATE_MOUNTED) { updateExternalMediaStatus(true, false); } else if (vol.state == VolumeInfo.STATE_EJECTING) { updateExternalMediaStatus(false, false); } } } @Override public void onVolumeForgotten(String fsUuid) { if (TextUtils.isEmpty(fsUuid)) { Slog.w(TAG, "Forgetting internal storage is probably a mistake; ignoring"); return; } // Remove any apps installed on the forgotten volume synchronized (mPackages) { final List
packages = mSettings.getVolumePackagesLPr(fsUuid); for (PackageSetting ps : packages) { Slog.d(TAG, "Destroying " + ps.name + " because volume was forgotten"); deletePackage(ps.name, new LegacyPackageDeleteObserver(null).getBinder(), UserHandle.USER_OWNER, PackageManager.DELETE_ALL_USERS); } mSettings.onVolumeForgotten(fsUuid); mSettings.writeLPr(); } } }; private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int userId, String[] grantedPermissions) { if (userId >= UserHandle.USER_OWNER) { grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions); } else if (userId == UserHandle.USER_ALL) { final int[] userIds; synchronized (mPackages) { userIds = UserManagerService.getInstance().getUserIds(); } for (int someUserId : userIds) { grantRequestedRuntimePermissionsForUser(pkg, someUserId, grantedPermissions); } } // We could have touched GID membership, so flush out packages.list synchronized (mPackages) { mSettings.writePackageListLPr(); } } private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, String[] grantedPermissions) { SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { return; } synchronized (mPackages) { for (String permission : pkg.requestedPermissions) { BasePermission bp = mSettings.mPermissions.get(permission); if (bp != null && (bp.isRuntime() || bp.isDevelopment()) && (grantedPermissions == null || ArrayUtils.contains(grantedPermissions, permission)) && (getPermissionFlags(permission, pkg.packageName, userId) & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { grantRuntimePermission(pkg.packageName, permission, userId); } } } } Bundle extrasForInstallResult(PackageInstalledInfo res) { Bundle extras = null; switch (res.returnCode) { case PackageManager.INSTALL_FAILED_DUPLICATE_PERMISSION: { extras = new Bundle(); extras.putString(PackageManager.EXTRA_FAILURE_EXISTING_PERMISSION, res.origPermission); extras.putString(PackageManager.EXTRA_FAILURE_EXISTING_PACKAGE, res.origPackage); break; } case PackageManager.INSTALL_SUCCEEDED: { extras = new Bundle(); extras.putBoolean(Intent.EXTRA_REPLACING, res.removedInfo != null && res.removedInfo.removedPackage != null); break; } } return extras; } void scheduleWriteSettingsLocked() { if (!mHandler.hasMessages(WRITE_SETTINGS)) { mHandler.sendEmptyMessageDelayed(WRITE_SETTINGS, WRITE_SETTINGS_DELAY); } } void scheduleWritePackageRestrictionsLocked(int userId) { if (!sUserManager.exists(userId)) return; mDirtyUsers.add(userId); if (!mHandler.hasMessages(WRITE_PACKAGE_RESTRICTIONS)) { mHandler.sendEmptyMessageDelayed(WRITE_PACKAGE_RESTRICTIONS, WRITE_SETTINGS_DELAY); } } public static PackageManagerService main(Context context, Installer installer, boolean factoryTest, boolean onlyCore) { PackageManagerService m = new PackageManagerService(context, installer, factoryTest, onlyCore); ServiceManager.addService("package", m); return m; } static String[] splitString(String str, char sep) { int count = 1; int i = 0; while ((i=str.indexOf(sep, i)) >= 0) { count++; i++; } String[] res = new String[count]; i=0; count = 0; int lastI=0; while ((i=str.indexOf(sep, i)) >= 0) { res[count] = str.substring(lastI, i); count++; i++; lastI = i; } res[count] = str.substring(lastI, str.length()); return res; } private static void getDefaultDisplayMetrics(Context context, DisplayMetrics metrics) { DisplayManager displayManager = (DisplayManager) context.getSystemService( Context.DISPLAY_SERVICE); displayManager.getDisplay(Display.DEFAULT_DISPLAY).getMetrics(metrics); } public PackageManagerService(Context context, Installer installer, boolean factoryTest, boolean onlyCore) { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_START, SystemClock.uptimeMillis()); if (mSdkVersion <= 0) { Slog.w(TAG, "**** ro.build.version.sdk not set!"); } mContext = context; mFactoryTest = factoryTest; mOnlyCore = onlyCore; mLazyDexOpt = "eng".equals(SystemProperties.get("ro.build.type")); mMetrics = new DisplayMetrics(); mSettings = new Settings(mPackages); mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); mSettings.addSharedUserLPw("android.uid.log", LOG_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID, ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED); // TODO: add a property to control this? long dexOptLRUThresholdInMinutes; if (mLazyDexOpt) { dexOptLRUThresholdInMinutes = 30; // only last 30 minutes of apps for eng builds. } else { dexOptLRUThresholdInMinutes = 7 * 24 * 60; // apps used in the 7 days for users. } mDexOptLRUThresholdInMills = dexOptLRUThresholdInMinutes * 60 * 1000; String separateProcesses = SystemProperties.get("debug.separate_processes"); if (separateProcesses != null && separateProcesses.length() > 0) { if ("*".equals(separateProcesses)) { mDefParseFlags = PackageParser.PARSE_IGNORE_PROCESSES; mSeparateProcesses = null; Slog.w(TAG, "Running with debug.separate_processes: * (ALL)"); } else { mDefParseFlags = 0; mSeparateProcesses = separateProcesses.split(","); Slog.w(TAG, "Running with debug.separate_processes: " + separateProcesses); } } else { mDefParseFlags = 0; mSeparateProcesses = null; } mInstaller = installer; mPackageDexOptimizer = new PackageDexOptimizer(this); mMoveCallbacks = new MoveCallbacks(FgThread.get().getLooper()); mOnPermissionChangeListeners = new OnPermissionChangeListeners( FgThread.get().getLooper()); getDefaultDisplayMetrics(context, mMetrics); SystemConfig systemConfig = SystemConfig.getInstance(); mGlobalGids = systemConfig.getGlobalGids(); mSystemPermissions = systemConfig.getSystemPermissions(); mAvailableFeatures = systemConfig.getAvailableFeatures(); synchronized (mInstallLock) { // writer synchronized (mPackages) { mHandlerThread = new ServiceThread(TAG, Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/); mHandlerThread.start(); mHandler = new PackageHandler(mHandlerThread.getLooper()); Watchdog.getInstance().addThread(mHandler, WATCHDOG_TIMEOUT); File dataDir = Environment.getDataDirectory(); mAppDataDir = new File(dataDir, "data"); mAppInstallDir = new File(dataDir, "app"); mAppLib32InstallDir = new File(dataDir, "app-lib"); mAsecInternalPath = new File(dataDir, "app-asec").getPath(); mUserAppDataDir = new File(dataDir, "user"); mDrmAppPrivateInstallDir = new File(dataDir, "app-private"); sUserManager = new UserManagerService(context, this, mInstallLock, mPackages); // Propagate permission configuration in to package manager. ArrayMap
permConfig = systemConfig.getPermissions(); for (int i=0; i
libConfig = systemConfig.getSharedLibraries(); for (int i=0; i
alreadyDexOpted = new ArraySet
(); /** * Add everything in the in the boot class path to the * list of process files because dexopt will have been run * if necessary during zygote startup. */ final String bootClassPath = System.getenv("BOOTCLASSPATH"); final String systemServerClassPath = System.getenv("SYSTEMSERVERCLASSPATH"); if (bootClassPath != null) { String[] bootClassPathElements = splitString(bootClassPath, ':'); for (String element : bootClassPathElements) { alreadyDexOpted.add(element); } } else { Slog.w(TAG, "No BOOTCLASSPATH found!"); } if (systemServerClassPath != null) { String[] systemServerClassPathElements = splitString(systemServerClassPath, ':'); for (String element : systemServerClassPathElements) { alreadyDexOpted.add(element); } } else { Slog.w(TAG, "No SYSTEMSERVERCLASSPATH found!"); } final List
allInstructionSets = InstructionSets.getAllInstructionSets(); final String[] dexCodeInstructionSets = getDexCodeInstructionSets( allInstructionSets.toArray(new String[allInstructionSets.size()])); /** * Ensure all external libraries have had dexopt run on them. */ if (mSharedLibraries.size() > 0) { // NOTE: For now, we're compiling these system "shared libraries" // (and framework jars) into all available architectures. It's possible // to compile them only when we come across an app that uses them (there's // already logic for that in scanPackageLI) but that adds some complexity. for (String dexCodeInstructionSet : dexCodeInstructionSets) { for (SharedLibraryEntry libEntry : mSharedLibraries.values()) { final String lib = libEntry.path; if (lib == null) { continue; } try { int dexoptNeeded = DexFile.getDexOptNeeded(lib, null, dexCodeInstructionSet, false); if (dexoptNeeded != DexFile.NO_DEXOPT_NEEDED) { alreadyDexOpted.add(lib); mInstaller.dexopt(lib, Process.SYSTEM_UID, true, dexCodeInstructionSet, dexoptNeeded, false); } } catch (FileNotFoundException e) { Slog.w(TAG, "Library not found: " + lib); } catch (IOException e) { Slog.w(TAG, "Cannot dexopt " + lib + "; is it an APK or JAR? " + e.getMessage()); } } } } File frameworkDir = new File(Environment.getRootDirectory(), "framework"); // Gross hack for now: we know this file doesn't contain any // code, so don't dexopt it to avoid the resulting log spew. alreadyDexOpted.add(frameworkDir.getPath() + "/framework-res.apk"); // Gross hack for now: we know this file is only part of // the boot class path for art, so don't dexopt it to // avoid the resulting log spew. alreadyDexOpted.add(frameworkDir.getPath() + "/core-libart.jar"); /** * There are a number of commands implemented in Java, which * we currently need to do the dexopt on so that they can be * run from a non-root shell. */ String[] frameworkFiles = frameworkDir.list(); if (frameworkFiles != null) { // TODO: We could compile these only for the most preferred ABI. We should // first double check that the dex files for these commands are not referenced // by other system apps. for (String dexCodeInstructionSet : dexCodeInstructionSets) { for (int i=0; i
pkgSettingIter = mSettings.mPackages.values().iterator(); while (pkgSettingIter.hasNext()) { PackageSetting ps = pkgSettingIter.next(); if (isSystemApp(ps)) { mExistingSystemPackages.add(ps.name); } } } // Collect vendor overlay packages. // (Do this before scanning any apps.) // For security and version matching reason, only consider // overlay packages if they reside in VENDOR_OVERLAY_DIR. File vendorOverlayDir = new File(VENDOR_OVERLAY_DIR); scanDirLI(vendorOverlayDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags | SCAN_TRUSTED_OVERLAY, 0); // Find base frameworks (resource packages without code). scanDirLI(frameworkDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR | PackageParser.PARSE_IS_PRIVILEGED, scanFlags | SCAN_NO_DEX, 0); // Collected privileged system packages. final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app"); scanDirLI(privilegedAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0); // Collect ordinary system packages. final File systemAppDir = new File(Environment.getRootDirectory(), "app"); scanDirLI(systemAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); // Collect all vendor packages. File vendorAppDir = new File("/vendor/app"); try { vendorAppDir = vendorAppDir.getCanonicalFile(); } catch (IOException e) { // failed to look up canonical path, continue with original one } scanDirLI(vendorAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); // Collect all OEM packages. final File oemAppDir = new File(Environment.getOemDirectory(), "app"); scanDirLI(oemAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0); if (DEBUG_UPGRADE) Log.v(TAG, "Running installd update commands"); mInstaller.moveFiles(); // Prune any system packages that no longer exist. final List
possiblyDeletedUpdatedSystemApps = new ArrayList
(); if (!mOnlyCore) { Iterator
psit = mSettings.mPackages.values().iterator(); while (psit.hasNext()) { PackageSetting ps = psit.next(); /* * If this is not a system app, it can't be a * disable system app. */ if ((ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { continue; } /* * If the package is scanned, it's not erased. */ final PackageParser.Package scannedPkg = mPackages.get(ps.name); if (scannedPkg != null) { /* * If the system app is both scanned and in the * disabled packages list, then it must have been * added via OTA. Remove it from the currently * scanned package so the previously user-installed * application can be scanned. */ if (mSettings.isDisabledSystemPackageLPr(ps.name)) { logCriticalInfo(Log.WARN, "Expecting better updated system app for " + ps.name + "; removing system app. Last known codePath=" + ps.codePathString + ", installStatus=" + ps.installStatus + ", versionCode=" + ps.versionCode + "; scanned versionCode=" + scannedPkg.mVersionCode); removePackageLI(ps, true); mExpectingBetter.put(ps.name, ps.codePath); } continue; } if (!mSettings.isDisabledSystemPackageLPr(ps.name)) { psit.remove(); logCriticalInfo(Log.WARN, "System package " + ps.name + " no longer exists; wiping its data"); removeDataDirsLI(null, ps.name); } else { final PackageSetting disabledPs = mSettings.getDisabledSystemPkgLPr(ps.name); if (disabledPs.codePath == null || !disabledPs.codePath.exists()) { possiblyDeletedUpdatedSystemApps.add(ps.name); } } } } //look for any incomplete package installations ArrayList
deletePkgsList = mSettings.getListOfIncompleteInstallPackagesLPr(); //clean up list for(int i = 0; i < deletePkgsList.size(); i++) { //clean up here cleanupInstallFailedPackage(deletePkgsList.get(i)); } //delete tmp files deleteTempPackageFiles(); // Remove any shared userIDs that have no associated packages mSettings.pruneSharedUsersLPw(); if (!mOnlyCore) { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_DATA_SCAN_START, SystemClock.uptimeMillis()); scanDirLI(mAppInstallDir, 0, scanFlags | SCAN_REQUIRE_KNOWN, 0); scanDirLI(mDrmAppPrivateInstallDir, PackageParser.PARSE_FORWARD_LOCK, scanFlags | SCAN_REQUIRE_KNOWN, 0); /** * Remove disable package settings for any updated system * apps that were removed via an OTA. If they're not a * previously-updated app, remove them completely. * Otherwise, just revoke their system-level permissions. */ for (String deletedAppName : possiblyDeletedUpdatedSystemApps) { PackageParser.Package deletedPkg = mPackages.get(deletedAppName); mSettings.removeDisabledSystemPackageLPw(deletedAppName); String msg; if (deletedPkg == null) { msg = "Updated system package " + deletedAppName + " no longer exists; wiping its data"; removeDataDirsLI(null, deletedAppName); } else { msg = "Updated system app + " + deletedAppName + " no longer present; removing system privileges for " + deletedAppName; deletedPkg.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM; PackageSetting deletedPs = mSettings.mPackages.get(deletedAppName); deletedPs.pkgFlags &= ~ApplicationInfo.FLAG_SYSTEM; } logCriticalInfo(Log.WARN, msg); } /** * Make sure all system apps that we expected to appear on * the userdata partition actually showed up. If they never * appeared, crawl back and revive the system version. */ for (int i = 0; i < mExpectingBetter.size(); i++) { final String packageName = mExpectingBetter.keyAt(i); if (!mPackages.containsKey(packageName)) { final File scanFile = mExpectingBetter.valueAt(i); logCriticalInfo(Log.WARN, "Expected better " + packageName + " but never showed up; reverting to system"); final int reparseFlags; if (FileUtils.contains(privilegedAppDir, scanFile)) { reparseFlags = PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR | PackageParser.PARSE_IS_PRIVILEGED; } else if (FileUtils.contains(systemAppDir, scanFile)) { reparseFlags = PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR; } else if (FileUtils.contains(vendorAppDir, scanFile)) { reparseFlags = PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR; } else if (FileUtils.contains(oemAppDir, scanFile)) { reparseFlags = PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR; } else { Slog.e(TAG, "Ignoring unexpected fallback path " + scanFile); continue; } mSettings.enableSystemPackageLPw(packageName); try { scanPackageLI(scanFile, reparseFlags, scanFlags, 0, null); } catch (PackageManagerException e) { Slog.e(TAG, "Failed to parse original system package: " + e.getMessage()); } } } } mExpectingBetter.clear(); // Now that we know all of the shared libraries, update all clients to have // the correct library paths. updateAllSharedLibrariesLPw(); for (SharedUserSetting setting : mSettings.getAllSharedUsersLPw()) { // NOTE: We ignore potential failures here during a system scan (like // the rest of the commands above) because there's precious little we // can do about it. A settings error is reported, though. adjustCpuAbisForSharedUserLPw(setting.packages, null /* scanned package */, false /* force dexopt */, false /* defer dexopt */, false /* boot complete */); } // Now that we know all the packages we are keeping, // read and update their last usage times. mPackageUsage.readLP(); EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SCAN_END, SystemClock.uptimeMillis()); Slog.i(TAG, "Time to scan packages: " + ((SystemClock.uptimeMillis()-startTime)/1000f) + " seconds"); // If the platform SDK has changed since the last time we booted, // we need to re-grant app permission to catch any new ones that // appear. This is really a hack, and means that apps can in some // cases get permissions that the user didn't initially explicitly // allow... it would be nice to have some better way to handle // this situation. int updateFlags = UPDATE_PERMISSIONS_ALL; if (ver.sdkVersion != mSdkVersion) { Slog.i(TAG, "Platform changed from " + ver.sdkVersion + " to " + mSdkVersion + "; regranting permissions for internal storage"); updateFlags |= UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL; } updatePermissionsLPw(null, null, StorageManager.UUID_PRIVATE_INTERNAL, updateFlags); ver.sdkVersion = mSdkVersion; // If this is the first boot or an update from pre-M, and it is a normal // boot, then we need to initialize the default preferred apps across // all defined users. if (!onlyCore && (mPromoteSystemApps || !mRestoredSettings)) { for (UserInfo user : sUserManager.getUsers(true)) { mSettings.applyDefaultPreferredAppsLPw(this, user.id); applyFactoryDefaultBrowserLPw(user.id); primeDomainVerificationsLPw(user.id); } } // If this is first boot after an OTA, and a normal boot, then // we need to clear code cache directories. if (mIsUpgrade && !onlyCore) { Slog.i(TAG, "Build fingerprint changed; clearing code caches"); for (int i = 0; i < mSettings.mPackages.size(); i++) { final PackageSetting ps = mSettings.mPackages.valueAt(i); if (Objects.equals(StorageManager.UUID_PRIVATE_INTERNAL, ps.volumeUuid)) { deleteCodeCacheDirsLI(ps.volumeUuid, ps.name); } } ver.fingerprint = Build.FINGERPRINT; } checkDefaultBrowser(); // clear only after permissions and other defaults have been updated mExistingSystemPackages.clear(); mPromoteSystemApps = false; // All the changes are done during package scanning. ver.databaseVersion = Settings.CURRENT_DATABASE_VERSION; // can downgrade to reader mSettings.writeLPr(); EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, SystemClock.uptimeMillis()); mRequiredVerifierPackage = getRequiredVerifierLPr(); mRequiredInstallerPackage = getRequiredInstallerLPr(); mInstallerService = new PackageInstallerService(context, this); mIntentFilterVerifierComponent = getIntentFilterVerifierComponentNameLPr(); mIntentFilterVerifier = new IntentVerifierProxy(mContext, mIntentFilterVerifierComponent); } // synchronized (mPackages) } // synchronized (mInstallLock) // Now after opening every single application zip, make sure they // are all flushed. Not really needed, but keeps things nice and // tidy. Runtime.getRuntime().gc(); // Expose private service for system components to use. LocalServices.addService(PackageManagerInternal.class, new PackageManagerInternalImpl()); } @Override public boolean isFirstBoot() { return !mRestoredSettings; } @Override public boolean isOnlyCoreApps() { return mOnlyCore; } @Override public boolean isUpgrade() { return mIsUpgrade; } private String getRequiredVerifierLPr() { final Intent verification = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); final List
receivers = queryIntentReceivers(verification, PACKAGE_MIME_TYPE, PackageManager.GET_DISABLED_COMPONENTS, 0 /* TODO: Which userId? */); String requiredVerifier = null; final int N = receivers.size(); for (int i = 0; i < N; i++) { final ResolveInfo info = receivers.get(i); if (info.activityInfo == null) { continue; } final String packageName = info.activityInfo.packageName; if (checkPermission(android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, packageName, UserHandle.USER_OWNER) != PackageManager.PERMISSION_GRANTED) { continue; } if (requiredVerifier != null) { throw new RuntimeException("There can be only one required verifier"); } requiredVerifier = packageName; } return requiredVerifier; } private String getRequiredInstallerLPr() { Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); installerIntent.addCategory(Intent.CATEGORY_DEFAULT); installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), PACKAGE_MIME_TYPE); final List
installers = queryIntentActivities(installerIntent, PACKAGE_MIME_TYPE, 0, 0); String requiredInstaller = null; final int N = installers.size(); for (int i = 0; i < N; i++) { final ResolveInfo info = installers.get(i); final String packageName = info.activityInfo.packageName; if (!info.activityInfo.applicationInfo.isSystemApp()) { continue; } if (requiredInstaller != null) { throw new RuntimeException("There must be one required installer"); } requiredInstaller = packageName; } if (requiredInstaller == null) { throw new RuntimeException("There must be one required installer"); } return requiredInstaller; } private ComponentName getIntentFilterVerifierComponentNameLPr() { final Intent verification = new Intent(Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION); final List
receivers = queryIntentReceivers(verification, PACKAGE_MIME_TYPE, PackageManager.GET_DISABLED_COMPONENTS, 0 /* userId */); ComponentName verifierComponentName = null; int priority = -1000; final int N = receivers.size(); for (int i = 0; i < N; i++) { final ResolveInfo info = receivers.get(i); if (info.activityInfo == null) { continue; } final String packageName = info.activityInfo.packageName; final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null) { continue; } if (checkPermission(android.Manifest.permission.INTENT_FILTER_VERIFICATION_AGENT, packageName, UserHandle.USER_OWNER) != PackageManager.PERMISSION_GRANTED) { continue; } // Select the IntentFilterVerifier with the highest priority if (priority < info.priority) { priority = info.priority; verifierComponentName = new ComponentName(packageName, info.activityInfo.name); if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Selecting IntentFilterVerifier: " + verifierComponentName + " with priority: " + info.priority); } } return verifierComponentName; } private void primeDomainVerificationsLPw(int userId) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.d(TAG, "Priming domain verifications in user " + userId); } SystemConfig systemConfig = SystemConfig.getInstance(); ArraySet
packages = systemConfig.getLinkedApps(); ArraySet
domains = new ArraySet
(); for (String packageName : packages) { PackageParser.Package pkg = mPackages.get(packageName); if (pkg != null) { if (!pkg.isSystemApp()) { Slog.w(TAG, "Non-system app '" + packageName + "' in sysconfig
"); continue; } domains.clear(); for (PackageParser.Activity a : pkg.activities) { for (ActivityIntentInfo filter : a.intents) { if (hasValidDomains(filter)) { domains.addAll(filter.getHostsList()); } } } if (domains.size() > 0) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.v(TAG, " + " + packageName); } // 'Undefined' in the global IntentFilterVerificationInfo, i.e. the usual // state w.r.t. the formal app-linkage "no verification attempted" state; // and then 'always' in the per-user state actually used for intent resolution. final IntentFilterVerificationInfo ivi; ivi = mSettings.createIntentFilterVerificationIfNeededLPw(packageName, new ArrayList
(domains)); ivi.setStatus(INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED); mSettings.updateIntentFilterVerificationStatusLPw(packageName, INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS, userId); } else { Slog.w(TAG, "Sysconfig
package '" + packageName + "' does not handle web links"); } } else { Slog.w(TAG, "Unknown package '" + packageName + "' in sysconfig
"); } } scheduleWritePackageRestrictionsLocked(userId); scheduleWriteSettingsLocked(); } private void applyFactoryDefaultBrowserLPw(int userId) { // The default browser app's package name is stored in a string resource, // with a product-specific overlay used for vendor customization. String browserPkg = mContext.getResources().getString( com.android.internal.R.string.default_browser); if (!TextUtils.isEmpty(browserPkg)) { // non-empty string => required to be a known package PackageSetting ps = mSettings.mPackages.get(browserPkg); if (ps == null) { Slog.e(TAG, "Product default browser app does not exist: " + browserPkg); browserPkg = null; } else { mSettings.setDefaultBrowserPackageNameLPw(browserPkg, userId); } } // Nothing valid explicitly set? Make the factory-installed browser the explicit // default. If there's more than one, just leave everything alone. if (browserPkg == null) { calculateDefaultBrowserLPw(userId); } } private void calculateDefaultBrowserLPw(int userId) { List
allBrowsers = resolveAllBrowserApps(userId); final String browserPkg = (allBrowsers.size() == 1) ? allBrowsers.get(0) : null; mSettings.setDefaultBrowserPackageNameLPw(browserPkg, userId); } private List
resolveAllBrowserApps(int userId) { // Resolve the canonical browser intent and check that the handleAllWebDataURI boolean is set List
list = queryIntentActivities(sBrowserIntent, null, PackageManager.MATCH_ALL, userId); final int count = list.size(); List
result = new ArrayList
(count); for (int i=0; i
list = queryIntentActivities(sBrowserIntent, null, PackageManager.MATCH_ALL, userId); final int N = list.size(); for (int i = 0; i < N; i++) { ResolveInfo info = list.get(i); if (packageName.equals(info.activityInfo.packageName)) { return true; } } return false; } private void checkDefaultBrowser() { final int myUserId = UserHandle.myUserId(); final String packageName = getDefaultBrowserPackageName(myUserId); if (packageName != null) { PackageInfo info = getPackageInfo(packageName, 0, myUserId); if (info == null) { Slog.w(TAG, "Default browser no longer installed: " + packageName); synchronized (mPackages) { applyFactoryDefaultBrowserLPw(myUserId); // leaves ambiguous when > 1 } } } } @Override public boolean onTransact(int code, Parcel data, Parcel reply, int flags) throws RemoteException { try { return super.onTransact(code, data, reply, flags); } catch (RuntimeException e) { if (!(e instanceof SecurityException) && !(e instanceof IllegalArgumentException)) { Slog.wtf(TAG, "Package Manager Crash", e); } throw e; } } void cleanupInstallFailedPackage(PackageSetting ps) { logCriticalInfo(Log.WARN, "Cleaning up incompletely installed app: " + ps.name); removeDataDirsLI(ps.volumeUuid, ps.name); if (ps.codePath != null) { if (ps.codePath.isDirectory()) { mInstaller.rmPackageDir(ps.codePath.getAbsolutePath()); } else { ps.codePath.delete(); } } if (ps.resourcePath != null && !ps.resourcePath.equals(ps.codePath)) { if (ps.resourcePath.isDirectory()) { FileUtils.deleteContents(ps.resourcePath); } ps.resourcePath.delete(); } mSettings.removePackageLPw(ps.name); } static int[] appendInts(int[] cur, int[] add) { if (add == null) return cur; if (cur == null) return add; final int N = add.length; for (int i=0; i
permissions = permissionsState.getPermissions(userId); final PackageUserState state = ps.readUserState(userId); return PackageParser.generatePackageInfo(p, gids, flags, ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); } @Override public boolean isPackageFrozen(String packageName) { synchronized (mPackages) { final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { return ps.frozen; } } Slog.w(TAG, "Package " + packageName + " is missing; assuming frozen"); return true; } @Override public boolean isPackageAvailable(String packageName, int userId) { if (!sUserManager.exists(userId)) return false; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "is package available"); synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if (p != null) { final PackageSetting ps = (PackageSetting) p.mExtras; if (ps != null) { final PackageUserState state = ps.readUserState(userId); if (state != null) { return PackageParser.isAvailable(state); } } } } return false; } @Override public PackageInfo getPackageInfo(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get package info"); // reader synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if (DEBUG_PACKAGE_INFO) Log.v(TAG, "getPackageInfo " + packageName + ": " + p); if (p != null) { return generatePackageInfo(p, flags, userId); } if((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0) { return generatePackageInfoFromSettingsLPw(packageName, flags, userId); } } return null; } @Override public String[] currentToCanonicalPackageNames(String[] names) { String[] out = new String[names.length]; // reader synchronized (mPackages) { for (int i=names.length-1; i>=0; i--) { PackageSetting ps = mSettings.mPackages.get(names[i]); out[i] = ps != null && ps.realName != null ? ps.realName : names[i]; } } return out; } @Override public String[] canonicalToCurrentPackageNames(String[] names) { String[] out = new String[names.length]; // reader synchronized (mPackages) { for (int i=names.length-1; i>=0; i--) { String cur = mSettings.mRenamedPackages.get(names[i]); out[i] = cur != null ? cur : names[i]; } } return out; } @Override public int getPackageUid(String packageName, int userId) { return getPackageUidEtc(packageName, 0, userId); } @Override public int getPackageUidEtc(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return -1; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get package uid"); // reader synchronized (mPackages) { final PackageParser.Package p = mPackages.get(packageName); if (p != null) { return UserHandle.getUid(userId, p.applicationInfo.uid); } if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0) { final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { return UserHandle.getUid(userId, ps.appId); } } } return -1; } @Override public int[] getPackageGids(String packageName, int userId) { return getPackageGidsEtc(packageName, 0, userId); } @Override public int[] getPackageGidsEtc(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) { return null; } enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "getPackageGids"); // reader synchronized (mPackages) { final PackageParser.Package p = mPackages.get(packageName); if (p != null) { PackageSetting ps = (PackageSetting) p.mExtras; return ps.getPermissionsState().computeGids(userId); } if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0) { final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { return ps.getPermissionsState().computeGids(userId); } } } return null; } static PermissionInfo generatePermissionInfo( BasePermission bp, int flags) { if (bp.perm != null) { return PackageParser.generatePermissionInfo(bp.perm, flags); } PermissionInfo pi = new PermissionInfo(); pi.name = bp.name; pi.packageName = bp.sourcePackage; pi.nonLocalizedLabel = bp.name; pi.protectionLevel = bp.protectionLevel; return pi; } @Override public PermissionInfo getPermissionInfo(String name, int flags) { // reader synchronized (mPackages) { final BasePermission p = mSettings.mPermissions.get(name); if (p != null) { return generatePermissionInfo(p, flags); } return null; } } @Override public List
queryPermissionsByGroup(String group, int flags) { // reader synchronized (mPackages) { ArrayList
out = new ArrayList
(10); for (BasePermission p : mSettings.mPermissions.values()) { if (group == null) { if (p.perm == null || p.perm.info.group == null) { out.add(generatePermissionInfo(p, flags)); } } else { if (p.perm != null && group.equals(p.perm.info.group)) { out.add(PackageParser.generatePermissionInfo(p.perm, flags)); } } } if (out.size() > 0) { return out; } return mPermissionGroups.containsKey(group) ? out : null; } } @Override public PermissionGroupInfo getPermissionGroupInfo(String name, int flags) { // reader synchronized (mPackages) { return PackageParser.generatePermissionGroupInfo( mPermissionGroups.get(name), flags); } } @Override public List
getAllPermissionGroups(int flags) { // reader synchronized (mPackages) { final int N = mPermissionGroups.size(); ArrayList
out = new ArrayList
(N); for (PackageParser.PermissionGroup pg : mPermissionGroups.values()) { out.add(PackageParser.generatePermissionGroupInfo(pg, flags)); } return out; } } private ApplicationInfo generateApplicationInfoFromSettingsLPw(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { if (ps.pkg == null) { PackageInfo pInfo = generatePackageInfoFromSettingsLPw(packageName, flags, userId); if (pInfo != null) { return pInfo.applicationInfo; } return null; } return PackageParser.generateApplicationInfo(ps.pkg, flags, ps.readUserState(userId), userId); } return null; } private PackageInfo generatePackageInfoFromSettingsLPw(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { PackageParser.Package pkg = ps.pkg; if (pkg == null) { if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) == 0) { return null; } // Only data remains, so we aren't worried about code paths pkg = new PackageParser.Package(packageName); pkg.applicationInfo.packageName = packageName; pkg.applicationInfo.flags = ps.pkgFlags | ApplicationInfo.FLAG_IS_DATA_ONLY; pkg.applicationInfo.privateFlags = ps.pkgPrivateFlags; pkg.applicationInfo.dataDir = Environment .getDataUserPackageDirectory(ps.volumeUuid, userId, packageName) .getAbsolutePath(); pkg.applicationInfo.primaryCpuAbi = ps.primaryCpuAbiString; pkg.applicationInfo.secondaryCpuAbi = ps.secondaryCpuAbiString; } return generatePackageInfo(pkg, flags, userId); } return null; } @Override public ApplicationInfo getApplicationInfo(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get application info"); // writer synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getApplicationInfo " + packageName + ": " + p); if (p != null) { PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null) return null; // Note: isEnabledLP() does not apply here - always return info return PackageParser.generateApplicationInfo( p, flags, ps.readUserState(userId), userId); } if ("android".equals(packageName)||"system".equals(packageName)) { return mAndroidApplication; } if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0) { return generateApplicationInfoFromSettingsLPw(packageName, flags, userId); } } return null; } @Override public void freeStorageAndNotify(final String volumeUuid, final long freeStorageSize, final IPackageDataObserver observer) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.CLEAR_APP_CACHE, null); // Queue up an async operation since clearing cache may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); int retCode = -1; synchronized (mInstallLock) { retCode = mInstaller.freeCache(volumeUuid, freeStorageSize); if (retCode < 0) { Slog.w(TAG, "Couldn't clear application caches"); } } if (observer != null) { try { observer.onRemoveCompleted(null, (retCode >= 0)); } catch (RemoteException e) { Slog.w(TAG, "RemoveException when invoking call back"); } } } }); } @Override public void freeStorage(final String volumeUuid, final long freeStorageSize, final IntentSender pi) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.CLEAR_APP_CACHE, null); // Queue up an async operation since clearing cache may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); int retCode = -1; synchronized (mInstallLock) { retCode = mInstaller.freeCache(volumeUuid, freeStorageSize); if (retCode < 0) { Slog.w(TAG, "Couldn't clear application caches"); } } if(pi != null) { try { // Callback via pending intent int code = (retCode >= 0) ? 1 : 0; pi.sendIntent(null, code, null, null, null); } catch (SendIntentException e1) { Slog.i(TAG, "Failed to send pending intent"); } } } }); } void freeStorage(String volumeUuid, long freeStorageSize) throws IOException { synchronized (mInstallLock) { if (mInstaller.freeCache(volumeUuid, freeStorageSize) < 0) { throw new IOException("Failed to free enough space"); } } } @Override public ActivityInfo getActivityInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get activity info"); synchronized (mPackages) { PackageParser.Activity a = mActivities.mActivities.get(component); if (DEBUG_PACKAGE_INFO) Log.v(TAG, "getActivityInfo " + component + ": " + a); if (a != null && mSettings.isEnabledLPr(a.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateActivityInfo(a, flags, ps.readUserState(userId), userId); } if (mResolveComponentName.equals(component)) { return PackageParser.generateActivityInfo(mResolveActivity, flags, new PackageUserState(), userId); } } return null; } @Override public boolean activitySupportsIntent(ComponentName component, Intent intent, String resolvedType) { synchronized (mPackages) { if (component.equals(mResolveComponentName)) { // The resolver supports EVERYTHING! return true; } PackageParser.Activity a = mActivities.mActivities.get(component); if (a == null) { return false; } for (int i=0; i
= 0) { return true; } } return false; } } @Override public ActivityInfo getReceiverInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get receiver info"); synchronized (mPackages) { PackageParser.Activity a = mReceivers.mActivities.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getReceiverInfo " + component + ": " + a); if (a != null && mSettings.isEnabledLPr(a.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateActivityInfo(a, flags, ps.readUserState(userId), userId); } } return null; } @Override public ServiceInfo getServiceInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get service info"); synchronized (mPackages) { PackageParser.Service s = mServices.mServices.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getServiceInfo " + component + ": " + s); if (s != null && mSettings.isEnabledLPr(s.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateServiceInfo(s, flags, ps.readUserState(userId), userId); } } return null; } @Override public ProviderInfo getProviderInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get provider info"); synchronized (mPackages) { PackageParser.Provider p = mProviders.mProviders.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getProviderInfo " + component + ": " + p); if (p != null && mSettings.isEnabledLPr(p.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateProviderInfo(p, flags, ps.readUserState(userId), userId); } } return null; } @Override public String[] getSystemSharedLibraryNames() { Set
libSet; synchronized (mPackages) { libSet = mSharedLibraries.keySet(); int size = libSet.size(); if (size > 0) { String[] libs = new String[size]; libSet.toArray(libs); return libs; } } return null; } /** * @hide */ PackageParser.Package findSharedNonSystemLibrary(String libName) { synchronized (mPackages) { PackageManagerService.SharedLibraryEntry lib = mSharedLibraries.get(libName); if (lib != null && lib.apk != null) { return mPackages.get(lib.apk); } } return null; } @Override public FeatureInfo[] getSystemAvailableFeatures() { Collection
featSet; synchronized (mPackages) { featSet = mAvailableFeatures.values(); int size = featSet.size(); if (size > 0) { FeatureInfo[] features = new FeatureInfo[size+1]; featSet.toArray(features); FeatureInfo fi = new FeatureInfo(); fi.reqGlEsVersion = SystemProperties.getInt("ro.opengles.version", FeatureInfo.GL_ES_VERSION_UNDEFINED); features[size] = fi; return features; } } return null; } @Override public boolean hasSystemFeature(String name) { synchronized (mPackages) { return mAvailableFeatures.containsKey(name); } } private void checkValidCaller(int uid, int userId) { if (UserHandle.getUserId(uid) == userId || uid == Process.SYSTEM_UID || uid == 0) return; throw new SecurityException("Caller uid=" + uid + " is not privileged to communicate with user=" + userId); } @Override public int checkPermission(String permName, String pkgName, int userId) { if (!sUserManager.exists(userId)) { return PackageManager.PERMISSION_DENIED; } synchronized (mPackages) { final PackageParser.Package p = mPackages.get(pkgName); if (p != null && p.mExtras != null) { final PackageSetting ps = (PackageSetting) p.mExtras; final PermissionsState permissionsState = ps.getPermissionsState(); if (permissionsState.hasPermission(permName, userId)) { return PackageManager.PERMISSION_GRANTED; } // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { return PackageManager.PERMISSION_GRANTED; } } } return PackageManager.PERMISSION_DENIED; } @Override public int checkUidPermission(String permName, int uid) { final int userId = UserHandle.getUserId(uid); if (!sUserManager.exists(userId)) { return PackageManager.PERMISSION_DENIED; } synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj != null) { final SettingBase ps = (SettingBase) obj; final PermissionsState permissionsState = ps.getPermissionsState(); if (permissionsState.hasPermission(permName, userId)) { return PackageManager.PERMISSION_GRANTED; } // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { return PackageManager.PERMISSION_GRANTED; } } else { ArraySet
perms = mSystemPermissions.get(uid); if (perms != null) { if (perms.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms .contains(Manifest.permission.ACCESS_FINE_LOCATION)) { return PackageManager.PERMISSION_GRANTED; } } } } return PackageManager.PERMISSION_DENIED; } @Override public boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId) { if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "isPermissionRevokedByPolicy for user " + userId); } if (checkPermission(permission, packageName, userId) == PackageManager.PERMISSION_GRANTED) { return false; } final long identity = Binder.clearCallingIdentity(); try { final int flags = getPermissionFlags(permission, packageName, userId); return (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0; } finally { Binder.restoreCallingIdentity(identity); } } @Override public String getPermissionControllerPackageName() { synchronized (mPackages) { return mRequiredInstallerPackage; } } /** * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller. * @param checkShell TODO(yamasani): * @param message the message to log on security exception */ void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, String message) { if (userId < 0) { throw new IllegalArgumentException("Invalid userId " + userId); } if (checkShell) { enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId); } if (userId == UserHandle.getUserId(callingUid)) return; if (callingUid != Process.SYSTEM_UID && callingUid != 0) { if (requireFullPermission) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); } else { try { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); } catch (SecurityException se) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS, message); } } } } void enforceShellRestriction(String restriction, int callingUid, int userHandle) { if (callingUid == Process.SHELL_UID) { if (userHandle >= 0 && sUserManager.hasUserRestriction(restriction, userHandle)) { throw new SecurityException("Shell does not have permission to access user " + userHandle); } else if (userHandle < 0) { Slog.e(TAG, "Unable to check shell permission for user " + userHandle + "\n\t" + Debug.getCallers(3)); } } } private BasePermission findPermissionTreeLP(String permName) { for(BasePermission bp : mSettings.mPermissionTrees.values()) { if (permName.startsWith(bp.name) && permName.length() > bp.name.length() && permName.charAt(bp.name.length()) == '.') { return bp; } } return null; } private BasePermission checkPermissionTreeLP(String permName) { if (permName != null) { BasePermission bp = findPermissionTreeLP(permName); if (bp != null) { if (bp.uid == UserHandle.getAppId(Binder.getCallingUid())) { return bp; } throw new SecurityException("Calling uid " + Binder.getCallingUid() + " is not allowed to add to permission tree " + bp.name + " owned by uid " + bp.uid); } } throw new SecurityException("No permission tree found for " + permName); } static boolean compareStrings(CharSequence s1, CharSequence s2) { if (s1 == null) { return s2 == null; } if (s2 == null) { return false; } if (s1.getClass() != s2.getClass()) { return false; } return s1.equals(s2); } static boolean comparePermissionInfos(PermissionInfo pi1, PermissionInfo pi2) { if (pi1.icon != pi2.icon) return false; if (pi1.logo != pi2.logo) return false; if (pi1.protectionLevel != pi2.protectionLevel) return false; if (!compareStrings(pi1.name, pi2.name)) return false; if (!compareStrings(pi1.nonLocalizedLabel, pi2.nonLocalizedLabel)) return false; // We'll take care of setting this one. if (!compareStrings(pi1.packageName, pi2.packageName)) return false; // These are not currently stored in settings. //if (!compareStrings(pi1.group, pi2.group)) return false; //if (!compareStrings(pi1.nonLocalizedDescription, pi2.nonLocalizedDescription)) return false; //if (pi1.labelRes != pi2.labelRes) return false; //if (pi1.descriptionRes != pi2.descriptionRes) return false; return true; } int permissionInfoFootprint(PermissionInfo info) { int size = info.name.length(); if (info.nonLocalizedLabel != null) size += info.nonLocalizedLabel.length(); if (info.nonLocalizedDescription != null) size += info.nonLocalizedDescription.length(); return size; } int calculateCurrentPermissionFootprintLocked(BasePermission tree) { int size = 0; for (BasePermission perm : mSettings.mPermissions.values()) { if (perm.uid == tree.uid) { size += perm.name.length() + permissionInfoFootprint(perm.perm.info); } } return size; } void enforcePermissionCapLocked(PermissionInfo info, BasePermission tree) { // We calculate the max size of permissions defined by this uid and throw // if that plus the size of 'info' would exceed our stated maximum. if (tree.uid != Process.SYSTEM_UID) { final int curTreeSize = calculateCurrentPermissionFootprintLocked(tree); if (curTreeSize + permissionInfoFootprint(info) > MAX_PERMISSION_TREE_FOOTPRINT) { throw new SecurityException("Permission tree size cap exceeded"); } } } boolean addPermissionLocked(PermissionInfo info, boolean async) { if (info.labelRes == 0 && info.nonLocalizedLabel == null) { throw new SecurityException("Label must be specified in permission"); } BasePermission tree = checkPermissionTreeLP(info.name); BasePermission bp = mSettings.mPermissions.get(info.name); boolean added = bp == null; boolean changed = true; int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel); if (added) { enforcePermissionCapLocked(info, tree); bp = new BasePermission(info.name, tree.sourcePackage, BasePermission.TYPE_DYNAMIC); } else if (bp.type != BasePermission.TYPE_DYNAMIC) { throw new SecurityException( "Not allowed to modify non-dynamic permission " + info.name); } else { if (bp.protectionLevel == fixedLevel && bp.perm.owner.equals(tree.perm.owner) && bp.uid == tree.uid && comparePermissionInfos(bp.perm.info, info)) { changed = false; } } bp.protectionLevel = fixedLevel; info = new PermissionInfo(info); info.protectionLevel = fixedLevel; bp.perm = new PackageParser.Permission(tree.perm.owner, info); bp.perm.info.packageName = tree.perm.info.packageName; bp.uid = tree.uid; if (added) { mSettings.mPermissions.put(info.name, bp); } if (changed) { if (!async) { mSettings.writeLPr(); } else { scheduleWriteSettingsLocked(); } } return added; } @Override public boolean addPermission(PermissionInfo info) { synchronized (mPackages) { return addPermissionLocked(info, false); } } @Override public boolean addPermissionAsync(PermissionInfo info) { synchronized (mPackages) { return addPermissionLocked(info, true); } } @Override public void removePermission(String name) { synchronized (mPackages) { checkPermissionTreeLP(name); BasePermission bp = mSettings.mPermissions.get(name); if (bp != null) { if (bp.type != BasePermission.TYPE_DYNAMIC) { throw new SecurityException( "Not allowed to modify non-dynamic permission " + name); } mSettings.mPermissions.remove(name); mSettings.writeLPr(); } } } private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(PackageParser.Package pkg, BasePermission bp) { int index = pkg.requestedPermissions.indexOf(bp.name); if (index == -1) { throw new SecurityException("Package " + pkg.packageName + " has not requested permission " + bp.name); } if (!bp.isRuntime() && !bp.isDevelopment()) { throw new SecurityException("Permission " + bp.name + " is not a changeable permission type"); } } @Override public void grantRuntimePermission(String packageName, String name, final int userId) { if (!sUserManager.exists(userId)) { Log.e(TAG, "No such user:" + userId); return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, "grantRuntimePermission"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "grantRuntimePermission"); final int uid; final SettingBase sb; synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.mPermissions.get(name); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + name); } enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(pkg, bp); uid = UserHandle.getUid(userId, pkg.applicationInfo.uid); sb = (SettingBase) pkg.mExtras; if (sb == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final PermissionsState permissionsState = sb.getPermissionsState(); final int flags = permissionsState.getPermissionFlags(name, userId); if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { throw new SecurityException("Cannot grant system fixed permission: " + name + " for package: " + packageName); } if (bp.isDevelopment()) { // Development permissions must be handled specially, since they are not // normal runtime permissions. For now they apply to all users. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { scheduleWriteSettingsLocked(); } return; } final int result = permissionsState.grantRuntimePermission(bp, userId); switch (result) { case PermissionsState.PERMISSION_OPERATION_FAILURE: { return; } case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { final int appId = UserHandle.getAppId(pkg.applicationInfo.uid); mHandler.post(new Runnable() { @Override public void run() { killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED); } }); } break; } mOnPermissionChangeListeners.onPermissionsChanged(uid); // Not critical if that is lost - app has to request again. mSettings.writeRuntimePermissionsForUserLPr(userId, false); } // Only need to do this if user is initialized. Otherwise it's a new user // and there are no processes running as the user yet and there's no need // to make an expensive call to remount processes for the changed permissions. if (READ_EXTERNAL_STORAGE.equals(name) || WRITE_EXTERNAL_STORAGE.equals(name)) { final long token = Binder.clearCallingIdentity(); try { if (sUserManager.isInitialized(userId)) { MountServiceInternal mountServiceInternal = LocalServices.getService( MountServiceInternal.class); mountServiceInternal.onExternalStoragePolicyChanged(uid, packageName); } } finally { Binder.restoreCallingIdentity(token); } } } @Override public void revokeRuntimePermission(String packageName, String name, int userId) { if (!sUserManager.exists(userId)) { Log.e(TAG, "No such user:" + userId); return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, "revokeRuntimePermission"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "revokeRuntimePermission"); final int appId; synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.mPermissions.get(name); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + name); } enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(pkg, bp); SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final PermissionsState permissionsState = sb.getPermissionsState(); final int flags = permissionsState.getPermissionFlags(name, userId); if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { throw new SecurityException("Cannot revoke system fixed permission: " + name + " for package: " + packageName); } if (bp.isDevelopment()) { // Development permissions must be handled specially, since they are not // normal runtime permissions. For now they apply to all users. if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { scheduleWriteSettingsLocked(); } return; } if (permissionsState.revokeRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { return; } mOnPermissionChangeListeners.onPermissionsChanged(pkg.applicationInfo.uid); // Critical, after this call app should never have the permission. mSettings.writeRuntimePermissionsForUserLPr(userId, true); appId = UserHandle.getAppId(pkg.applicationInfo.uid); } killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED); } @Override public void resetRuntimePermissions() { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, "revokeRuntimePermission"); int callingUid = Binder.getCallingUid(); if (callingUid != Process.SYSTEM_UID && callingUid != 0) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "resetRuntimePermissions"); } synchronized (mPackages) { updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); for (int userId : UserManagerService.getInstance().getUserIds()) { final int packageCount = mPackages.size(); for (int i = 0; i < packageCount; i++) { PackageParser.Package pkg = mPackages.valueAt(i); if (!(pkg.mExtras instanceof PackageSetting)) { continue; } PackageSetting ps = (PackageSetting) pkg.mExtras; resetUserChangesToRuntimePermissionsAndFlagsLPw(ps, userId); } } } } @Override public int getPermissionFlags(String name, String packageName, int userId) { if (!sUserManager.exists(userId)) { return 0; } enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "getPermissionFlags"); synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.mPermissions.get(name); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + name); } SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } PermissionsState permissionsState = sb.getPermissionsState(); return permissionsState.getPermissionFlags(name, userId); } } @Override public void updatePermissionFlags(String name, String packageName, int flagMask, int flagValues, int userId) { if (!sUserManager.exists(userId)) { return; } enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "updatePermissionFlags"); // Only the system can change these flags and nothing else. if (getCallingUid() != Process.SYSTEM_UID) { flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; } synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.mPermissions.get(name); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + name); } SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } PermissionsState permissionsState = sb.getPermissionsState(); // Only the package manager can change flags for system component permissions. final int flags = permissionsState.getPermissionFlags(bp.name, userId); if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { return; } boolean hadState = permissionsState.getRuntimePermissionState(name, userId) != null; if (permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues)) { // Install and runtime permissions are stored in different places, // so figure out what permission changed and persist the change. if (permissionsState.getInstallPermissionState(name) != null) { scheduleWriteSettingsLocked(); } else if (permissionsState.getRuntimePermissionState(name, userId) != null || hadState) { mSettings.writeRuntimePermissionsForUserLPr(userId, false); } } } } /** * Update the permission flags for all packages and runtime permissions of a user in order * to allow device or profile owner to remove POLICY_FIXED. */ @Override public void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId) { if (!sUserManager.exists(userId)) { return; } enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlagsForAllApps"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "updatePermissionFlagsForAllApps"); // Only the system can change system fixed flags. if (getCallingUid() != Process.SYSTEM_UID) { flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; } synchronized (mPackages) { boolean changed = false; final int packageCount = mPackages.size(); for (int pkgIndex = 0; pkgIndex < packageCount; pkgIndex++) { final PackageParser.Package pkg = mPackages.valueAt(pkgIndex); SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { continue; } PermissionsState permissionsState = sb.getPermissionsState(); changed |= permissionsState.updatePermissionFlagsForAllPermissions( userId, flagMask, flagValues); } if (changed) { mSettings.writeRuntimePermissionsForUserLPr(userId, false); } } } private void enforceGrantRevokeRuntimePermissionPermissions(String message) { if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS) != PackageManager.PERMISSION_GRANTED && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException(message + " requires " + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or " + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); } } @Override public boolean shouldShowRequestPermissionRationale(String permissionName, String packageName, int userId) { if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "canShowRequestPermissionRationale for user " + userId); } final int uid = getPackageUid(packageName, userId); if (UserHandle.getAppId(getCallingUid()) != UserHandle.getAppId(uid)) { return false; } if (checkPermission(permissionName, packageName, userId) == PackageManager.PERMISSION_GRANTED) { return false; } final int flags; final long identity = Binder.clearCallingIdentity(); try { flags = getPermissionFlags(permissionName, packageName, userId); } finally { Binder.restoreCallingIdentity(identity); } final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED | PackageManager.FLAG_PERMISSION_POLICY_FIXED | PackageManager.FLAG_PERMISSION_USER_FIXED; if ((flags & fixedFlags) != 0) { return false; } return (flags & PackageManager.FLAG_PERMISSION_USER_SET) != 0; } @Override public void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener) { mContext.enforceCallingOrSelfPermission( Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS, "addOnPermissionsChangeListener"); synchronized (mPackages) { mOnPermissionChangeListeners.addListenerLocked(listener); } } @Override public void removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener) { synchronized (mPackages) { mOnPermissionChangeListeners.removeListenerLocked(listener); } } @Override public boolean isProtectedBroadcast(String actionName) { synchronized (mPackages) { return mProtectedBroadcasts.contains(actionName); } } @Override public int checkSignatures(String pkg1, String pkg2) { synchronized (mPackages) { final PackageParser.Package p1 = mPackages.get(pkg1); final PackageParser.Package p2 = mPackages.get(pkg2); if (p1 == null || p1.mExtras == null || p2 == null || p2.mExtras == null) { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } return compareSignatures(p1.mSignatures, p2.mSignatures); } } @Override public int checkUidSignatures(int uid1, int uid2) { // Map to base uids. uid1 = UserHandle.getAppId(uid1); uid2 = UserHandle.getAppId(uid2); // reader synchronized (mPackages) { Signature[] s1; Signature[] s2; Object obj = mSettings.getUserIdLPr(uid1); if (obj != null) { if (obj instanceof SharedUserSetting) { s1 = ((SharedUserSetting)obj).signatures.mSignatures; } else if (obj instanceof PackageSetting) { s1 = ((PackageSetting)obj).signatures.mSignatures; } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } obj = mSettings.getUserIdLPr(uid2); if (obj != null) { if (obj instanceof SharedUserSetting) { s2 = ((SharedUserSetting)obj).signatures.mSignatures; } else if (obj instanceof PackageSetting) { s2 = ((PackageSetting)obj).signatures.mSignatures; } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } return compareSignatures(s1, s2); } } private void killUid(int appId, int userId, String reason) { final long identity = Binder.clearCallingIdentity(); try { IActivityManager am = ActivityManagerNative.getDefault(); if (am != null) { try { am.killUid(appId, userId, reason); } catch (RemoteException e) { /* ignore - same process */ } } } finally { Binder.restoreCallingIdentity(identity); } } /** * Compares two sets of signatures. Returns: *
* {@link PackageManager#SIGNATURE_NEITHER_SIGNED}: if both signature sets are null, *
* {@link PackageManager#SIGNATURE_FIRST_NOT_SIGNED}: if the first signature set is null, *
* {@link PackageManager#SIGNATURE_SECOND_NOT_SIGNED}: if the second signature set is null, *
* {@link PackageManager#SIGNATURE_MATCH}: if the two signature sets are identical, *
* {@link PackageManager#SIGNATURE_NO_MATCH}: if the two signature sets differ. */ static int compareSignatures(Signature[] s1, Signature[] s2) { if (s1 == null) { return s2 == null ? PackageManager.SIGNATURE_NEITHER_SIGNED : PackageManager.SIGNATURE_FIRST_NOT_SIGNED; } if (s2 == null) { return PackageManager.SIGNATURE_SECOND_NOT_SIGNED; } if (s1.length != s2.length) { return PackageManager.SIGNATURE_NO_MATCH; } // Since both signature sets are of size 1, we can compare without HashSets. if (s1.length == 1) { return s1[0].equals(s2[0]) ? PackageManager.SIGNATURE_MATCH : PackageManager.SIGNATURE_NO_MATCH; } ArraySet
set1 = new ArraySet
(); for (Signature sig : s1) { set1.add(sig); } ArraySet
set2 = new ArraySet
(); for (Signature sig : s2) { set2.add(sig); } // Make sure s2 contains all signatures in s1. if (set1.equals(set2)) { return PackageManager.SIGNATURE_MATCH; } return PackageManager.SIGNATURE_NO_MATCH; } /** * If the database version for this type of package (internal storage or * external storage) is less than the version where package signatures * were updated, return true. */ private boolean isCompatSignatureUpdateNeeded(PackageParser.Package scannedPkg) { final VersionInfo ver = getSettingsVersionForPackage(scannedPkg); return ver.databaseVersion < DatabaseVersion.SIGNATURE_END_ENTITY; } /** * Used for backward compatibility to make sure any packages with * certificate chains get upgraded to the new style. {@code existingSigs} * will be in the old format (since they were stored on disk from before the * system upgrade) and {@code scannedSigs} will be in the newer format. */ private int compareSignaturesCompat(PackageSignatures existingSigs, PackageParser.Package scannedPkg) { if (!isCompatSignatureUpdateNeeded(scannedPkg)) { return PackageManager.SIGNATURE_NO_MATCH; } ArraySet
existingSet = new ArraySet
(); for (Signature sig : existingSigs.mSignatures) { existingSet.add(sig); } ArraySet
scannedCompatSet = new ArraySet
(); for (Signature sig : scannedPkg.mSignatures) { try { Signature[] chainSignatures = sig.getChainSignatures(); for (Signature chainSig : chainSignatures) { scannedCompatSet.add(chainSig); } } catch (CertificateEncodingException e) { scannedCompatSet.add(sig); } } /* * Make sure the expanded scanned set contains all signatures in the * existing one. */ if (scannedCompatSet.equals(existingSet)) { // Migrate the old signatures to the new scheme. existingSigs.assignSignatures(scannedPkg.mSignatures); // The new KeySets will be re-added later in the scanning process. synchronized (mPackages) { mSettings.mKeySetManagerService.removeAppKeySetDataLPw(scannedPkg.packageName); } return PackageManager.SIGNATURE_MATCH; } return PackageManager.SIGNATURE_NO_MATCH; } private boolean isRecoverSignatureUpdateNeeded(PackageParser.Package scannedPkg) { final VersionInfo ver = getSettingsVersionForPackage(scannedPkg); return ver.databaseVersion < DatabaseVersion.SIGNATURE_MALFORMED_RECOVER; } private int compareSignaturesRecover(PackageSignatures existingSigs, PackageParser.Package scannedPkg) { if (!isRecoverSignatureUpdateNeeded(scannedPkg)) { return PackageManager.SIGNATURE_NO_MATCH; } String msg = null; try { if (Signature.areEffectiveMatch(existingSigs.mSignatures, scannedPkg.mSignatures)) { logCriticalInfo(Log.INFO, "Recovered effectively matching certificates for " + scannedPkg.packageName); return PackageManager.SIGNATURE_MATCH; } } catch (CertificateException e) { msg = e.getMessage(); } logCriticalInfo(Log.INFO, "Failed to recover certificates for " + scannedPkg.packageName + ": " + msg); return PackageManager.SIGNATURE_NO_MATCH; } @Override public String[] getPackagesForUid(int uid) { uid = UserHandle.getAppId(uid); // reader synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(uid); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; final int N = sus.packages.size(); final String[] res = new String[N]; final Iterator
it = sus.packages.iterator(); int i = 0; while (it.hasNext()) { res[i++] = it.next().name; } return res; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return new String[] { ps.name }; } } return null; } @Override public String getNameForUid(int uid) { // reader synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; return sus.name + ":" + sus.userId; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.name; } } return null; } @Override public int getUidForSharedUser(String sharedUserName) { if(sharedUserName == null) { return -1; } // reader synchronized (mPackages) { final SharedUserSetting suid = mSettings.getSharedUserLPw(sharedUserName, 0, 0, false); if (suid == null) { return -1; } return suid.userId; } } @Override public int getFlagsForUid(int uid) { synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; return sus.pkgFlags; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.pkgFlags; } } return 0; } @Override public int getPrivateFlagsForUid(int uid) { synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; return sus.pkgPrivateFlags; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.pkgPrivateFlags; } } return 0; } @Override public boolean isUidPrivileged(int uid) { uid = UserHandle.getAppId(uid); // reader synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(uid); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; final Iterator
it = sus.packages.iterator(); while (it.hasNext()) { if (it.next().isPrivileged()) { return true; } } } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.isPrivileged(); } } return false; } @Override public String[] getAppOpPermissionPackages(String permissionName) { synchronized (mPackages) { ArraySet
pkgs = mAppOpPermissionPackages.get(permissionName); if (pkgs == null) { return null; } return pkgs.toArray(new String[pkgs.size()]); } } @Override public ResolveInfo resolveIntent(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "resolve intent"); List
query = queryIntentActivities(intent, resolvedType, flags, userId); return chooseBestActivity(intent, resolvedType, flags, query, userId); } @Override public void setLastChosenActivity(Intent intent, String resolvedType, int flags, IntentFilter filter, int match, ComponentName activity) { final int userId = UserHandle.getCallingUserId(); if (DEBUG_PREFERRED) { Log.v(TAG, "setLastChosenActivity intent=" + intent + " resolvedType=" + resolvedType + " flags=" + flags + " filter=" + filter + " match=" + match + " activity=" + activity); filter.dump(new PrintStreamPrinter(System.out), " "); } intent.setComponent(null); List
query = queryIntentActivities(intent, resolvedType, flags, userId); // Find any earlier preferred or last chosen entries and nuke them findPreferredActivity(intent, resolvedType, flags, query, 0, false, true, false, userId); // Add the new activity as the last chosen for this filter addPreferredActivityInternal(filter, match, null, activity, false, userId, "Setting last chosen"); } @Override public ResolveInfo getLastChosenActivity(Intent intent, String resolvedType, int flags) { final int userId = UserHandle.getCallingUserId(); if (DEBUG_PREFERRED) Log.v(TAG, "Querying last chosen activity for " + intent); List
query = queryIntentActivities(intent, resolvedType, flags, userId); return findPreferredActivity(intent, resolvedType, flags, query, 0, false, false, false, userId); } private ResolveInfo chooseBestActivity(Intent intent, String resolvedType, int flags, List
query, int userId) { if (query != null) { final int N = query.size(); if (N == 1) { return query.get(0); } else if (N > 1) { final boolean debug = ((intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0); // If there is more than one activity with the same priority, // then let the user decide between them. ResolveInfo r0 = query.get(0); ResolveInfo r1 = query.get(1); if (DEBUG_INTENT_MATCHING || debug) { Slog.v(TAG, r0.activityInfo.name + "=" + r0.priority + " vs " + r1.activityInfo.name + "=" + r1.priority); } // If the first activity has a higher priority, or a different // default, then it is always desireable to pick it. if (r0.priority != r1.priority || r0.preferredOrder != r1.preferredOrder || r0.isDefault != r1.isDefault) { return query.get(0); } // If we have saved a preference for a preferred activity for // this Intent, use that. ResolveInfo ri = findPreferredActivity(intent, resolvedType, flags, query, r0.priority, true, false, debug, userId); if (ri != null) { return ri; } ri = new ResolveInfo(mResolveInfo); ri.activityInfo = new ActivityInfo(ri.activityInfo); ri.activityInfo.applicationInfo = new ApplicationInfo( ri.activityInfo.applicationInfo); if (userId != 0) { ri.activityInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(ri.activityInfo.applicationInfo.uid)); } // Make sure that the resolver is displayable in car mode if (ri.activityInfo.metaData == null) ri.activityInfo.metaData = new Bundle(); ri.activityInfo.metaData.putBoolean(Intent.METADATA_DOCK_HOME, true); return ri; } } return null; } private ResolveInfo findPersistentPreferredActivityLP(Intent intent, String resolvedType, int flags, List
query, boolean debug, int userId) { final int N = query.size(); PersistentPreferredIntentResolver ppir = mSettings.mPersistentPreferredActivities .get(userId); // Get the list of persistent preferred activities that handle the intent if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Looking for presistent preferred activities..."); List
pprefs = ppir != null ? ppir.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId) : null; if (pprefs != null && pprefs.size() > 0) { final int M = pprefs.size(); for (int i=0; i
") + "\n component=" + ppa.mComponent); ppa.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); } final ActivityInfo ai = getActivityInfo(ppa.mComponent, flags | PackageManager.GET_DISABLED_COMPONENTS, userId); if (DEBUG_PREFERRED || debug) { Slog.v(TAG, "Found persistent preferred activity:"); if (ai != null) { ai.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); } else { Slog.v(TAG, " null"); } } if (ai == null) { // This previously registered persistent preferred activity // component is no longer known. Ignore it and do NOT remove it. continue; } for (int j=0; j
query, int priority, boolean always, boolean removeMatches, boolean debug, int userId) { if (!sUserManager.exists(userId)) return null; // writer synchronized (mPackages) { if (intent.getSelector() != null) { intent = intent.getSelector(); } if (DEBUG_PREFERRED) intent.addFlags(Intent.FLAG_DEBUG_LOG_RESOLUTION); // Try to find a matching persistent preferred activity. ResolveInfo pri = findPersistentPreferredActivityLP(intent, resolvedType, flags, query, debug, userId); // If a persistent preferred activity matched, use it. if (pri != null) { return pri; } PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); // Get the list of preferred activities that handle the intent if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Looking for preferred activities..."); List
prefs = pir != null ? pir.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId) : null; if (prefs != null && prefs.size() > 0) { boolean changed = false; try { // First figure out how good the original match set is. // We will only allow preferred activities that came // from the same match quality. int match = 0; if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Figuring out best match..."); final int N = query.size(); for (int j=0; j
match) { match = ri.match; } } if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Best match: 0x" + Integer.toHexString(match)); match &= IntentFilter.MATCH_CATEGORY_MASK; final int M = prefs.size(); for (int i=0; i
") + "\n component=" + pa.mPref.mComponent); pa.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); } if (pa.mPref.mMatch != match) { if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Skipping bad match " + Integer.toHexString(pa.mPref.mMatch)); continue; } // If it's not an "always" type preferred activity and that's what we're // looking for, skip it. if (always && !pa.mPref.mAlways) { if (DEBUG_PREFERRED || debug) Slog.v(TAG, "Skipping mAlways=false entry"); continue; } final ActivityInfo ai = getActivityInfo(pa.mPref.mComponent, flags | PackageManager.GET_DISABLED_COMPONENTS, userId); if (DEBUG_PREFERRED || debug) { Slog.v(TAG, "Found preferred activity:"); if (ai != null) { ai.dump(new LogPrinter(Log.VERBOSE, TAG, Log.LOG_ID_SYSTEM), " "); } else { Slog.v(TAG, " null"); } } if (ai == null) { // This previously registered preferred activity // component is no longer known. Most likely an update // to the app was installed and in the new version this // component no longer exists. Clean it up by removing // it from the preferred activities list, and skip it. Slog.w(TAG, "Removing dangling preferred activity: " + pa.mPref.mComponent); pir.removeFilter(pa); changed = true; continue; } for (int j=0; j
matches = getMatchingCrossProfileIntentFilters(intent, resolvedType, sourceUserId); if (matches != null) { int size = matches.size(); for (int i = 0; i < size; i++) { if (matches.get(i).getTargetUserId() == targetUserId) return true; } } if (hasWebURI(intent)) { // cross-profile app linking works only towards the parent. final UserInfo parent = getProfileParent(sourceUserId); synchronized(mPackages) { CrossProfileDomainInfo xpDomainInfo = getCrossProfileDomainPreferredLpr( intent, resolvedType, 0, sourceUserId, parent.id); return xpDomainInfo != null; } } return false; } private UserInfo getProfileParent(int userId) { final long identity = Binder.clearCallingIdentity(); try { return sUserManager.getProfileParent(userId); } finally { Binder.restoreCallingIdentity(identity); } } private List
getMatchingCrossProfileIntentFilters(Intent intent, String resolvedType, int userId) { CrossProfileIntentResolver resolver = mSettings.mCrossProfileIntentResolvers.get(userId); if (resolver != null) { return resolver.queryIntent(intent, resolvedType, false, userId); } return null; } @Override public List
queryIntentActivities(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "query intent activities"); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { final List
list = new ArrayList
(1); final ActivityInfo ai = getActivityInfo(comp, flags, userId); if (ai != null) { final ResolveInfo ri = new ResolveInfo(); ri.activityInfo = ai; list.add(ri); } return list; } // reader synchronized (mPackages) { final String pkgName = intent.getPackage(); if (pkgName == null) { List
matchingFilters = getMatchingCrossProfileIntentFilters(intent, resolvedType, userId); // Check for results that need to skip the current profile. ResolveInfo xpResolveInfo = querySkipCurrentProfileIntents(matchingFilters, intent, resolvedType, flags, userId); if (xpResolveInfo != null && isUserEnabled(xpResolveInfo.targetUserId)) { List
result = new ArrayList
(1); result.add(xpResolveInfo); return filterIfNotPrimaryUser(result, userId); } // Check for results in the current profile. List
result = mActivities.queryIntent( intent, resolvedType, flags, userId); // Check for cross profile results. xpResolveInfo = queryCrossProfileIntents( matchingFilters, intent, resolvedType, flags, userId); if (xpResolveInfo != null && isUserEnabled(xpResolveInfo.targetUserId)) { result.add(xpResolveInfo); Collections.sort(result, mResolvePrioritySorter); } result = filterIfNotPrimaryUser(result, userId); if (hasWebURI(intent)) { CrossProfileDomainInfo xpDomainInfo = null; final UserInfo parent = getProfileParent(userId); if (parent != null) { xpDomainInfo = getCrossProfileDomainPreferredLpr(intent, resolvedType, flags, userId, parent.id); } if (xpDomainInfo != null) { if (xpResolveInfo != null) { // If we didn't remove it, the cross-profile ResolveInfo would be twice // in the result. result.remove(xpResolveInfo); } if (result.size() == 0) { result.add(xpDomainInfo.resolveInfo); return result; } } else if (result.size() <= 1) { return result; } result = filterCandidatesWithDomainPreferredActivitiesLPr(intent, flags, result, xpDomainInfo, userId); Collections.sort(result, mResolvePrioritySorter); } return result; } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return filterIfNotPrimaryUser( mActivities.queryIntentForPackage( intent, resolvedType, flags, pkg.activities, userId), userId); } return new ArrayList
(); } } private static class CrossProfileDomainInfo { /* ResolveInfo for IntentForwarderActivity to send the intent to the other profile */ ResolveInfo resolveInfo; /* Best domain verification status of the activities found in the other profile */ int bestDomainVerificationStatus; } private CrossProfileDomainInfo getCrossProfileDomainPreferredLpr(Intent intent, String resolvedType, int flags, int sourceUserId, int parentUserId) { if (!sUserManager.hasUserRestriction(UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, sourceUserId)) { return null; } List
resultTargetUser = mActivities.queryIntent(intent, resolvedType, flags, parentUserId); if (resultTargetUser == null || resultTargetUser.isEmpty()) { return null; } CrossProfileDomainInfo result = null; int size = resultTargetUser.size(); for (int i = 0; i < size; i++) { ResolveInfo riTargetUser = resultTargetUser.get(i); // Intent filter verification is only for filters that specify a host. So don't return // those that handle all web uris. if (riTargetUser.handleAllWebDataURI) { continue; } String packageName = riTargetUser.activityInfo.packageName; PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null) { continue; } long verificationState = getDomainVerificationStatusLPr(ps, parentUserId); int status = (int)(verificationState >> 32); if (result == null) { result = new CrossProfileDomainInfo(); result.resolveInfo = createForwardingResolveInfo(new IntentFilter(), sourceUserId, parentUserId); result.bestDomainVerificationStatus = status; } else { result.bestDomainVerificationStatus = bestDomainVerificationStatus(status, result.bestDomainVerificationStatus); } } // Don't consider matches with status NEVER across profiles. if (result != null && result.bestDomainVerificationStatus == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { return null; } return result; } /** * Verification statuses are ordered from the worse to the best, except for * INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER, which is the worse. */ private int bestDomainVerificationStatus(int status1, int status2) { if (status1 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { return status2; } if (status2 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { return status1; } return (int) MathUtils.max(status1, status2); } private boolean isUserEnabled(int userId) { long callingId = Binder.clearCallingIdentity(); try { UserInfo userInfo = sUserManager.getUserInfo(userId); return userInfo != null && userInfo.isEnabled(); } finally { Binder.restoreCallingIdentity(callingId); } } /** * Filter out activities with primaryUserOnly flag set, when current user is not the owner. * * @return filtered list */ private List
filterIfNotPrimaryUser(List
resolveInfos, int userId) { if (userId == UserHandle.USER_OWNER) { return resolveInfos; } for (int i = resolveInfos.size() - 1; i >= 0; i--) { ResolveInfo info = resolveInfos.get(i); if ((info.activityInfo.flags & ActivityInfo.FLAG_PRIMARY_USER_ONLY) != 0) { resolveInfos.remove(i); } } return resolveInfos; } private static boolean hasWebURI(Intent intent) { if (intent.getData() == null) { return false; } final String scheme = intent.getScheme(); if (TextUtils.isEmpty(scheme)) { return false; } return scheme.equals(IntentFilter.SCHEME_HTTP) || scheme.equals(IntentFilter.SCHEME_HTTPS); } private List
filterCandidatesWithDomainPreferredActivitiesLPr(Intent intent, int matchFlags, List
candidates, CrossProfileDomainInfo xpDomainInfo, int userId) { final boolean debug = (intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0; if (DEBUG_PREFERRED || DEBUG_DOMAIN_VERIFICATION) { Slog.v(TAG, "Filtering results with preferred activities. Candidates count: " + candidates.size()); } ArrayList
result = new ArrayList
(); ArrayList
alwaysList = new ArrayList
(); ArrayList
undefinedList = new ArrayList
(); ArrayList
alwaysAskList = new ArrayList
(); ArrayList
neverList = new ArrayList
(); ArrayList
matchAllList = new ArrayList
(); synchronized (mPackages) { final int count = candidates.size(); // First, try to use linked apps. Partition the candidates into four lists: // one for the final results, one for the "do not use ever", one for "undefined status" // and finally one for "browser app type". for (int n=0; n
> 32); int linkGeneration = (int)(packedStatus & 0xFFFFFFFF); if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.i(TAG, " + always: " + info.activityInfo.packageName + " : linkgen=" + linkGeneration); } // Use link-enabled generation as preferredOrder, i.e. // prefer newly-enabled over earlier-enabled. info.preferredOrder = linkGeneration; alwaysList.add(info); } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.i(TAG, " + never: " + info.activityInfo.packageName); } neverList.add(info); } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.i(TAG, " + always-ask: " + info.activityInfo.packageName); } alwaysAskList.add(info); } else if (status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED || status == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK) { if (DEBUG_DOMAIN_VERIFICATION) { Slog.i(TAG, " + ask: " + info.activityInfo.packageName); } undefinedList.add(info); } } } // We'll want to include browser possibilities in a few cases boolean includeBrowser = false; // First try to add the "always" resolution(s) for the current user, if any if (alwaysList.size() > 0) { result.addAll(alwaysList); } else { // Add all undefined apps as we want them to appear in the disambiguation dialog. result.addAll(undefinedList); // Maybe add one for the other profile. if (xpDomainInfo != null && ( xpDomainInfo.bestDomainVerificationStatus != INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER)) { result.add(xpDomainInfo.resolveInfo); } includeBrowser = true; } // The presence of any 'always ask' alternatives means we'll also offer browsers. // If there were 'always' entries their preferred order has been set, so we also // back that off to make the alternatives equivalent if (alwaysAskList.size() > 0) { for (ResolveInfo i : result) { i.preferredOrder = 0; } result.addAll(alwaysAskList); includeBrowser = true; } if (includeBrowser) { // Also add browsers (all of them or only the default one) if (DEBUG_DOMAIN_VERIFICATION) { Slog.v(TAG, " ...including browsers in candidate set"); } if ((matchFlags & MATCH_ALL) != 0) { result.addAll(matchAllList); } else { // Browser/generic handling case. If there's a default browser, go straight // to that (but only if there is no other higher-priority match). final String defaultBrowserPackageName = getDefaultBrowserPackageName(userId); int maxMatchPrio = 0; ResolveInfo defaultBrowserMatch = null; final int numCandidates = matchAllList.size(); for (int n = 0; n < numCandidates; n++) { ResolveInfo info = matchAllList.get(n); // track the highest overall match priority... if (info.priority > maxMatchPrio) { maxMatchPrio = info.priority; } // ...and the highest-priority default browser match if (info.activityInfo.packageName.equals(defaultBrowserPackageName)) { if (defaultBrowserMatch == null || (defaultBrowserMatch.priority < info.priority)) { if (debug) { Slog.v(TAG, "Considering default browser match " + info); } defaultBrowserMatch = info; } } } if (defaultBrowserMatch != null && defaultBrowserMatch.priority >= maxMatchPrio && !TextUtils.isEmpty(defaultBrowserPackageName)) { if (debug) { Slog.v(TAG, "Default browser match " + defaultBrowserMatch); } result.add(defaultBrowserMatch); } else { result.addAll(matchAllList); } } // If there is nothing selected, add all candidates and remove the ones that the user // has explicitly put into the INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER state if (result.size() == 0) { result.addAll(candidates); result.removeAll(neverList); } } } if (DEBUG_PREFERRED || DEBUG_DOMAIN_VERIFICATION) { Slog.v(TAG, "Filtered results with preferred activities. New candidates count: " + result.size()); for (ResolveInfo info : result) { Slog.v(TAG, " + " + info.activityInfo); } } return result; } // Returns a packed value as a long: // // high 'int'-sized word: link status: undefined/ask/never/always. // low 'int'-sized word: relative priority among 'always' results. private long getDomainVerificationStatusLPr(PackageSetting ps, int userId) { long result = ps.getDomainVerificationStatusForUser(userId); // if none available, get the master status if (result >> 32 == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED) { if (ps.getIntentFilterVerificationInfo() != null) { result = ((long)ps.getIntentFilterVerificationInfo().getStatus()) << 32; } } return result; } private ResolveInfo querySkipCurrentProfileIntents( List
matchingFilters, Intent intent, String resolvedType, int flags, int sourceUserId) { if (matchingFilters != null) { int size = matchingFilters.size(); for (int i = 0; i < size; i ++) { CrossProfileIntentFilter filter = matchingFilters.get(i); if ((filter.getFlags() & PackageManager.SKIP_CURRENT_PROFILE) != 0) { // Checking if there are activities in the target user that can handle the // intent. ResolveInfo resolveInfo = checkTargetCanHandle(filter, intent, resolvedType, flags, sourceUserId); if (resolveInfo != null) { return resolveInfo; } } } } return null; } // Return matching ResolveInfo if any for skip current profile intent filters. private ResolveInfo queryCrossProfileIntents( List
matchingFilters, Intent intent, String resolvedType, int flags, int sourceUserId) { if (matchingFilters != null) { // Two {@link CrossProfileIntentFilter}s can have the same targetUserId and // match the same intent. For performance reasons, it is better not to // run queryIntent twice for the same userId SparseBooleanArray alreadyTriedUserIds = new SparseBooleanArray(); int size = matchingFilters.size(); for (int i = 0; i < size; i++) { CrossProfileIntentFilter filter = matchingFilters.get(i); int targetUserId = filter.getTargetUserId(); if ((filter.getFlags() & PackageManager.SKIP_CURRENT_PROFILE) == 0 && !alreadyTriedUserIds.get(targetUserId)) { // Checking if there are activities in the target user that can handle the // intent. ResolveInfo resolveInfo = checkTargetCanHandle(filter, intent, resolvedType, flags, sourceUserId); if (resolveInfo != null) return resolveInfo; alreadyTriedUserIds.put(targetUserId, true); } } } return null; } private ResolveInfo checkTargetCanHandle(CrossProfileIntentFilter filter, Intent intent, String resolvedType, int flags, int sourceUserId) { List
resultTargetUser = mActivities.queryIntent(intent, resolvedType, flags, filter.getTargetUserId()); if (resultTargetUser != null && !resultTargetUser.isEmpty()) { return createForwardingResolveInfo(filter, sourceUserId, filter.getTargetUserId()); } return null; } private ResolveInfo createForwardingResolveInfo(IntentFilter filter, int sourceUserId, int targetUserId) { ResolveInfo forwardingResolveInfo = new ResolveInfo(); String className; if (targetUserId == UserHandle.USER_OWNER) { className = FORWARD_INTENT_TO_USER_OWNER; } else { className = FORWARD_INTENT_TO_MANAGED_PROFILE; } ComponentName forwardingActivityComponentName = new ComponentName( mAndroidApplication.packageName, className); ActivityInfo forwardingActivityInfo = getActivityInfo(forwardingActivityComponentName, 0, sourceUserId); if (targetUserId == UserHandle.USER_OWNER) { forwardingActivityInfo.showUserIcon = UserHandle.USER_OWNER; forwardingResolveInfo.noResourceId = true; } forwardingResolveInfo.activityInfo = forwardingActivityInfo; forwardingResolveInfo.priority = 0; forwardingResolveInfo.preferredOrder = 0; forwardingResolveInfo.match = 0; forwardingResolveInfo.isDefault = true; forwardingResolveInfo.filter = filter; forwardingResolveInfo.targetUserId = targetUserId; return forwardingResolveInfo; } @Override public List
queryIntentActivityOptions(ComponentName caller, Intent[] specifics, String[] specificTypes, Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "query intent activity options"); final String resultsAction = intent.getAction(); List
results = queryIntentActivities(intent, resolvedType, flags | PackageManager.GET_RESOLVED_FILTER, userId); if (DEBUG_INTENT_MATCHING) { Log.v(TAG, "Query " + intent + ": " + results); } int specificsPos = 0; int N; // todo: note that the algorithm used here is O(N^2). This // isn't a problem in our current environment, but if we start running // into situations where we have more than 5 or 10 matches then this // should probably be changed to something smarter... // First we go through and resolve each of the specific items // that were supplied, taking care of removing any corresponding // duplicate items in the generic resolve list. if (specifics != null) { for (int i=0; i
it = rii.filter.actionsIterator(); if (it == null) { continue; } while (it.hasNext()) { final String action = it.next(); if (resultsAction != null && resultsAction.equals(action)) { // If this action was explicitly requested, then don't // remove things that have it. continue; } for (int j=i+1; j
queryIntentReceivers(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { List
list = new ArrayList
(1); ActivityInfo ai = getReceiverInfo(comp, flags, userId); if (ai != null) { ResolveInfo ri = new ResolveInfo(); ri.activityInfo = ai; list.add(ri); } return list; } // reader synchronized (mPackages) { String pkgName = intent.getPackage(); if (pkgName == null) { return mReceivers.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mReceivers.queryIntentForPackage(intent, resolvedType, flags, pkg.receivers, userId); } return null; } } @Override public ResolveInfo resolveService(Intent intent, String resolvedType, int flags, int userId) { List
query = queryIntentServices(intent, resolvedType, flags, userId); if (!sUserManager.exists(userId)) return null; if (query != null) { if (query.size() >= 1) { // If there is more than one service with the same priority, // just arbitrarily pick the first one. return query.get(0); } } return null; } @Override public List
queryIntentServices(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { final List
list = new ArrayList
(1); final ServiceInfo si = getServiceInfo(comp, flags, userId); if (si != null) { final ResolveInfo ri = new ResolveInfo(); ri.serviceInfo = si; list.add(ri); } return list; } // reader synchronized (mPackages) { String pkgName = intent.getPackage(); if (pkgName == null) { return mServices.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mServices.queryIntentForPackage(intent, resolvedType, flags, pkg.services, userId); } return null; } } @Override public List
queryIntentContentProviders( Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { final List
list = new ArrayList
(1); final ProviderInfo pi = getProviderInfo(comp, flags, userId); if (pi != null) { final ResolveInfo ri = new ResolveInfo(); ri.providerInfo = pi; list.add(ri); } return list; } // reader synchronized (mPackages) { String pkgName = intent.getPackage(); if (pkgName == null) { return mProviders.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mProviders.queryIntentForPackage( intent, resolvedType, flags, pkg.providers, userId); } return null; } } @Override public ParceledListSlice
getInstalledPackages(int flags, int userId) { final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "get installed packages"); // writer synchronized (mPackages) { ArrayList
list; if (listUninstalled) { list = new ArrayList
(mSettings.mPackages.size()); for (PackageSetting ps : mSettings.mPackages.values()) { PackageInfo pi; if (ps.pkg != null) { pi = generatePackageInfo(ps.pkg, flags, userId); } else { pi = generatePackageInfoFromSettingsLPw(ps.name, flags, userId); } if (pi != null) { list.add(pi); } } } else { list = new ArrayList
(mPackages.size()); for (PackageParser.Package p : mPackages.values()) { PackageInfo pi = generatePackageInfo(p, flags, userId); if (pi != null) { list.add(pi); } } } return new ParceledListSlice
(list); } } private void addPackageHoldingPermissions(ArrayList
list, PackageSetting ps, String[] permissions, boolean[] tmp, int flags, int userId) { int numMatch = 0; final PermissionsState permissionsState = ps.getPermissionsState(); for (int i=0; i
getPackagesHoldingPermissions( String[] permissions, int flags, int userId) { if (!sUserManager.exists(userId)) return null; final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; // writer synchronized (mPackages) { ArrayList
list = new ArrayList
(); boolean[] tmpBools = new boolean[permissions.length]; if (listUninstalled) { for (PackageSetting ps : mSettings.mPackages.values()) { addPackageHoldingPermissions(list, ps, permissions, tmpBools, flags, userId); } } else { for (PackageParser.Package pkg : mPackages.values()) { PackageSetting ps = (PackageSetting)pkg.mExtras; if (ps != null) { addPackageHoldingPermissions(list, ps, permissions, tmpBools, flags, userId); } } } return new ParceledListSlice
(list); } } @Override public ParceledListSlice
getInstalledApplications(int flags, int userId) { if (!sUserManager.exists(userId)) return null; final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; // writer synchronized (mPackages) { ArrayList
list; if (listUninstalled) { list = new ArrayList
(mSettings.mPackages.size()); for (PackageSetting ps : mSettings.mPackages.values()) { ApplicationInfo ai; if (ps.pkg != null) { ai = PackageParser.generateApplicationInfo(ps.pkg, flags, ps.readUserState(userId), userId); } else { ai = generateApplicationInfoFromSettingsLPw(ps.name, flags, userId); } if (ai != null) { list.add(ai); } } } else { list = new ArrayList
(mPackages.size()); for (PackageParser.Package p : mPackages.values()) { if (p.mExtras != null) { ApplicationInfo ai = PackageParser.generateApplicationInfo(p, flags, ((PackageSetting)p.mExtras).readUserState(userId), userId); if (ai != null) { list.add(ai); } } } } return new ParceledListSlice
(list); } } public List
getPersistentApplications(int flags) { final ArrayList
finalList = new ArrayList
(); // reader synchronized (mPackages) { final Iterator
i = mPackages.values().iterator(); final int userId = UserHandle.getCallingUserId(); while (i.hasNext()) { final PackageParser.Package p = i.next(); if (p.applicationInfo != null && (p.applicationInfo.flags&ApplicationInfo.FLAG_PERSISTENT) != 0 && (!mSafeMode || isSystemApp(p))) { PackageSetting ps = mSettings.mPackages.get(p.packageName); if (ps != null) { ApplicationInfo ai = PackageParser.generateApplicationInfo(p, flags, ps.readUserState(userId), userId); if (ai != null) { finalList.add(ai); } } } } } return finalList; } @Override public ProviderInfo resolveContentProvider(String name, int flags, int userId) { if (!sUserManager.exists(userId)) return null; // reader synchronized (mPackages) { final PackageParser.Provider provider = mProvidersByAuthority.get(name); PackageSetting ps = provider != null ? mSettings.mPackages.get(provider.owner.packageName) : null; return ps != null && mSettings.isEnabledLPr(provider.info, flags, userId) && (!mSafeMode || (provider.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) != 0) ? PackageParser.generateProviderInfo(provider, flags, ps.readUserState(userId), userId) : null; } } /** * @deprecated */ @Deprecated public void querySyncProviders(List
outNames, List
outInfo) { // reader synchronized (mPackages) { final Iterator
> i = mProvidersByAuthority .entrySet().iterator(); final int userId = UserHandle.getCallingUserId(); while (i.hasNext()) { Map.Entry
entry = i.next(); PackageParser.Provider p = entry.getValue(); PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); if (ps != null && p.syncable && (!mSafeMode || (p.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) != 0)) { ProviderInfo info = PackageParser.generateProviderInfo(p, 0, ps.readUserState(userId), userId); if (info != null) { outNames.add(entry.getKey()); outInfo.add(info); } } } } } @Override public ParceledListSlice
queryContentProviders(String processName, int uid, int flags) { ArrayList
finalList = null; // reader synchronized (mPackages) { final Iterator
i = mProviders.mProviders.values().iterator(); final int userId = processName != null ? UserHandle.getUserId(uid) : UserHandle.getCallingUserId(); while (i.hasNext()) { final PackageParser.Provider p = i.next(); PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); if (ps != null && p.info.authority != null && (processName == null || (p.info.processName.equals(processName) && UserHandle.isSameApp(p.info.applicationInfo.uid, uid))) && mSettings.isEnabledLPr(p.info, flags, userId) && (!mSafeMode || (p.info.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0)) { if (finalList == null) { finalList = new ArrayList
(3); } ProviderInfo info = PackageParser.generateProviderInfo(p, flags, ps.readUserState(userId), userId); if (info != null) { finalList.add(info); } } } } if (finalList != null) { Collections.sort(finalList, mProviderInitOrderSorter); return new ParceledListSlice
(finalList); } return null; } @Override public InstrumentationInfo getInstrumentationInfo(ComponentName name, int flags) { // reader synchronized (mPackages) { final PackageParser.Instrumentation i = mInstrumentation.get(name); return PackageParser.generateInstrumentationInfo(i, flags); } } @Override public List
queryInstrumentation(String targetPackage, int flags) { ArrayList
finalList = new ArrayList
(); // reader synchronized (mPackages) { final Iterator
i = mInstrumentation.values().iterator(); while (i.hasNext()) { final PackageParser.Instrumentation p = i.next(); if (targetPackage == null || targetPackage.equals(p.info.targetPackage)) { InstrumentationInfo ii = PackageParser.generateInstrumentationInfo(p, flags); if (ii != null) { finalList.add(ii); } } } } return finalList; } private void createIdmapsForPackageLI(PackageParser.Package pkg) { ArrayMap
overlays = mOverlays.get(pkg.packageName); if (overlays == null) { Slog.w(TAG, "Unable to create idmap for " + pkg.packageName + ": no overlay packages"); return; } for (PackageParser.Package opkg : overlays.values()) { // Not much to do if idmap fails: we already logged the error // and we certainly don't want to abort installation of pkg simply // because an overlay didn't fit properly. For these reasons, // ignore the return value of createIdmapForPackagePairLI. createIdmapForPackagePairLI(pkg, opkg); } } private boolean createIdmapForPackagePairLI(PackageParser.Package pkg, PackageParser.Package opkg) { if (!opkg.mTrustedOverlay) { Slog.w(TAG, "Skipping target and overlay pair " + pkg.baseCodePath + " and " + opkg.baseCodePath + ": overlay not trusted"); return false; } ArrayMap
overlaySet = mOverlays.get(pkg.packageName); if (overlaySet == null) { Slog.e(TAG, "was about to create idmap for " + pkg.baseCodePath + " and " + opkg.baseCodePath + " but target package has no known overlays"); return false; } final int sharedGid = UserHandle.getSharedAppGid(pkg.applicationInfo.uid); // TODO: generate idmap for split APKs if (mInstaller.idmap(pkg.baseCodePath, opkg.baseCodePath, sharedGid) != 0) { Slog.e(TAG, "Failed to generate idmap for " + pkg.baseCodePath + " and " + opkg.baseCodePath); return false; } PackageParser.Package[] overlayArray = overlaySet.values().toArray(new PackageParser.Package[0]); Comparator
cmp = new Comparator
() { public int compare(PackageParser.Package p1, PackageParser.Package p2) { return p1.mOverlayPriority - p2.mOverlayPriority; } }; Arrays.sort(overlayArray, cmp); pkg.applicationInfo.resourceDirs = new String[overlayArray.length]; int i = 0; for (PackageParser.Package p : overlayArray) { pkg.applicationInfo.resourceDirs[i++] = p.baseCodePath; } return true; } private void scanDirLI(File dir, int parseFlags, int scanFlags, long currentTime) { final File[] files = dir.listFiles(); if (ArrayUtils.isEmpty(files)) { Log.d(TAG, "No files in app dir " + dir); return; } if (DEBUG_PACKAGE_SCANNING) { Log.d(TAG, "Scanning app dir " + dir + " scanFlags=" + scanFlags + " flags=0x" + Integer.toHexString(parseFlags)); } for (File file : files) { final boolean isPackage = (isApkFile(file) || file.isDirectory()) && !PackageInstallerService.isStageName(file.getName()); if (!isPackage) { // Ignore entries which are not packages continue; } try { scanPackageLI(file, parseFlags | PackageParser.PARSE_MUST_BE_APK, scanFlags, currentTime, null); } catch (PackageManagerException e) { Slog.w(TAG, "Failed to parse " + file + ": " + e.getMessage()); // Delete invalid userdata apps if ((parseFlags & PackageParser.PARSE_IS_SYSTEM) == 0 && e.error == PackageManager.INSTALL_FAILED_INVALID_APK) { logCriticalInfo(Log.WARN, "Deleting invalid package at " + file); if (file.isDirectory()) { mInstaller.rmPackageDir(file.getAbsolutePath()); } else { file.delete(); } } } } } private static File getSettingsProblemFile() { File dataDir = Environment.getDataDirectory(); File systemDir = new File(dataDir, "system"); File fname = new File(systemDir, "uiderrors.txt"); return fname; } static void reportSettingsProblem(int priority, String msg) { logCriticalInfo(priority, msg); } static void logCriticalInfo(int priority, String msg) { Slog.println(priority, TAG, msg); EventLogTags.writePmCriticalInfo(msg); try { File fname = getSettingsProblemFile(); FileOutputStream out = new FileOutputStream(fname, true); PrintWriter pw = new FastPrintWriter(out); SimpleDateFormat formatter = new SimpleDateFormat(); String dateString = formatter.format(new Date(System.currentTimeMillis())); pw.println(dateString + ": " + msg); pw.close(); FileUtils.setPermissions( fname.toString(), FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IROTH, -1, -1); } catch (java.io.IOException e) { } } private void collectCertificatesLI(PackageParser pp, PackageSetting ps, PackageParser.Package pkg, File srcFile, int parseFlags) throws PackageManagerException { if (ps != null && ps.codePath.equals(srcFile) && ps.timeStamp == srcFile.lastModified() && !isCompatSignatureUpdateNeeded(pkg) && !isRecoverSignatureUpdateNeeded(pkg)) { long mSigningKeySetId = ps.keySetData.getProperSigningKeySet(); KeySetManagerService ksms = mSettings.mKeySetManagerService; ArraySet
signingKs; synchronized (mPackages) { signingKs = ksms.getPublicKeysFromKeySetLPr(mSigningKeySetId); } if (ps.signatures.mSignatures != null && ps.signatures.mSignatures.length != 0 && signingKs != null) { // Optimization: reuse the existing cached certificates // if the package appears to be unchanged. pkg.mSignatures = ps.signatures.mSignatures; pkg.mSigningKeys = signingKs; return; } Slog.w(TAG, "PackageSetting for " + ps.name + " is missing signatures. Collecting certs again to recover them."); } else { Log.i(TAG, srcFile.toString() + " changed; collecting certs"); } try { pp.collectCertificates(pkg, parseFlags); pp.collectManifestDigest(pkg); } catch (PackageParserException e) { throw PackageManagerException.from(e); } } /* * Scan a package and return the newly parsed package. * Returns null in case of errors and the error code is stored in mLastScanError */ private PackageParser.Package scanPackageLI(File scanFile, int parseFlags, int scanFlags, long currentTime, UserHandle user) throws PackageManagerException { if (DEBUG_INSTALL) Slog.d(TAG, "Parsing: " + scanFile); parseFlags |= mDefParseFlags; PackageParser pp = new PackageParser(); pp.setSeparateProcesses(mSeparateProcesses); pp.setOnlyCoreApps(mOnlyCore); pp.setDisplayMetrics(mMetrics); if ((scanFlags & SCAN_TRUSTED_OVERLAY) != 0) { parseFlags |= PackageParser.PARSE_TRUSTED_OVERLAY; } final PackageParser.Package pkg; try { pkg = pp.parsePackage(scanFile, parseFlags); } catch (PackageParserException e) { throw PackageManagerException.from(e); } PackageSetting ps = null; PackageSetting updatedPkg; // reader synchronized (mPackages) { // Look to see if we already know about this package. String oldName = mSettings.mRenamedPackages.get(pkg.packageName); if (pkg.mOriginalPackages != null && pkg.mOriginalPackages.contains(oldName)) { // This package has been renamed to its original name. Let's // use that. ps = mSettings.peekPackageLPr(oldName); } // If there was no original package, see one for the real package name. if (ps == null) { ps = mSettings.peekPackageLPr(pkg.packageName); } // Check to see if this package could be hiding/updating a system // package. Must look for it either under the original or real // package name depending on our state. updatedPkg = mSettings.getDisabledSystemPkgLPr(ps != null ? ps.name : pkg.packageName); if (DEBUG_INSTALL && updatedPkg != null) Slog.d(TAG, "updatedPkg = " + updatedPkg); } boolean updatedPkgBetter = false; // First check if this is a system package that may involve an update if (updatedPkg != null && (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) { // If new package is not located in "/system/priv-app" (e.g. due to an OTA), // it needs to drop FLAG_PRIVILEGED. if (locationIsPrivileged(scanFile)) { updatedPkg.pkgPrivateFlags |= ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; } else { updatedPkg.pkgPrivateFlags &= ~ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; } if (ps != null && !ps.codePath.equals(scanFile)) { // The path has changed from what was last scanned... check the // version of the new path against what we have stored to determine // what to do. if (DEBUG_INSTALL) Slog.d(TAG, "Path changing from " + ps.codePath); if (pkg.mVersionCode <= ps.versionCode) { // The system package has been updated and the code path does not match // Ignore entry. Skip it. if (DEBUG_INSTALL) Slog.i(TAG, "Package " + ps.name + " at " + scanFile + " ignored: updated version " + ps.versionCode + " better than this " + pkg.mVersionCode); if (!updatedPkg.codePath.equals(scanFile)) { Slog.w(PackageManagerService.TAG, "Code path for hidden system pkg : " + ps.name + " changing from " + updatedPkg.codePathString + " to " + scanFile); updatedPkg.codePath = scanFile; updatedPkg.codePathString = scanFile.toString(); updatedPkg.resourcePath = scanFile; updatedPkg.resourcePathString = scanFile.toString(); } updatedPkg.pkg = pkg; throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, "Package " + ps.name + " at " + scanFile + " ignored: updated version " + ps.versionCode + " better than this " + pkg.mVersionCode); } else { // The current app on the system partition is better than // what we have updated to on the data partition; switch // back to the system partition version. // At this point, its safely assumed that package installation for // apps in system partition will go through. If not there won't be a working // version of the app // writer synchronized (mPackages) { // Just remove the loaded entries from package lists. mPackages.remove(ps.name); } logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile + " reverting from " + ps.codePathString + ": new version " + pkg.mVersionCode + " better than installed " + ps.versionCode); InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps), ps.codePathString, ps.resourcePathString, getAppDexInstructionSets(ps)); synchronized (mInstallLock) { args.cleanUpResourcesLI(); } synchronized (mPackages) { mSettings.enableSystemPackageLPw(ps.name); } updatedPkgBetter = true; } } } if (updatedPkg != null) { // An updated system app will not have the PARSE_IS_SYSTEM flag set // initially parseFlags |= PackageParser.PARSE_IS_SYSTEM; // An updated privileged app will not have the PARSE_IS_PRIVILEGED // flag set initially if ((updatedPkg.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0) { parseFlags |= PackageParser.PARSE_IS_PRIVILEGED; } } // Verify certificates against what was last scanned collectCertificatesLI(pp, ps, pkg, scanFile, parseFlags); /* * A new system app appeared, but we already had a non-system one of the * same name installed earlier. */ boolean shouldHideSystemApp = false; if (updatedPkg == null && ps != null && (parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) != 0 && !isSystemApp(ps)) { /* * Check to make sure the signatures match first. If they don't, * wipe the installed application and its data. */ if (compareSignatures(ps.signatures.mSignatures, pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { logCriticalInfo(Log.WARN, "Package " + ps.name + " appeared on system, but" + " signatures don't match existing userdata copy; removing"); deletePackageLI(pkg.packageName, null, true, null, null, 0, null, false); ps = null; } else { /* * If the newly-added system app is an older version than the * already installed version, hide it. It will be scanned later * and re-added like an update. */ if (pkg.mVersionCode <= ps.versionCode) { shouldHideSystemApp = true; logCriticalInfo(Log.INFO, "Package " + ps.name + " appeared at " + scanFile + " but new version " + pkg.mVersionCode + " better than installed " + ps.versionCode + "; hiding system"); } else { /* * The newly found system app is a newer version that the * one previously installed. Simply remove the * already-installed application and replace it with our own * while keeping the application data. */ logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile + " reverting from " + ps.codePathString + ": new version " + pkg.mVersionCode + " better than installed " + ps.versionCode); InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps), ps.codePathString, ps.resourcePathString, getAppDexInstructionSets(ps)); synchronized (mInstallLock) { args.cleanUpResourcesLI(); } } } } // The apk is forward locked (not public) if its code and resources // are kept in different files. (except for app in either system or // vendor path). // TODO grab this value from PackageSettings if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { if (ps != null && !ps.codePath.equals(ps.resourcePath)) { parseFlags |= PackageParser.PARSE_FORWARD_LOCK; } } // TODO: extend to support forward-locked splits String resourcePath = null; String baseResourcePath = null; if ((parseFlags & PackageParser.PARSE_FORWARD_LOCK) != 0 && !updatedPkgBetter) { if (ps != null && ps.resourcePathString != null) { resourcePath = ps.resourcePathString; baseResourcePath = ps.resourcePathString; } else { // Should not happen at all. Just log an error. Slog.e(TAG, "Resource path not set for pkg : " + pkg.packageName); } } else { resourcePath = pkg.codePath; baseResourcePath = pkg.baseCodePath; } // Set application objects path explicitly. pkg.applicationInfo.volumeUuid = pkg.volumeUuid; pkg.applicationInfo.setCodePath(pkg.codePath); pkg.applicationInfo.setBaseCodePath(pkg.baseCodePath); pkg.applicationInfo.setSplitCodePaths(pkg.splitCodePaths); pkg.applicationInfo.setResourcePath(resourcePath); pkg.applicationInfo.setBaseResourcePath(baseResourcePath); pkg.applicationInfo.setSplitResourcePaths(pkg.splitCodePaths); // Note that we invoke the following method only if we are about to unpack an application PackageParser.Package scannedPkg = scanPackageLI(pkg, parseFlags, scanFlags | SCAN_UPDATE_SIGNATURE, currentTime, user); /* * If the system app should be overridden by a previously installed * data, hide the system app now and let the /data/app scan pick it up * again. */ if (shouldHideSystemApp) { synchronized (mPackages) { mSettings.disableSystemPackageLPw(pkg.packageName); } } return scannedPkg; } private static String fixProcessName(String defProcessName, String processName, int uid) { if (processName == null) { return defProcessName; } return processName; } private void verifySignaturesLP(PackageSetting pkgSetting, PackageParser.Package pkg) throws PackageManagerException { if (pkgSetting.signatures.mSignatures != null) { // Already existing package. Make sure signatures match boolean match = compareSignatures(pkgSetting.signatures.mSignatures, pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; if (!match) { match = compareSignaturesCompat(pkgSetting.signatures, pkg) == PackageManager.SIGNATURE_MATCH; } if (!match) { match = compareSignaturesRecover(pkgSetting.signatures, pkg) == PackageManager.SIGNATURE_MATCH; } if (!match) { throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE, "Package " + pkg.packageName + " signatures do not match the " + "previously installed version; ignoring!"); } } // Check for shared user signatures if (pkgSetting.sharedUser != null && pkgSetting.sharedUser.signatures.mSignatures != null) { // Already existing package. Make sure signatures match boolean match = compareSignatures(pkgSetting.sharedUser.signatures.mSignatures, pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; if (!match) { match = compareSignaturesCompat(pkgSetting.sharedUser.signatures, pkg) == PackageManager.SIGNATURE_MATCH; } if (!match) { match = compareSignaturesRecover(pkgSetting.sharedUser.signatures, pkg) == PackageManager.SIGNATURE_MATCH; } if (!match) { throw new PackageManagerException(INSTALL_FAILED_SHARED_USER_INCOMPATIBLE, "Package " + pkg.packageName + " has no signatures that match those in shared user " + pkgSetting.sharedUser.name + "; ignoring!"); } } } /** * Enforces that only the system UID or root's UID can call a method exposed * via Binder. * * @param message used as message if SecurityException is thrown * @throws SecurityException if the caller is not system or root */ private static final void enforceSystemOrRoot(String message) { final int uid = Binder.getCallingUid(); if (uid != Process.SYSTEM_UID && uid != 0) { throw new SecurityException(message); } } @Override public void performBootDexOpt() { enforceSystemOrRoot("Only the system can request dexopt be performed"); // Before everything else, see whether we need to fstrim. try { IMountService ms = PackageHelper.getMountService(); if (ms != null) { final boolean isUpgrade = isUpgrade(); boolean doTrim = isUpgrade; if (doTrim) { Slog.w(TAG, "Running disk maintenance immediately due to system update"); } else { final long interval = android.provider.Settings.Global.getLong( mContext.getContentResolver(), android.provider.Settings.Global.FSTRIM_MANDATORY_INTERVAL, DEFAULT_MANDATORY_FSTRIM_INTERVAL); if (interval > 0) { final long timeSinceLast = System.currentTimeMillis() - ms.lastMaintenance(); if (timeSinceLast > interval) { doTrim = true; Slog.w(TAG, "No disk maintenance in " + timeSinceLast + "; running immediately"); } } } if (doTrim) { if (!isFirstBoot()) { try { ActivityManagerNative.getDefault().showBootMessage( mContext.getResources().getString( R.string.android_upgrading_fstrim), true); } catch (RemoteException e) { } } ms.runMaintenance(); } } else { Slog.e(TAG, "Mount service unavailable!"); } } catch (RemoteException e) { // Can't happen; MountService is local } final ArraySet
pkgs; synchronized (mPackages) { pkgs = mPackageDexOptimizer.clearDeferredDexOptPackages(); } if (pkgs != null) { // Sort apps by importance for dexopt ordering. Important apps are given more priority // in case the device runs out of space. ArrayList
sortedPkgs = new ArrayList
(); // Give priority to core apps. for (Iterator
it = pkgs.iterator(); it.hasNext();) { PackageParser.Package pkg = it.next(); if (pkg.coreApp) { if (DEBUG_DEXOPT) { Log.i(TAG, "Adding core app " + sortedPkgs.size() + ": " + pkg.packageName); } sortedPkgs.add(pkg); it.remove(); } } // Give priority to system apps that listen for pre boot complete. Intent intent = new Intent(Intent.ACTION_PRE_BOOT_COMPLETED); ArraySet
pkgNames = getPackageNamesForIntent(intent); for (Iterator
it = pkgs.iterator(); it.hasNext();) { PackageParser.Package pkg = it.next(); if (pkgNames.contains(pkg.packageName)) { if (DEBUG_DEXOPT) { Log.i(TAG, "Adding pre boot system app " + sortedPkgs.size() + ": " + pkg.packageName); } sortedPkgs.add(pkg); it.remove(); } } // Filter out packages that aren't recently used. filterRecentlyUsedApps(pkgs); // Add all remaining apps. for (PackageParser.Package pkg : pkgs) { if (DEBUG_DEXOPT) { Log.i(TAG, "Adding app " + sortedPkgs.size() + ": " + pkg.packageName); } sortedPkgs.add(pkg); } // If we want to be lazy, filter everything that wasn't recently used. if (mLazyDexOpt) { filterRecentlyUsedApps(sortedPkgs); } int i = 0; int total = sortedPkgs.size(); File dataDir = Environment.getDataDirectory(); long lowThreshold = StorageManager.from(mContext).getStorageLowBytes(dataDir); if (lowThreshold == 0) { throw new IllegalStateException("Invalid low memory threshold"); } for (PackageParser.Package pkg : sortedPkgs) { long usableSpace = dataDir.getUsableSpace(); if (usableSpace < lowThreshold) { Log.w(TAG, "Not running dexopt on remaining apps due to low memory: " + usableSpace); break; } performBootDexOpt(pkg, ++i, total); } } } private void filterRecentlyUsedApps(Collection
pkgs) { // Filter out packages that aren't recently used. // // The exception is first boot of a non-eng device (aka !mLazyDexOpt), which // should do a full dexopt. if (mLazyDexOpt || (!isFirstBoot() && mPackageUsage.isHistoricalPackageUsageAvailable())) { int total = pkgs.size(); int skipped = 0; long now = System.currentTimeMillis(); for (Iterator
i = pkgs.iterator(); i.hasNext();) { PackageParser.Package pkg = i.next(); long then = pkg.mLastPackageUsageTimeInMills; if (then + mDexOptLRUThresholdInMills < now) { if (DEBUG_DEXOPT) { Log.i(TAG, "Skipping dexopt of " + pkg.packageName + " last resumed: " + ((then == 0) ? "never" : new Date(then))); } i.remove(); skipped++; } } if (DEBUG_DEXOPT) { Log.i(TAG, "Skipped optimizing " + skipped + " of " + total); } } } private ArraySet
getPackageNamesForIntent(Intent intent) { List
ris = null; try { ris = AppGlobals.getPackageManager().queryIntentReceivers( intent, null, 0, UserHandle.USER_OWNER); } catch (RemoteException e) { } ArraySet
pkgNames = new ArraySet
(); if (ris != null) { for (ResolveInfo ri : ris) { pkgNames.add(ri.activityInfo.packageName); } } return pkgNames; } private void performBootDexOpt(PackageParser.Package pkg, int curr, int total) { if (DEBUG_DEXOPT) { Log.i(TAG, "Optimizing app " + curr + " of " + total + ": " + pkg.packageName); } if (!isFirstBoot()) { try { ActivityManagerNative.getDefault().showBootMessage( mContext.getResources().getString(R.string.android_upgrading_apk, curr, total), true); } catch (RemoteException e) { } } PackageParser.Package p = pkg; synchronized (mInstallLock) { mPackageDexOptimizer.performDexOpt(p, null /* instruction sets */, false /* force dex */, false /* defer */, true /* include dependencies */, false /* boot complete */); } } @Override public boolean performDexOptIfNeeded(String packageName, String instructionSet) { return performDexOpt(packageName, instructionSet, false); } public boolean performDexOpt(String packageName, String instructionSet, boolean backgroundDexopt) { boolean dexopt = mLazyDexOpt || backgroundDexopt; boolean updateUsage = !backgroundDexopt; // Don't update usage if this is just a backgroundDexopt if (!dexopt && !updateUsage) { // We aren't going to dexopt or update usage, so bail early. return false; } PackageParser.Package p; final String targetInstructionSet; synchronized (mPackages) { p = mPackages.get(packageName); if (p == null) { return false; } if (updateUsage) { p.mLastPackageUsageTimeInMills = System.currentTimeMillis(); } mPackageUsage.write(false); if (!dexopt) { // We aren't going to dexopt, so bail early. return false; } targetInstructionSet = instructionSet != null ? instructionSet : getPrimaryInstructionSet(p.applicationInfo); if (p.mDexOptPerformed.contains(targetInstructionSet)) { return false; } } long callingId = Binder.clearCallingIdentity(); try { synchronized (mInstallLock) { final String[] instructionSets = new String[] { targetInstructionSet }; int result = mPackageDexOptimizer.performDexOpt(p, instructionSets, false /* forceDex */, false /* defer */, true /* inclDependencies */, true /* boot complete */); return result == PackageDexOptimizer.DEX_OPT_PERFORMED; } } finally { Binder.restoreCallingIdentity(callingId); } } public ArraySet
getPackagesThatNeedDexOpt() { ArraySet
pkgs = null; synchronized (mPackages) { for (PackageParser.Package p : mPackages.values()) { if (DEBUG_DEXOPT) { Log.i(TAG, p.packageName + " mDexOptPerformed=" + p.mDexOptPerformed.toArray()); } if (!p.mDexOptPerformed.isEmpty()) { continue; } if (pkgs == null) { pkgs = new ArraySet
(); } pkgs.add(p.packageName); } } return pkgs; } public void shutdown() { mPackageUsage.write(true); } @Override public void forceDexOpt(String packageName) { enforceSystemOrRoot("forceDexOpt"); PackageParser.Package pkg; synchronized (mPackages) { pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Missing package: " + packageName); } } synchronized (mInstallLock) { final String[] instructionSets = new String[] { getPrimaryInstructionSet(pkg.applicationInfo) }; final int res = mPackageDexOptimizer.performDexOpt(pkg, instructionSets, true /*forceDex*/, false /* defer */, true /* inclDependencies */, true /* boot complete */); if (res != PackageDexOptimizer.DEX_OPT_PERFORMED) { throw new IllegalStateException("Failed to dexopt: " + res); } } } private boolean verifyPackageUpdateLPr(PackageSetting oldPkg, PackageParser.Package newPkg) { if ((oldPkg.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) { Slog.w(TAG, "Unable to update from " + oldPkg.name + " to " + newPkg.packageName + ": old package not in system partition"); return false; } else if (mPackages.get(oldPkg.name) != null) { Slog.w(TAG, "Unable to update from " + oldPkg.name + " to " + newPkg.packageName + ": old package still exists"); return false; } return true; } private int createDataDirsLI(String volumeUuid, String packageName, int uid, String seinfo) { int[] users = sUserManager.getUserIds(); int res = mInstaller.install(volumeUuid, packageName, uid, uid, seinfo); if (res < 0) { return res; } for (int user : users) { if (user != 0) { res = mInstaller.createUserData(volumeUuid, packageName, UserHandle.getUid(user, uid), user, seinfo); if (res < 0) { return res; } } } return res; } private int removeDataDirsLI(String volumeUuid, String packageName) { int[] users = sUserManager.getUserIds(); int res = 0; for (int user : users) { int resInner = mInstaller.remove(volumeUuid, packageName, user); if (resInner < 0) { res = resInner; } } return res; } private int deleteCodeCacheDirsLI(String volumeUuid, String packageName) { int[] users = sUserManager.getUserIds(); int res = 0; for (int user : users) { int resInner = mInstaller.deleteCodeCacheFiles(volumeUuid, packageName, user); if (resInner < 0) { res = resInner; } } return res; } private void addSharedLibraryLPw(ArraySet
usesLibraryFiles, SharedLibraryEntry file, PackageParser.Package changingLib) { if (file.path != null) { usesLibraryFiles.add(file.path); return; } PackageParser.Package p = mPackages.get(file.apk); if (changingLib != null && changingLib.packageName.equals(file.apk)) { // If we are doing this while in the middle of updating a library apk, // then we need to make sure to use that new apk for determining the // dependencies here. (We haven't yet finished committing the new apk // to the package manager state.) if (p == null || p.packageName.equals(changingLib.packageName)) { p = changingLib; } } if (p != null) { usesLibraryFiles.addAll(p.getAllCodePaths()); } } private void updateSharedLibrariesLPw(PackageParser.Package pkg, PackageParser.Package changingLib) throws PackageManagerException { if (pkg.usesLibraries != null || pkg.usesOptionalLibraries != null) { final ArraySet
usesLibraryFiles = new ArraySet<>(); int N = pkg.usesLibraries != null ? pkg.usesLibraries.size() : 0; for (int i=0; i
0) { pkg.usesLibraryFiles = usesLibraryFiles.toArray(new String[N]); } else { pkg.usesLibraryFiles = null; } } } private static boolean hasString(List
list, List
which) { if (list == null) { return false; } for (int i=list.size()-1; i>=0; i--) { for (int j=which.size()-1; j>=0; j--) { if (which.get(j).equals(list.get(i))) { return true; } } } return false; } private void updateAllSharedLibrariesLPw() { for (PackageParser.Package pkg : mPackages.values()) { try { updateSharedLibrariesLPw(pkg, null); } catch (PackageManagerException e) { Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage()); } } } private ArrayList
updateAllSharedLibrariesLPw( PackageParser.Package changingPkg) { ArrayList
res = null; for (PackageParser.Package pkg : mPackages.values()) { if (hasString(pkg.usesLibraries, changingPkg.libraryNames) || hasString(pkg.usesOptionalLibraries, changingPkg.libraryNames)) { if (res == null) { res = new ArrayList
(); } res.add(pkg); try { updateSharedLibrariesLPw(pkg, changingPkg); } catch (PackageManagerException e) { Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage()); } } } return res; } /** * Derive the value of the {@code cpuAbiOverride} based on the provided * value and an optional stored value from the package settings. */ private static String deriveAbiOverride(String abiOverride, PackageSetting settings) { String cpuAbiOverride = null; if (NativeLibraryHelper.CLEAR_ABI_OVERRIDE.equals(abiOverride)) { cpuAbiOverride = null; } else if (abiOverride != null) { cpuAbiOverride = abiOverride; } else if (settings != null) { cpuAbiOverride = settings.cpuAbiOverrideString; } return cpuAbiOverride; } private PackageParser.Package scanPackageLI(PackageParser.Package pkg, int parseFlags, int scanFlags, long currentTime, UserHandle user) throws PackageManagerException { boolean success = false; try { final PackageParser.Package res = scanPackageDirtyLI(pkg, parseFlags, scanFlags, currentTime, user); success = true; return res; } finally { if (!success && (scanFlags & SCAN_DELETE_DATA_ON_FAILURES) != 0) { removeDataDirsLI(pkg.volumeUuid, pkg.packageName); } } } private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg, int parseFlags, int scanFlags, long currentTime, UserHandle user) throws PackageManagerException { final File scanFile = new File(pkg.codePath); if (pkg.applicationInfo.getCodePath() == null || pkg.applicationInfo.getResourcePath() == null) { // Bail out. The resource and code paths haven't been set. throw new PackageManagerException(INSTALL_FAILED_INVALID_APK, "Code and resource paths haven't been set correctly"); } if ((parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; } else { // Only allow system apps to be flagged as core apps. pkg.coreApp = false; } if ((parseFlags&PackageParser.PARSE_IS_PRIVILEGED) != 0) { pkg.applicationInfo.privateFlags |= ApplicationInfo.PRIVATE_FLAG_PRIVILEGED; } if (mCustomResolverComponentName != null && mCustomResolverComponentName.getPackageName().equals(pkg.packageName)) { setUpCustomResolverActivity(pkg); } if (pkg.packageName.equals("android")) { synchronized (mPackages) { if (mAndroidApplication != null) { Slog.w(TAG, "*************************************************"); Slog.w(TAG, "Core android package being redefined. Skipping."); Slog.w(TAG, " file=" + scanFile); Slog.w(TAG, "*************************************************"); throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, "Core android package being redefined. Skipping."); } // Set up information for our fall-back user intent resolution activity. mPlatformPackage = pkg; pkg.mVersionCode = mSdkVersion; mAndroidApplication = pkg.applicationInfo; if (!mResolverReplaced) { mResolveActivity.applicationInfo = mAndroidApplication; mResolveActivity.name = ResolverActivity.class.getName(); mResolveActivity.packageName = mAndroidApplication.packageName; mResolveActivity.processName = "system:ui"; mResolveActivity.launchMode = ActivityInfo.LAUNCH_MULTIPLE; mResolveActivity.documentLaunchMode = ActivityInfo.DOCUMENT_LAUNCH_NEVER; mResolveActivity.flags = ActivityInfo.FLAG_EXCLUDE_FROM_RECENTS; mResolveActivity.theme = R.style.Theme_Holo_Dialog_Alert; mResolveActivity.exported = true; mResolveActivity.enabled = true; mResolveInfo.activityInfo = mResolveActivity; mResolveInfo.priority = 0; mResolveInfo.preferredOrder = 0; mResolveInfo.match = 0; mResolveComponentName = new ComponentName( mAndroidApplication.packageName, mResolveActivity.name); } } } if (DEBUG_PACKAGE_SCANNING) { if ((parseFlags & PackageParser.PARSE_CHATTY) != 0) Log.d(TAG, "Scanning package " + pkg.packageName); } if (mPackages.containsKey(pkg.packageName) || mSharedLibraries.containsKey(pkg.packageName)) { throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, "Application package " + pkg.packageName + " already installed. Skipping duplicate."); } // If we're only installing presumed-existing packages, require that the // scanned APK is both already known and at the path previously established // for it. Previously unknown packages we pick up normally, but if we have an // a priori expectation about this package's install presence, enforce it. // With a singular exception for new system packages. When an OTA contains // a new system package, we allow the codepath to change from a system location // to the user-installed location. If we don't allow this change, any newer, // user-installed version of the application will be ignored. if ((scanFlags & SCAN_REQUIRE_KNOWN) != 0) { if (mExpectingBetter.containsKey(pkg.packageName)) { logCriticalInfo(Log.WARN, "Relax SCAN_REQUIRE_KNOWN requirement for package " + pkg.packageName); } else { PackageSetting known = mSettings.peekPackageLPr(pkg.packageName); if (known != null) { if (DEBUG_PACKAGE_SCANNING) { Log.d(TAG, "Examining " + pkg.codePath + " and requiring known paths " + known.codePathString + " & " + known.resourcePathString); } if (!pkg.applicationInfo.getCodePath().equals(known.codePathString) || !pkg.applicationInfo.getResourcePath().equals(known.resourcePathString)) { throw new PackageManagerException(INSTALL_FAILED_PACKAGE_CHANGED, "Application package " + pkg.packageName + " found at " + pkg.applicationInfo.getCodePath() + " but expected at " + known.codePathString + "; ignoring."); } } } } // Initialize package source and resource directories File destCodeFile = new File(pkg.applicationInfo.getCodePath()); File destResourceFile = new File(pkg.applicationInfo.getResourcePath()); SharedUserSetting suid = null; PackageSetting pkgSetting = null; if (!isSystemApp(pkg)) { // Only system apps can use these features. pkg.mOriginalPackages = null; pkg.mRealPackage = null; pkg.mAdoptPermissions = null; } // writer synchronized (mPackages) { if (pkg.mSharedUserId != null) { suid = mSettings.getSharedUserLPw(pkg.mSharedUserId, 0, 0, true); if (suid == null) { throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Creating application package " + pkg.packageName + " for shared user failed"); } if (DEBUG_PACKAGE_SCANNING) { if ((parseFlags & PackageParser.PARSE_CHATTY) != 0) Log.d(TAG, "Shared UserID " + pkg.mSharedUserId + " (uid=" + suid.userId + "): packages=" + suid.packages); } } // Check if we are renaming from an original package name. PackageSetting origPackage = null; String realName = null; if (pkg.mOriginalPackages != null) { // This package may need to be renamed to a previously // installed name. Let's check on that... final String renamed = mSettings.mRenamedPackages.get(pkg.mRealPackage); if (pkg.mOriginalPackages.contains(renamed)) { // This package had originally been installed as the // original name, and we have already taken care of // transitioning to the new one. Just update the new // one to continue using the old name. realName = pkg.mRealPackage; if (!pkg.packageName.equals(renamed)) { // Callers into this function may have already taken // care of renaming the package; only do it here if // it is not already done. pkg.setPackageName(renamed); } } else { for (int i=pkg.mOriginalPackages.size()-1; i>=0; i--) { if ((origPackage = mSettings.peekPackageLPr( pkg.mOriginalPackages.get(i))) != null) { // We do have the package already installed under its // original name... should we use it? if (!verifyPackageUpdateLPr(origPackage, pkg)) { // New package is not compatible with original. origPackage = null; continue; } else if (origPackage.sharedUser != null) { // Make sure uid is compatible between packages. if (!origPackage.sharedUser.name.equals(pkg.mSharedUserId)) { Slog.w(TAG, "Unable to migrate data from " + origPackage.name + " to " + pkg.packageName + ": old uid " + origPackage.sharedUser.name + " differs from " + pkg.mSharedUserId); origPackage = null; continue; } } else { if (DEBUG_UPGRADE) Log.v(TAG, "Renaming new package " + pkg.packageName + " to old name " + origPackage.name); } break; } } } } if (mTransferedPackages.contains(pkg.packageName)) { Slog.w(TAG, "Package " + pkg.packageName + " was transferred to another, but its .apk remains"); } // Just create the setting, don't add it yet. For already existing packages // the PkgSetting exists already and doesn't have to be created. pkgSetting = mSettings.getPackageLPw(pkg, origPackage, realName, suid, destCodeFile, destResourceFile, pkg.applicationInfo.nativeLibraryRootDir, pkg.applicationInfo.primaryCpuAbi, pkg.applicationInfo.secondaryCpuAbi, pkg.applicationInfo.flags, pkg.applicationInfo.privateFlags, user, false); if (pkgSetting == null) { throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Creating application package " + pkg.packageName + " failed"); } if (pkgSetting.origPackage != null) { // If we are first transitioning from an original package, // fix up the new package's name now. We need to do this after // looking up the package under its new name, so getPackageLP // can take care of fiddling things correctly. pkg.setPackageName(origPackage.name); // File a report about this. String msg = "New package " + pkgSetting.realName + " renamed to replace old package " + pkgSetting.name; reportSettingsProblem(Log.WARN, msg); // Make a note of it. mTransferedPackages.add(origPackage.name); // No longer need to retain this. pkgSetting.origPackage = null; } if (realName != null) { // Make a note of it. mTransferedPackages.add(pkg.packageName); } if (mSettings.isDisabledSystemPackageLPr(pkg.packageName)) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } if ((parseFlags&PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { // Check all shared libraries and map to their actual file path. // We only do this here for apps not on a system dir, because those // are the only ones that can fail an install due to this. We // will take care of the system apps by updating all of their // library paths after the scan is done. updateSharedLibrariesLPw(pkg, null); } if (mFoundPolicyFile) { SELinuxMMAC.assignSeinfoValue(pkg); } pkg.applicationInfo.uid = pkgSetting.appId; pkg.mExtras = pkgSetting; if (shouldCheckUpgradeKeySetLP(pkgSetting, scanFlags)) { if (checkUpgradeKeySetLP(pkgSetting, pkg)) { // We just determined the app is signed correctly, so bring // over the latest parsed certs. pkgSetting.signatures.mSignatures = pkg.mSignatures; } else { if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE, "Package " + pkg.packageName + " upgrade keys do not match the " + "previously installed version"); } else { pkgSetting.signatures.mSignatures = pkg.mSignatures; String msg = "System package " + pkg.packageName + " signature changed; retaining data."; reportSettingsProblem(Log.WARN, msg); } } } else { try { verifySignaturesLP(pkgSetting, pkg); // We just determined the app is signed correctly, so bring // over the latest parsed certs. pkgSetting.signatures.mSignatures = pkg.mSignatures; } catch (PackageManagerException e) { if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { throw e; } // The signature has changed, but this package is in the system // image... let's recover! pkgSetting.signatures.mSignatures = pkg.mSignatures; // However... if this package is part of a shared user, but it // doesn't match the signature of the shared user, let's fail. // What this means is that you can't change the signatures // associated with an overall shared user, which doesn't seem all // that unreasonable. if (pkgSetting.sharedUser != null) { if (compareSignatures(pkgSetting.sharedUser.signatures.mSignatures, pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { throw new PackageManagerException( INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES, "Signature mismatch for shared user : " + pkgSetting.sharedUser); } } // File a report about this. String msg = "System package " + pkg.packageName + " signature changed; retaining data."; reportSettingsProblem(Log.WARN, msg); } } // Verify that this new package doesn't have any content providers // that conflict with existing packages. Only do this if the // package isn't already installed, since we don't want to break // things that are installed. if ((scanFlags & SCAN_NEW_INSTALL) != 0) { final int N = pkg.providers.size(); int i; for (i=0; i
= 0; i--) { final String origName = pkg.mAdoptPermissions.get(i); final PackageSetting orig = mSettings.peekPackageLPr(origName); if (orig != null) { if (verifyPackageUpdateLPr(orig, pkg)) { Slog.i(TAG, "Adopting permissions from " + origName + " to " + pkg.packageName); mSettings.transferPermissionsLPw(origName, pkg.packageName); } } } } } final String pkgName = pkg.packageName; final long scanFileTime = scanFile.lastModified(); final boolean forceDex = (scanFlags & SCAN_FORCE_DEX) != 0; pkg.applicationInfo.processName = fixProcessName( pkg.applicationInfo.packageName, pkg.applicationInfo.processName, pkg.applicationInfo.uid); File dataPath; if (mPlatformPackage == pkg) { // The system package is special. dataPath = new File(Environment.getDataDirectory(), "system"); pkg.applicationInfo.dataDir = dataPath.getPath(); } else { // This is a normal package, need to make its data directory. dataPath = Environment.getDataUserPackageDirectory(pkg.volumeUuid, UserHandle.USER_OWNER, pkg.packageName); boolean uidError = false; if (dataPath.exists()) { int currentUid = 0; try { StructStat stat = Os.stat(dataPath.getPath()); currentUid = stat.st_uid; } catch (ErrnoException e) { Slog.e(TAG, "Couldn't stat path " + dataPath.getPath(), e); } // If we have mismatched owners for the data path, we have a problem. if (currentUid != pkg.applicationInfo.uid) { boolean recovered = false; if (currentUid == 0) { // The directory somehow became owned by root. Wow. // This is probably because the system was stopped while // installd was in the middle of messing with its libs // directory. Ask installd to fix that. int ret = mInstaller.fixUid(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.uid); if (ret >= 0) { recovered = true; String msg = "Package " + pkg.packageName + " unexpectedly changed to uid 0; recovered to " + + pkg.applicationInfo.uid; reportSettingsProblem(Log.WARN, msg); } } if (!recovered && ((parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0 || (scanFlags&SCAN_BOOTING) != 0)) { // If this is a system app, we can at least delete its // current data so the application will still work. int ret = removeDataDirsLI(pkg.volumeUuid, pkgName); if (ret >= 0) { // TODO: Kill the processes first // Old data gone! String prefix = (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0 ? "System package " : "Third party package "; String msg = prefix + pkg.packageName + " has changed from uid: " + currentUid + " to " + pkg.applicationInfo.uid + "; old data erased"; reportSettingsProblem(Log.WARN, msg); recovered = true; // And now re-install the app. ret = createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.seinfo); if (ret == -1) { // Ack should not happen! msg = prefix + pkg.packageName + " could not have data directory re-created after delete."; reportSettingsProblem(Log.WARN, msg); throw new PackageManagerException( INSTALL_FAILED_INSUFFICIENT_STORAGE, msg); } } if (!recovered) { mHasSystemUidErrors = true; } } else if (!recovered) { // If we allow this install to proceed, we will be broken. // Abort, abort! throw new PackageManagerException(INSTALL_FAILED_UID_CHANGED, "scanPackageLI"); } if (!recovered) { pkg.applicationInfo.dataDir = "/mismatched_uid/settings_" + pkg.applicationInfo.uid + "/fs_" + currentUid; pkg.applicationInfo.nativeLibraryDir = pkg.applicationInfo.dataDir; pkg.applicationInfo.nativeLibraryRootDir = pkg.applicationInfo.dataDir; String msg = "Package " + pkg.packageName + " has mismatched uid: " + currentUid + " on disk, " + pkg.applicationInfo.uid + " in settings"; // writer synchronized (mPackages) { mSettings.mReadMessages.append(msg); mSettings.mReadMessages.append('\n'); uidError = true; if (!pkgSetting.uidError) { reportSettingsProblem(Log.ERROR, msg); } } } } pkg.applicationInfo.dataDir = dataPath.getPath(); if (mShouldRestoreconData) { Slog.i(TAG, "SELinux relabeling of " + pkg.packageName + " issued."); mInstaller.restoreconData(pkg.volumeUuid, pkg.packageName, pkg.applicationInfo.seinfo, pkg.applicationInfo.uid); } } else { if (DEBUG_PACKAGE_SCANNING) { if ((parseFlags & PackageParser.PARSE_CHATTY) != 0) Log.v(TAG, "Want this data dir: " + dataPath); } //invoke installer to do the actual installation int ret = createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.seinfo); if (ret < 0) { // Error from installer throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Unable to create data dirs [errorCode=" + ret + "]"); } if (dataPath.exists()) { pkg.applicationInfo.dataDir = dataPath.getPath(); } else { Slog.w(TAG, "Unable to create data directory: " + dataPath); pkg.applicationInfo.dataDir = null; } } pkgSetting.uidError = uidError; } final String path = scanFile.getPath(); final String cpuAbiOverride = deriveAbiOverride(pkg.cpuAbiOverride, pkgSetting); if ((scanFlags & SCAN_NEW_INSTALL) == 0) { derivePackageAbi(pkg, scanFile, cpuAbiOverride, true /* extract libs */); // Some system apps still use directory structure for native libraries // in which case we might end up not detecting abi solely based on apk // structure. Try to detect abi based on directory structure. if (isSystemApp(pkg) && !pkg.isUpdatedSystemApp() && pkg.applicationInfo.primaryCpuAbi == null) { setBundledAppAbisAndRoots(pkg, pkgSetting); setNativeLibraryPaths(pkg); } } else { if ((scanFlags & SCAN_MOVE) != 0) { // We haven't run dex-opt for this move (since we've moved the compiled output too) // but we already have this packages package info in the PackageSetting. We just // use that and derive the native library path based on the new codepath. pkg.applicationInfo.primaryCpuAbi = pkgSetting.primaryCpuAbiString; pkg.applicationInfo.secondaryCpuAbi = pkgSetting.secondaryCpuAbiString; } // Set native library paths again. For moves, the path will be updated based on the // ABIs we've determined above. For non-moves, the path will be updated based on the // ABIs we determined during compilation, but the path will depend on the final // package path (after the rename away from the stage path). setNativeLibraryPaths(pkg); } if (DEBUG_INSTALL) Slog.i(TAG, "Linking native library dir for " + path); final int[] userIds = sUserManager.getUserIds(); synchronized (mInstallLock) { // Make sure all user data directories are ready to roll; we're okay // if they already exist if (!TextUtils.isEmpty(pkg.volumeUuid)) { for (int userId : userIds) { if (userId != 0) { mInstaller.createUserData(pkg.volumeUuid, pkg.packageName, UserHandle.getUid(userId, pkg.applicationInfo.uid), userId, pkg.applicationInfo.seinfo); } } } // Create a native library symlink only if we have native libraries // and if the native libraries are 32 bit libraries. We do not provide // this symlink for 64 bit libraries. if (pkg.applicationInfo.primaryCpuAbi != null && !VMRuntime.is64BitAbi(pkg.applicationInfo.primaryCpuAbi)) { final String nativeLibPath = pkg.applicationInfo.nativeLibraryDir; for (int userId : userIds) { if (mInstaller.linkNativeLibraryDirectory(pkg.volumeUuid, pkg.packageName, nativeLibPath, userId) < 0) { throw new PackageManagerException(INSTALL_FAILED_INTERNAL_ERROR, "Failed linking native library dir (user=" + userId + ")"); } } } } // This is a special case for the "system" package, where the ABI is // dictated by the zygote configuration (and init.rc). We should keep track // of this ABI so that we can deal with "normal" applications that run under // the same UID correctly. if (mPlatformPackage == pkg) { pkg.applicationInfo.primaryCpuAbi = VMRuntime.getRuntime().is64Bit() ? Build.SUPPORTED_64_BIT_ABIS[0] : Build.SUPPORTED_32_BIT_ABIS[0]; } // If there's a mismatch between the abi-override in the package setting // and the abiOverride specified for the install. Warn about this because we // would've already compiled the app without taking the package setting into // account. if ((scanFlags & SCAN_NO_DEX) == 0 && (scanFlags & SCAN_NEW_INSTALL) != 0) { if (cpuAbiOverride == null && pkgSetting.cpuAbiOverrideString != null) { Slog.w(TAG, "Ignoring persisted ABI override " + cpuAbiOverride + " for package: " + pkg.packageName); } } pkgSetting.primaryCpuAbiString = pkg.applicationInfo.primaryCpuAbi; pkgSetting.secondaryCpuAbiString = pkg.applicationInfo.secondaryCpuAbi; pkgSetting.cpuAbiOverrideString = cpuAbiOverride; // Copy the derived override back to the parsed package, so that we can // update the package settings accordingly. pkg.cpuAbiOverride = cpuAbiOverride; if (DEBUG_ABI_SELECTION) { Slog.d(TAG, "Resolved nativeLibraryRoot for " + pkg.applicationInfo.packageName + " to root=" + pkg.applicationInfo.nativeLibraryRootDir + ", isa=" + pkg.applicationInfo.nativeLibraryRootRequiresIsa); } // Push the derived path down into PackageSettings so we know what to // clean up at uninstall time. pkgSetting.legacyNativeLibraryPathString = pkg.applicationInfo.nativeLibraryRootDir; if (DEBUG_ABI_SELECTION) { Log.d(TAG, "Abis for package[" + pkg.packageName + "] are" + " primary=" + pkg.applicationInfo.primaryCpuAbi + " secondary=" + pkg.applicationInfo.secondaryCpuAbi); } if ((scanFlags&SCAN_BOOTING) == 0 && pkgSetting.sharedUser != null) { // We don't do this here during boot because we can do it all // at once after scanning all existing packages. // // We also do this *before* we perform dexopt on this package, so that // we can avoid redundant dexopts, and also to make sure we've got the // code and package path correct. adjustCpuAbisForSharedUserLPw(pkgSetting.sharedUser.packages, pkg, forceDex, (scanFlags & SCAN_DEFER_DEX) != 0, true /* boot complete */); } if ((scanFlags & SCAN_NO_DEX) == 0) { int result = mPackageDexOptimizer.performDexOpt(pkg, null /* instruction sets */, forceDex, (scanFlags & SCAN_DEFER_DEX) != 0, false /* inclDependencies */, (scanFlags & SCAN_BOOTING) == 0); if (result == PackageDexOptimizer.DEX_OPT_FAILED) { throw new PackageManagerException(INSTALL_FAILED_DEXOPT, "scanPackageLI"); } } if (mFactoryTest && pkg.requestedPermissions.contains( android.Manifest.permission.FACTORY_TEST)) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_FACTORY_TEST; } ArrayList
clientLibPkgs = null; // writer synchronized (mPackages) { if ((pkg.applicationInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) { // Only system apps can add new shared libraries. if (pkg.libraryNames != null) { for (int i=0; i
iter = mSettings.mPackagesToBeCleaned.iterator(); while (iter.hasNext()) { PackageCleanItem item = iter.next(); if (pkgName.equals(item.packageName)) { iter.remove(); } } // Take care of first install / last update times. if (currentTime != 0) { if (pkgSetting.firstInstallTime == 0) { pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = currentTime; } else if ((scanFlags&SCAN_UPDATE_TIME) != 0) { pkgSetting.lastUpdateTime = currentTime; } } else if (pkgSetting.firstInstallTime == 0) { // We need *something*. Take time time stamp of the file. pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = scanFileTime; } else if ((parseFlags&PackageParser.PARSE_IS_SYSTEM_DIR) != 0) { if (scanFileTime != pkgSetting.timeStamp) { // A package on the system image has changed; consider this // to be an update. pkgSetting.lastUpdateTime = scanFileTime; } } // Add the package's KeySets to the global KeySetManagerService ksms.addScannedPackageLPw(pkg); int N = pkg.providers.size(); StringBuilder r = null; int i; for (i=0; i
Build.VERSION_CODES.LOLLIPOP_MR1) { p.group = mPermissionGroups.get(p.info.group); // Warn for a permission in an unknown group. if (p.info.group != null && p.group == null) { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " in an unknown group " + p.info.group); } } ArrayMap
permissionMap = p.tree ? mSettings.mPermissionTrees : mSettings.mPermissions; BasePermission bp = permissionMap.get(p.info.name); // Allow system apps to redefine non-system permissions if (bp != null && !Objects.equals(bp.sourcePackage, p.info.packageName)) { final boolean currentOwnerIsSystem = (bp.perm != null && isSystemApp(bp.perm.owner)); if (isSystemApp(p.owner)) { if (bp.type == BasePermission.TYPE_BUILTIN && bp.perm == null) { // It's a built-in permission and no owner, take ownership now bp.packageSetting = pkgSetting; bp.perm = p; bp.uid = pkg.applicationInfo.uid; bp.sourcePackage = p.info.packageName; p.info.flags |= PermissionInfo.FLAG_INSTALLED; } else if (!currentOwnerIsSystem) { String msg = "New decl " + p.owner + " of permission " + p.info.name + " is system; overriding " + bp.sourcePackage; reportSettingsProblem(Log.WARN, msg); bp = null; } } } if (bp == null) { bp = new BasePermission(p.info.name, p.info.packageName, BasePermission.TYPE_NORMAL); permissionMap.put(p.info.name, bp); } if (bp.perm == null) { if (bp.sourcePackage == null || bp.sourcePackage.equals(p.info.packageName)) { BasePermission tree = findPermissionTreeLP(p.info.name); if (tree == null || tree.sourcePackage.equals(p.info.packageName)) { bp.packageSetting = pkgSetting; bp.perm = p; bp.uid = pkg.applicationInfo.uid; bp.sourcePackage = p.info.packageName; p.info.flags |= PermissionInfo.FLAG_INSTALLED; if ((parseFlags&PackageParser.PARSE_CHATTY) != 0) { if (r == null) { r = new StringBuilder(256); } else { r.append(' '); } r.append(p.info.name); } } else { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " ignored: base tree " + tree.name + " is from package " + tree.sourcePackage); } } else { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " ignored: original from " + bp.sourcePackage); } } else if ((parseFlags&PackageParser.PARSE_CHATTY) != 0) { if (r == null) { r = new StringBuilder(256); } else { r.append(' '); } r.append("DUP:"); r.append(p.info.name); } if (bp.perm == p) { bp.protectionLevel = p.info.protectionLevel; } } if (r != null) { if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Permissions: " + r); } N = pkg.instrumentation.size(); r = null; for (i=0; i
()); } ArrayMap
map = mOverlays.get(pkg.mOverlayTarget); map.put(pkg.packageName, pkg); PackageParser.Package orig = mPackages.get(pkg.mOverlayTarget); if (orig != null && !createIdmapForPackagePairLI(orig, pkg)) { throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE, "scanPackageLI failed to createIdmap"); } } } else if (mOverlays.containsKey(pkg.packageName) && !pkg.packageName.equals("android")) { // This is a regular package, with one or more known overlay packages. createIdmapsForPackageLI(pkg); } } return pkg; } /** * Derive the ABI of a non-system package located at {@code scanFile}. This information * is derived purely on the basis of the contents of {@code scanFile} and * {@code cpuAbiOverride}. * * If {@code extractLibs} is true, native libraries are extracted from the app if required. */ public void derivePackageAbi(PackageParser.Package pkg, File scanFile, String cpuAbiOverride, boolean extractLibs) throws PackageManagerException { // TODO: We can probably be smarter about this stuff. For installed apps, // we can calculate this information at install time once and for all. For // system apps, we can probably assume that this information doesn't change // after the first boot scan. As things stand, we do lots of unnecessary work. // Give ourselves some initial paths; we'll come back for another // pass once we've determined ABI below. setNativeLibraryPaths(pkg); // We would never need to extract libs for forward-locked and external packages, // since the container service will do it for us. We shouldn't attempt to // extract libs from system app when it was not updated. if (pkg.isForwardLocked() || pkg.applicationInfo.isExternalAsec() || (isSystemApp(pkg) && !pkg.isUpdatedSystemApp())) { extractLibs = false; } final String nativeLibraryRootStr = pkg.applicationInfo.nativeLibraryRootDir; final boolean useIsaSpecificSubdirs = pkg.applicationInfo.nativeLibraryRootRequiresIsa; NativeLibraryHelper.Handle handle = null; try { handle = NativeLibraryHelper.Handle.create(scanFile); // TODO(multiArch): This can be null for apps that didn't go through the // usual installation process. We can calculate it again, like we // do during install time. // // TODO(multiArch): Why do we need to rescan ASEC apps again ? It seems totally // unnecessary. final File nativeLibraryRoot = new File(nativeLibraryRootStr); // Null out the abis so that they can be recalculated. pkg.applicationInfo.primaryCpuAbi = null; pkg.applicationInfo.secondaryCpuAbi = null; if (isMultiArch(pkg.applicationInfo)) { // Warn if we've set an abiOverride for multi-lib packages.. // By definition, we need to copy both 32 and 64 bit libraries for // such packages. if (pkg.cpuAbiOverride != null && !NativeLibraryHelper.CLEAR_ABI_OVERRIDE.equals(pkg.cpuAbiOverride)) { Slog.w(TAG, "Ignoring abiOverride for multi arch application."); } int abi32 = PackageManager.NO_NATIVE_LIBRARIES; int abi64 = PackageManager.NO_NATIVE_LIBRARIES; if (Build.SUPPORTED_32_BIT_ABIS.length > 0) { if (extractLibs) { abi32 = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, nativeLibraryRoot, Build.SUPPORTED_32_BIT_ABIS, useIsaSpecificSubdirs); } else { abi32 = NativeLibraryHelper.findSupportedAbi(handle, Build.SUPPORTED_32_BIT_ABIS); } } maybeThrowExceptionForMultiArchCopy( "Error unpackaging 32 bit native libs for multiarch app.", abi32); if (Build.SUPPORTED_64_BIT_ABIS.length > 0) { if (extractLibs) { abi64 = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, nativeLibraryRoot, Build.SUPPORTED_64_BIT_ABIS, useIsaSpecificSubdirs); } else { abi64 = NativeLibraryHelper.findSupportedAbi(handle, Build.SUPPORTED_64_BIT_ABIS); } } maybeThrowExceptionForMultiArchCopy( "Error unpackaging 64 bit native libs for multiarch app.", abi64); if (abi64 >= 0) { pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[abi64]; } if (abi32 >= 0) { final String abi = Build.SUPPORTED_32_BIT_ABIS[abi32]; if (abi64 >= 0) { pkg.applicationInfo.secondaryCpuAbi = abi; } else { pkg.applicationInfo.primaryCpuAbi = abi; } } } else { String[] abiList = (cpuAbiOverride != null) ? new String[] { cpuAbiOverride } : Build.SUPPORTED_ABIS; // Enable gross and lame hacks for apps that are built with old // SDK tools. We must scan their APKs for renderscript bitcode and // not launch them if it's present. Don't bother checking on devices // that don't have 64 bit support. boolean needsRenderScriptOverride = false; if (Build.SUPPORTED_64_BIT_ABIS.length > 0 && cpuAbiOverride == null && NativeLibraryHelper.hasRenderscriptBitcode(handle)) { abiList = Build.SUPPORTED_32_BIT_ABIS; needsRenderScriptOverride = true; } final int copyRet; if (extractLibs) { copyRet = NativeLibraryHelper.copyNativeBinariesForSupportedAbi(handle, nativeLibraryRoot, abiList, useIsaSpecificSubdirs); } else { copyRet = NativeLibraryHelper.findSupportedAbi(handle, abiList); } if (copyRet < 0 && copyRet != PackageManager.NO_NATIVE_LIBRARIES) { throw new PackageManagerException(INSTALL_FAILED_INTERNAL_ERROR, "Error unpackaging native libs for app, errorCode=" + copyRet); } if (copyRet >= 0) { pkg.applicationInfo.primaryCpuAbi = abiList[copyRet]; } else if (copyRet == PackageManager.NO_NATIVE_LIBRARIES && cpuAbiOverride != null) { pkg.applicationInfo.primaryCpuAbi = cpuAbiOverride; } else if (needsRenderScriptOverride) { pkg.applicationInfo.primaryCpuAbi = abiList[0]; } } } catch (IOException ioe) { Slog.e(TAG, "Unable to get canonical file " + ioe.toString()); } finally { IoUtils.closeQuietly(handle); } // Now that we've calculated the ABIs and determined if it's an internal app, // we will go ahead and populate the nativeLibraryPath. setNativeLibraryPaths(pkg); } /** * Adjusts ABIs for a set of packages belonging to a shared user so that they all match. * i.e, so that all packages can be run inside a single process if required. * * Optionally, callers can pass in a parsed package via {@code newPackage} in which case * this function will either try and make the ABI for all packages in {@code packagesForUser} * match {@code scannedPackage} or will update the ABI of {@code scannedPackage} to match * the ABI selected for {@code packagesForUser}. This variant is used when installing or * updating a package that belongs to a shared user. * * NOTE: We currently only match for the primary CPU abi string. Matching the secondary * adds unnecessary complexity. */ private void adjustCpuAbisForSharedUserLPw(Set
packagesForUser, PackageParser.Package scannedPackage, boolean forceDexOpt, boolean deferDexOpt, boolean bootComplete) { String requiredInstructionSet = null; if (scannedPackage != null && scannedPackage.applicationInfo.primaryCpuAbi != null) { requiredInstructionSet = VMRuntime.getInstructionSet( scannedPackage.applicationInfo.primaryCpuAbi); } PackageSetting requirer = null; for (PackageSetting ps : packagesForUser) { // If packagesForUser contains scannedPackage, we skip it. This will happen // when scannedPackage is an update of an existing package. Without this check, // we will never be able to change the ABI of any package belonging to a shared // user, even if it's compatible with other packages. if (scannedPackage == null || !scannedPackage.packageName.equals(ps.name)) { if (ps.primaryCpuAbiString == null) { continue; } final String instructionSet = VMRuntime.getInstructionSet(ps.primaryCpuAbiString); if (requiredInstructionSet != null && !instructionSet.equals(requiredInstructionSet)) { // We have a mismatch between instruction sets (say arm vs arm64) warn about // this but there's not much we can do. String errorMessage = "Instruction set mismatch, " + ((requirer == null) ? "[caller]" : requirer) + " requires " + requiredInstructionSet + " whereas " + ps + " requires " + instructionSet; Slog.w(TAG, errorMessage); } if (requiredInstructionSet == null) { requiredInstructionSet = instructionSet; requirer = ps; } } } if (requiredInstructionSet != null) { String adjustedAbi; if (requirer != null) { // requirer != null implies that either scannedPackage was null or that scannedPackage // did not require an ABI, in which case we have to adjust scannedPackage to match // the ABI of the set (which is the same as requirer's ABI) adjustedAbi = requirer.primaryCpuAbiString; if (scannedPackage != null) { scannedPackage.applicationInfo.primaryCpuAbi = adjustedAbi; } } else { // requirer == null implies that we're updating all ABIs in the set to // match scannedPackage. adjustedAbi = scannedPackage.applicationInfo.primaryCpuAbi; } for (PackageSetting ps : packagesForUser) { if (scannedPackage == null || !scannedPackage.packageName.equals(ps.name)) { if (ps.primaryCpuAbiString != null) { continue; } ps.primaryCpuAbiString = adjustedAbi; if (ps.pkg != null && ps.pkg.applicationInfo != null) { ps.pkg.applicationInfo.primaryCpuAbi = adjustedAbi; Slog.i(TAG, "Adjusting ABI for : " + ps.name + " to " + adjustedAbi); int result = mPackageDexOptimizer.performDexOpt(ps.pkg, null /* instruction sets */, forceDexOpt, deferDexOpt, true, bootComplete); if (result == PackageDexOptimizer.DEX_OPT_FAILED) { ps.primaryCpuAbiString = null; ps.pkg.applicationInfo.primaryCpuAbi = null; return; } else { mInstaller.rmdex(ps.codePathString, getDexCodeInstructionSet(getPreferredInstructionSet())); } } } } } } private void setUpCustomResolverActivity(PackageParser.Package pkg) { synchronized (mPackages) { mResolverReplaced = true; // Set up information for custom user intent resolution activity. mResolveActivity.applicationInfo = pkg.applicationInfo; mResolveActivity.name = mCustomResolverComponentName.getClassName(); mResolveActivity.packageName = pkg.applicationInfo.packageName; mResolveActivity.processName = pkg.applicationInfo.packageName; mResolveActivity.launchMode = ActivityInfo.LAUNCH_MULTIPLE; mResolveActivity.flags = ActivityInfo.FLAG_EXCLUDE_FROM_RECENTS | ActivityInfo.FLAG_FINISH_ON_CLOSE_SYSTEM_DIALOGS; mResolveActivity.theme = 0; mResolveActivity.exported = true; mResolveActivity.enabled = true; mResolveInfo.activityInfo = mResolveActivity; mResolveInfo.priority = 0; mResolveInfo.preferredOrder = 0; mResolveInfo.match = 0; mResolveComponentName = mCustomResolverComponentName; Slog.i(TAG, "Replacing default ResolverActivity with custom activity: " + mResolveComponentName); } } private static String calculateBundledApkRoot(final String codePathString) { final File codePath = new File(codePathString); final File codeRoot; if (FileUtils.contains(Environment.getRootDirectory(), codePath)) { codeRoot = Environment.getRootDirectory(); } else if (FileUtils.contains(Environment.getOemDirectory(), codePath)) { codeRoot = Environment.getOemDirectory(); } else if (FileUtils.contains(Environment.getVendorDirectory(), codePath)) { codeRoot = Environment.getVendorDirectory(); } else { // Unrecognized code path; take its top real segment as the apk root: // e.g. /something/app/blah.apk => /something try { File f = codePath.getCanonicalFile(); File parent = f.getParentFile(); // non-null because codePath is a file File tmp; while ((tmp = parent.getParentFile()) != null) { f = parent; parent = tmp; } codeRoot = f; Slog.w(TAG, "Unrecognized code path " + codePath + " - using " + codeRoot); } catch (IOException e) { // Can't canonicalize the code path -- shenanigans? Slog.w(TAG, "Can't canonicalize code path " + codePath); return Environment.getRootDirectory().getPath(); } } return codeRoot.getPath(); } /** * Derive and set the location of native libraries for the given package, * which varies depending on where and how the package was installed. */ private void setNativeLibraryPaths(PackageParser.Package pkg) { final ApplicationInfo info = pkg.applicationInfo; final String codePath = pkg.codePath; final File codeFile = new File(codePath); final boolean bundledApp = info.isSystemApp() && !info.isUpdatedSystemApp(); final boolean asecApp = info.isForwardLocked() || info.isExternalAsec(); info.nativeLibraryRootDir = null; info.nativeLibraryRootRequiresIsa = false; info.nativeLibraryDir = null; info.secondaryNativeLibraryDir = null; if (isApkFile(codeFile)) { // Monolithic install if (bundledApp) { // If "/system/lib64/apkname" exists, assume that is the per-package // native library directory to use; otherwise use "/system/lib/apkname". final String apkRoot = calculateBundledApkRoot(info.sourceDir); final boolean is64Bit = VMRuntime.is64BitInstructionSet( getPrimaryInstructionSet(info)); // This is a bundled system app so choose the path based on the ABI. // if it's a 64 bit abi, use lib64 otherwise use lib32. Note that this // is just the default path. final String apkName = deriveCodePathName(codePath); final String libDir = is64Bit ? LIB64_DIR_NAME : LIB_DIR_NAME; info.nativeLibraryRootDir = Environment.buildPath(new File(apkRoot), libDir, apkName).getAbsolutePath(); if (info.secondaryCpuAbi != null) { final String secondaryLibDir = is64Bit ? LIB_DIR_NAME : LIB64_DIR_NAME; info.secondaryNativeLibraryDir = Environment.buildPath(new File(apkRoot), secondaryLibDir, apkName).getAbsolutePath(); } } else if (asecApp) { info.nativeLibraryRootDir = new File(codeFile.getParentFile(), LIB_DIR_NAME) .getAbsolutePath(); } else { final String apkName = deriveCodePathName(codePath); info.nativeLibraryRootDir = new File(mAppLib32InstallDir, apkName) .getAbsolutePath(); } info.nativeLibraryRootRequiresIsa = false; info.nativeLibraryDir = info.nativeLibraryRootDir; } else { // Cluster install info.nativeLibraryRootDir = new File(codeFile, LIB_DIR_NAME).getAbsolutePath(); info.nativeLibraryRootRequiresIsa = true; info.nativeLibraryDir = new File(info.nativeLibraryRootDir, getPrimaryInstructionSet(info)).getAbsolutePath(); if (info.secondaryCpuAbi != null) { info.secondaryNativeLibraryDir = new File(info.nativeLibraryRootDir, VMRuntime.getInstructionSet(info.secondaryCpuAbi)).getAbsolutePath(); } } } /** * Calculate the abis and roots for a bundled app. These can uniquely * be determined from the contents of the system partition, i.e whether * it contains 64 or 32 bit shared libraries etc. We do not validate any * of this information, and instead assume that the system was built * sensibly. */ private void setBundledAppAbisAndRoots(PackageParser.Package pkg, PackageSetting pkgSetting) { final String apkName = deriveCodePathName(pkg.applicationInfo.getCodePath()); // If "/system/lib64/apkname" exists, assume that is the per-package // native library directory to use; otherwise use "/system/lib/apkname". final String apkRoot = calculateBundledApkRoot(pkg.applicationInfo.sourceDir); setBundledAppAbi(pkg, apkRoot, apkName); // pkgSetting might be null during rescan following uninstall of updates // to a bundled app, so accommodate that possibility. The settings in // that case will be established later from the parsed package. // // If the settings aren't null, sync them up with what we've just derived. // note that apkRoot isn't stored in the package settings. if (pkgSetting != null) { pkgSetting.primaryCpuAbiString = pkg.applicationInfo.primaryCpuAbi; pkgSetting.secondaryCpuAbiString = pkg.applicationInfo.secondaryCpuAbi; } } /** * Deduces the ABI of a bundled app and sets the relevant fields on the * parsed pkg object. * * @param apkRoot the root of the installed apk, something like {@code /system} or {@code /oem} * under which system libraries are installed. * @param apkName the name of the installed package. */ private static void setBundledAppAbi(PackageParser.Package pkg, String apkRoot, String apkName) { final File codeFile = new File(pkg.codePath); final boolean has64BitLibs; final boolean has32BitLibs; if (isApkFile(codeFile)) { // Monolithic install has64BitLibs = (new File(apkRoot, new File(LIB64_DIR_NAME, apkName).getPath())).exists(); has32BitLibs = (new File(apkRoot, new File(LIB_DIR_NAME, apkName).getPath())).exists(); } else { // Cluster install final File rootDir = new File(codeFile, LIB_DIR_NAME); if (!ArrayUtils.isEmpty(Build.SUPPORTED_64_BIT_ABIS) && !TextUtils.isEmpty(Build.SUPPORTED_64_BIT_ABIS[0])) { final String isa = VMRuntime.getInstructionSet(Build.SUPPORTED_64_BIT_ABIS[0]); has64BitLibs = (new File(rootDir, isa)).exists(); } else { has64BitLibs = false; } if (!ArrayUtils.isEmpty(Build.SUPPORTED_32_BIT_ABIS) && !TextUtils.isEmpty(Build.SUPPORTED_32_BIT_ABIS[0])) { final String isa = VMRuntime.getInstructionSet(Build.SUPPORTED_32_BIT_ABIS[0]); has32BitLibs = (new File(rootDir, isa)).exists(); } else { has32BitLibs = false; } } if (has64BitLibs && !has32BitLibs) { // The package has 64 bit libs, but not 32 bit libs. Its primary // ABI should be 64 bit. We can safely assume here that the bundled // native libraries correspond to the most preferred ABI in the list. pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; pkg.applicationInfo.secondaryCpuAbi = null; } else if (has32BitLibs && !has64BitLibs) { // The package has 32 bit libs but not 64 bit libs. Its primary // ABI should be 32 bit. pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; pkg.applicationInfo.secondaryCpuAbi = null; } else if (has32BitLibs && has64BitLibs) { // The application has both 64 and 32 bit bundled libraries. We check // here that the app declares multiArch support, and warn if it doesn't. // // We will be lenient here and record both ABIs. The primary will be the // ABI that's higher on the list, i.e, a device that's configured to prefer // 64 bit apps will see a 64 bit primary ABI, if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_MULTIARCH) == 0) { Slog.e(TAG, "Package: " + pkg + " has multiple bundled libs, but is not multiarch."); } if (VMRuntime.is64BitInstructionSet(getPreferredInstructionSet())) { pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; pkg.applicationInfo.secondaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; } else { pkg.applicationInfo.primaryCpuAbi = Build.SUPPORTED_32_BIT_ABIS[0]; pkg.applicationInfo.secondaryCpuAbi = Build.SUPPORTED_64_BIT_ABIS[0]; } } else { pkg.applicationInfo.primaryCpuAbi = null; pkg.applicationInfo.secondaryCpuAbi = null; } } private void killApplication(String pkgName, int appId, String reason) { // Request the ActivityManager to kill the process(only for existing packages) // so that we do not end up in a confused state while the user is still using the older // version of the application while the new one gets installed. IActivityManager am = ActivityManagerNative.getDefault(); if (am != null) { try { am.killApplicationWithAppId(pkgName, appId, reason); } catch (RemoteException e) { } } } void removePackageLI(PackageSetting ps, boolean chatty) { if (DEBUG_INSTALL) { if (chatty) Log.d(TAG, "Removing package " + ps.name); } // writer synchronized (mPackages) { mPackages.remove(ps.name); final PackageParser.Package pkg = ps.pkg; if (pkg != null) { cleanPackageDataStructuresLILPw(pkg, chatty); } } } void removeInstalledPackageLI(PackageParser.Package pkg, boolean chatty) { if (DEBUG_INSTALL) { if (chatty) Log.d(TAG, "Removing package " + pkg.applicationInfo.packageName); } // writer synchronized (mPackages) { mPackages.remove(pkg.applicationInfo.packageName); cleanPackageDataStructuresLILPw(pkg, chatty); } } void cleanPackageDataStructuresLILPw(PackageParser.Package pkg, boolean chatty) { int N = pkg.providers.size(); StringBuilder r = null; int i; for (i=0; i
appOpPerms = mAppOpPermissionPackages.get(p.info.name); if (appOpPerms != null) { appOpPerms.remove(pkg.packageName); } } } if (r != null) { if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); } N = pkg.requestedPermissions.size(); r = null; for (i=0; i
appOpPerms = mAppOpPermissionPackages.get(perm); if (appOpPerms != null) { appOpPerms.remove(pkg.packageName); if (appOpPerms.isEmpty()) { mAppOpPermissionPackages.remove(perm); } } } } if (r != null) { if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); } N = pkg.instrumentation.size(); r = null; for (i=0; i
=0; i--) { if (pkgInfo.permissions.get(i).info.name.equals(perm)) { return true; } } return false; } static final int UPDATE_PERMISSIONS_ALL = 1<<0; static final int UPDATE_PERMISSIONS_REPLACE_PKG = 1<<1; static final int UPDATE_PERMISSIONS_REPLACE_ALL = 1<<2; private void updatePermissionsLPw(String changingPkg, PackageParser.Package pkgInfo, int flags) { final String volumeUuid = (pkgInfo != null) ? getVolumeUuidForPackage(pkgInfo) : null; updatePermissionsLPw(changingPkg, pkgInfo, volumeUuid, flags); } private void updatePermissionsLPw(String changingPkg, PackageParser.Package pkgInfo, String replaceVolumeUuid, int flags) { // Make sure there are no dangling permission trees. Iterator
it = mSettings.mPermissionTrees.values().iterator(); while (it.hasNext()) { final BasePermission bp = it.next(); if (bp.packageSetting == null) { // We may not yet have parsed the package, so just see if // we still know about its settings. bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); } if (bp.packageSetting == null) { Slog.w(TAG, "Removing dangling permission tree: " + bp.name + " from package " + bp.sourcePackage); it.remove(); } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { Slog.i(TAG, "Removing old permission tree: " + bp.name + " from package " + bp.sourcePackage); flags |= UPDATE_PERMISSIONS_ALL; it.remove(); } } } // Make sure all dynamic permissions have been assigned to a package, // and make sure there are no dangling permissions. it = mSettings.mPermissions.values().iterator(); while (it.hasNext()) { final BasePermission bp = it.next(); if (bp.type == BasePermission.TYPE_DYNAMIC) { if (DEBUG_SETTINGS) Log.v(TAG, "Dynamic permission: name=" + bp.name + " pkg=" + bp.sourcePackage + " info=" + bp.pendingInfo); if (bp.packageSetting == null && bp.pendingInfo != null) { final BasePermission tree = findPermissionTreeLP(bp.name); if (tree != null && tree.perm != null) { bp.packageSetting = tree.packageSetting; bp.perm = new PackageParser.Permission(tree.perm.owner, new PermissionInfo(bp.pendingInfo)); bp.perm.info.packageName = tree.perm.info.packageName; bp.perm.info.name = bp.name; bp.uid = tree.uid; } } } if (bp.packageSetting == null) { // We may not yet have parsed the package, so just see if // we still know about its settings. bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); } if (bp.packageSetting == null) { Slog.w(TAG, "Removing dangling permission: " + bp.name + " from package " + bp.sourcePackage); it.remove(); } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { Slog.i(TAG, "Removing old permission: " + bp.name + " from package " + bp.sourcePackage); flags |= UPDATE_PERMISSIONS_ALL; it.remove(); } } } // Now update the permissions for all packages, in particular // replace the granted permissions of the system packages. if ((flags&UPDATE_PERMISSIONS_ALL) != 0) { for (PackageParser.Package pkg : mPackages.values()) { if (pkg != pkgInfo) { // Only replace for packages on requested volume final String volumeUuid = getVolumeUuidForPackage(pkg); final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_ALL) != 0) && Objects.equals(replaceVolumeUuid, volumeUuid); grantPermissionsLPw(pkg, replace, changingPkg); } } } if (pkgInfo != null) { // Only replace for packages on requested volume final String volumeUuid = getVolumeUuidForPackage(pkgInfo); final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_PKG) != 0) && Objects.equals(replaceVolumeUuid, volumeUuid); grantPermissionsLPw(pkgInfo, replace, changingPkg); } } private void grantPermissionsLPw(PackageParser.Package pkg, boolean replace, String packageOfInterest) { // IMPORTANT: There are two types of permissions: install and runtime. // Install time permissions are granted when the app is installed to // all device users and users added in the future. Runtime permissions // are granted at runtime explicitly to specific users. Normal and signature // protected permissions are install time permissions. Dangerous permissions // are install permissions if the app's target SDK is Lollipop MR1 or older, // otherwise they are runtime permissions. This function does not manage // runtime permissions except for the case an app targeting Lollipop MR1 // being upgraded to target a newer SDK, in which case dangerous permissions // are transformed from install time to runtime ones. final PackageSetting ps = (PackageSetting) pkg.mExtras; if (ps == null) { return; } PermissionsState permissionsState = ps.getPermissionsState(); PermissionsState origPermissions = permissionsState; final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); boolean runtimePermissionsRevoked = false; int[] changedRuntimePermissionUserIds = EMPTY_INT_ARRAY; boolean changedInstallPermission = false; if (replace) { ps.installPermissionsFixed = false; if (!ps.isSharedUser()) { origPermissions = new PermissionsState(permissionsState); permissionsState.reset(); } else { // We need to know only about runtime permission changes since the // calling code always writes the install permissions state but // the runtime ones are written only if changed. The only cases of // changed runtime permissions here are promotion of an install to // runtime and revocation of a runtime from a shared user. changedRuntimePermissionUserIds = revokeUnusedSharedUserPermissionsLPw( ps.sharedUser, UserManagerService.getInstance().getUserIds()); if (!ArrayUtils.isEmpty(changedRuntimePermissionUserIds)) { runtimePermissionsRevoked = true; } } } permissionsState.setGlobalGids(mGlobalGids); final int N = pkg.requestedPermissions.size(); for (int i=0; i
pkgs = mAppOpPermissionPackages.get(bp.name); if (pkgs == null) { pkgs = new ArraySet<>(); mAppOpPermissionPackages.put(bp.name, pkgs); } pkgs.add(pkg.packageName); } final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE; switch (level) { case PermissionInfo.PROTECTION_NORMAL: { // For all apps normal permissions are install time ones. grant = GRANT_INSTALL; } break; case PermissionInfo.PROTECTION_DANGEROUS: { if (pkg.applicationInfo.targetSdkVersion <= Build.VERSION_CODES.LOLLIPOP_MR1) { // For legacy apps dangerous permissions are install time ones. grant = GRANT_INSTALL_LEGACY; } else if (origPermissions.hasInstallPermission(bp.name)) { // For legacy apps that became modern, install becomes runtime. grant = GRANT_UPGRADE; } else if (mPromoteSystemApps && isSystemApp(ps) && mExistingSystemPackages.contains(ps.name)) { // For legacy system apps, install becomes runtime. // We cannot check hasInstallPermission() for system apps since those // permissions were granted implicitly and not persisted pre-M. grant = GRANT_UPGRADE; } else { // For modern apps keep runtime permissions unchanged. grant = GRANT_RUNTIME; } } break; case PermissionInfo.PROTECTION_SIGNATURE: { // For all apps signature permissions are install time ones. allowedSig = grantSignaturePermission(perm, pkg, bp, origPermissions); if (allowedSig) { grant = GRANT_INSTALL; } } break; } if (DEBUG_INSTALL) { Log.i(TAG, "Package " + pkg.packageName + " granting " + perm); } if (grant != GRANT_DENIED) { if (!isSystemApp(ps) && ps.installPermissionsFixed) { // If this is an existing, non-system package, then // we can't add any new permissions to it. if (!allowedSig && !origPermissions.hasInstallPermission(perm)) { // Except... if this is a permission that was added // to the platform (note: need to only do this when // updating the platform). if (!isNewPlatformPermissionForPackage(perm, pkg)) { grant = GRANT_DENIED; } } } switch (grant) { case GRANT_INSTALL: { // Revoke this as runtime permission to handle the case of // a runtime permission being downgraded to an install one. for (int userId : UserManagerService.getInstance().getUserIds()) { if (origPermissions.getRuntimePermissionState( bp.name, userId) != null) { // Revoke the runtime permission and clear the flags. origPermissions.revokeRuntimePermission(bp, userId); origPermissions.updatePermissionFlags(bp, userId, PackageManager.MASK_PERMISSION_FLAGS, 0); // If we revoked a permission permission, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } // Grant an install permission. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedInstallPermission = true; } } break; case GRANT_INSTALL_LEGACY: { // Grant an install permission. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedInstallPermission = true; } } break; case GRANT_RUNTIME: { // Grant previously granted runtime permissions. for (int userId : UserManagerService.getInstance().getUserIds()) { PermissionState permissionState = origPermissions .getRuntimePermissionState(bp.name, userId); final int flags = permissionState != null ? permissionState.getFlags() : 0; if (origPermissions.hasRuntimePermission(bp.name, userId)) { if (permissionsState.grantRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { // If we cannot put the permission as it was, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } // Propagate the permission flags. permissionsState.updatePermissionFlags(bp, userId, flags, flags); } } break; case GRANT_UPGRADE: { // Grant runtime permissions for a previously held install permission. PermissionState permissionState = origPermissions .getInstallPermissionState(bp.name); final int flags = permissionState != null ? permissionState.getFlags() : 0; if (origPermissions.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { // We will be transferring the permission flags, so clear them. origPermissions.updatePermissionFlags(bp, UserHandle.USER_ALL, PackageManager.MASK_PERMISSION_FLAGS, 0); changedInstallPermission = true; } // If the permission is not to be promoted to runtime we ignore it and // also its other flags as they are not applicable to install permissions. if ((flags & PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE) == 0) { for (int userId : currentUserIds) { if (permissionsState.grantRuntimePermission(bp, userId) != PermissionsState.PERMISSION_OPERATION_FAILURE) { // Transfer the permission flags. permissionsState.updatePermissionFlags(bp, userId, flags, flags); // If we granted the permission, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } } } break; default: { if (packageOfInterest == null || packageOfInterest.equals(pkg.packageName)) { Slog.w(TAG, "Not granting permission " + perm + " to package " + pkg.packageName + " because it was previously installed without"); } } break; } } else { if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { // Also drop the permission flags. permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL, PackageManager.MASK_PERMISSION_FLAGS, 0); changedInstallPermission = true; Slog.i(TAG, "Un-granting permission " + perm + " from package " + pkg.packageName + " (protectionLevel=" + bp.protectionLevel + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags) + ")"); } else if ((bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_APPOP) == 0) { // Don't print warning for app op permissions, since it is fine for them // not to be granted, there is a UI for the user to decide. if (packageOfInterest == null || packageOfInterest.equals(pkg.packageName)) { Slog.w(TAG, "Not granting permission " + perm + " to package " + pkg.packageName + " (protectionLevel=" + bp.protectionLevel + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags) + ")"); } } } } if ((changedInstallPermission || replace) && !ps.installPermissionsFixed && !isSystemApp(ps) || isUpdatedSystemApp(ps)){ // This is the first that we have heard about this package, so the // permissions we have now selected are fixed until explicitly // changed. ps.installPermissionsFixed = true; } // Persist the runtime permissions state for users with changes. If permissions // were revoked because no app in the shared user declares them we have to // write synchronously to avoid losing runtime permissions state. for (int userId : changedRuntimePermissionUserIds) { mSettings.writeRuntimePermissionsForUserLPr(userId, runtimePermissionsRevoked); } } private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) { boolean allowed = false; final int NP = PackageParser.NEW_PERMISSIONS.length; for (int ip=0; ip
{ public List
queryIntent(Intent intent, String resolvedType, boolean defaultOnly, int userId) { if (!sUserManager.exists(userId)) return null; mFlags = defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0; return super.queryIntent(intent, resolvedType, defaultOnly, userId); } public List
queryIntent(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return null; mFlags = flags; return super.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId); } public List
queryIntentForPackage(Intent intent, String resolvedType, int flags, ArrayList
packageActivities, int userId) { if (!sUserManager.exists(userId)) return null; if (packageActivities == null) { return null; } mFlags = flags; final boolean defaultOnly = (flags&PackageManager.MATCH_DEFAULT_ONLY) != 0; final int N = packageActivities.size(); ArrayList
listCut = new ArrayList
(N); ArrayList
intentFilters; for (int i = 0; i < N; ++i) { intentFilters = packageActivities.get(i).intents; if (intentFilters != null && intentFilters.size() > 0) { PackageParser.ActivityIntentInfo[] array = new PackageParser.ActivityIntentInfo[intentFilters.size()]; intentFilters.toArray(array); listCut.add(array); } } return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); } public final void addActivity(PackageParser.Activity a, String type) { final boolean systemApp = a.info.applicationInfo.isSystemApp(); mActivities.put(a.getComponentName(), a); if (DEBUG_SHOW_INFO) Log.v( TAG, " " + type + " " + (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel : a.info.name) + ":"); if (DEBUG_SHOW_INFO) Log.v(TAG, " Class=" + a.info.name); final int NI = a.intents.size(); for (int j=0; j
0 && "activity".equals(type)) { intent.setPriority(0); Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity " + a.className + " with priority > 0, forcing to 0"); } if (DEBUG_SHOW_INFO) { Log.v(TAG, " IntentFilter:"); intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); } if (!intent.debugCheck()) { Log.w(TAG, "==> For Activity " + a.info.name); } addFilter(intent); } } public final void removeActivity(PackageParser.Activity a, String type) { mActivities.remove(a.getComponentName()); if (DEBUG_SHOW_INFO) { Log.v(TAG, " " + type + " " + (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel : a.info.name) + ":"); Log.v(TAG, " Class=" + a.info.name); } final int NI = a.intents.size(); for (int j=0; j
dest) { ActivityInfo filterAi = filter.activity.info; for (int i=dest.size()-1; i>=0; i--) { ActivityInfo destAi = dest.get(i).activityInfo; if (destAi.name == filterAi.name && destAi.packageName == filterAi.packageName) { return false; } } return true; } @Override protected ActivityIntentInfo[] newArray(int size) { return new ActivityIntentInfo[size]; } @Override protected boolean isFilterStopped(PackageParser.ActivityIntentInfo filter, int userId) { if (!sUserManager.exists(userId)) return true; PackageParser.Package p = filter.activity.owner; if (p != null) { PackageSetting ps = (PackageSetting)p.mExtras; if (ps != null) { // System apps are never considered stopped for purposes of // filtering, because there may be no way for the user to // actually re-launch them. return (ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0 && ps.getStopped(userId); } } return false; } @Override protected boolean isPackageForFilter(String packageName, PackageParser.ActivityIntentInfo info) { return packageName.equals(info.activity.owner.packageName); } @Override protected ResolveInfo newResult(PackageParser.ActivityIntentInfo info, int match, int userId) { if (!sUserManager.exists(userId)) return null; if (!mSettings.isEnabledLPr(info.activity.info, mFlags, userId)) { return null; } final PackageParser.Activity activity = info.activity; if (mSafeMode && (activity.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) == 0) { return null; } PackageSetting ps = (PackageSetting) activity.owner.mExtras; if (ps == null) { return null; } ActivityInfo ai = PackageParser.generateActivityInfo(activity, mFlags, ps.readUserState(userId), userId); if (ai == null) { return null; } final ResolveInfo res = new ResolveInfo(); res.activityInfo = ai; if ((mFlags&PackageManager.GET_RESOLVED_FILTER) != 0) { res.filter = info; } if (info != null) { res.handleAllWebDataURI = info.handleAllWebDataURI(); } res.priority = info.getPriority(); res.preferredOrder = activity.owner.mPreferredOrder; //System.out.println("Result: " + res.activityInfo.className + // " = " + res.priority); res.match = match; res.isDefault = info.hasDefault; res.labelRes = info.labelRes; res.nonLocalizedLabel = info.nonLocalizedLabel; if (userNeedsBadging(userId)) { res.noResourceId = true; } else { res.icon = info.icon; } res.iconResourceId = info.icon; res.system = res.activityInfo.applicationInfo.isSystemApp(); return res; } @Override protected void sortResults(List
results) { Collections.sort(results, mResolvePrioritySorter); } @Override protected void dumpFilter(PrintWriter out, String prefix, PackageParser.ActivityIntentInfo filter) { out.print(prefix); out.print( Integer.toHexString(System.identityHashCode(filter.activity))); out.print(' '); filter.activity.printComponentShortName(out); out.print(" filter "); out.println(Integer.toHexString(System.identityHashCode(filter))); } @Override protected Object filterToLabel(PackageParser.ActivityIntentInfo filter) { return filter.activity; } protected void dumpFilterLabel(PrintWriter out, String prefix, Object label, int count) { PackageParser.Activity activity = (PackageParser.Activity)label; out.print(prefix); out.print( Integer.toHexString(System.identityHashCode(activity))); out.print(' '); activity.printComponentShortName(out); if (count > 1) { out.print(" ("); out.print(count); out.print(" filters)"); } out.println(); } // List
filterEnabled(List
resolveInfoList) { // final Iterator
i = resolveInfoList.iterator(); // final List
retList = Lists.newArrayList(); // while (i.hasNext()) { // final ResolveInfo resolveInfo = i.next(); // if (isEnabledLP(resolveInfo.activityInfo)) { // retList.add(resolveInfo); // } // } // return retList; // } // Keys are String (activity class name), values are Activity. private final ArrayMap