Skip to content
Commit 5d6d773f authored by Dianne Hackborn's avatar Dianne Hackborn Committed by The Android Open Source Project
Browse files

AI 148824: Fix issue #1851541 (sharedUserId requests not being checked for... 

AI 148824: Fix issue #1851541 (sharedUserId requests not being checked for matching signatures on .apk).
  To address issues where we could leave half-installed applications around if there was a failure during the install, we split getPackageLP() into two phases: the first would create the record, and only after doing all verification checks would we call insertPackageSettingLP() to do the remaining part of the original implementation and actually insert the record into the data structures.
  Unfortunately it was only in insertPackageSettingLP() that we would set the sharedUser field of the PackageSetting structure, so when before that we went to verify certificates, we didn't think it had requested a shared user ID, and let it through without checking.
  This fix simply sets the sharedUser field when the PackageSetting structure is first created, so we will actually check against its certs.  We still also set this again in insertPackageSettingLP(), but there is no harm in this because the only time we call this function is in that big install func, which just passes in the same shared user that it had when first getting the package.
  BUG=1851541

Automated import of CL 148824
parent 04c72b47
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment